The generic-fuzzer often provides randomized DMA addresses to
virtual-devices. For a 64-bit address-space, the chance of these
randomized addresses coinciding with RAM regions, is fairly small. Even
though the fuzzer's instrumentation eventually finds valid addresses,
this can take some-time, and slows-down fuzzing progress (especially,
when multiple DMA buffers are involved). To work around this, create
"fake" sparse-memory that spans all of the 64-bit address-space.
Signed-off-by: Alexander Bulekov <alx...@bu.edu>
---
tests/qtest/fuzz/generic_fuzz.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index 387ae2020a..08a6c5ac5e 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -940,7 +940,7 @@ static GString *generic_fuzz_cmdline(FuzzTarget *t)
if (!getenv("QEMU_FUZZ_ARGS")) {
usage();
}
- g_string_append_printf(cmd_line, " -display none \
+ g_string_append_printf(cmd_line, " -display none -device sparse-mem \
-machine accel=qtest, \
-m 512M %s ", getenv("QEMU_FUZZ_ARGS"));
return cmd_line;
--
2.28.0
