diff mbox series

[v3,05/16] fuzz: Declare DMA Read callback function

Message ID 20200921022506.873303-6-alxndr@bu.edu
State Superseded
Headers show
Series Add a General Virtual Device Fuzzer | expand

Commit Message

Alexander Bulekov Sept. 21, 2020, 2:24 a.m. UTC 
This patch declares the fuzz_dma_read_cb function and uses the
preprocessor and linker(weak symbols) to handle these cases:

When we build softmmu/all with --enable-fuzzing, there should be no
strong symbol defined for fuzz_dma_read_cb, and we link against a weak
stub function.

When we build softmmu/fuzz with --enable-fuzzing, we link against the
strong symbol in general_fuzz.c

When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is
an empty, inlined function. As long as we don't call any other functions
when building the arguments, there should be no overhead.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
---
 include/exec/memory.h | 15 +++++++++++++++
 softmmu/memory.c      | 13 +++++++++++++
 2 files changed, 28 insertions(+)

Comments

Paolo Bonzini Oct. 8, 2020, 7:39 a.m. UTC | #1 
On 21/09/20 04:24, Alexander Bulekov wrote:
> This patch declares the fuzz_dma_read_cb function and uses the
> preprocessor and linker(weak symbols) to handle these cases:
> 
> When we build softmmu/all with --enable-fuzzing, there should be no
> strong symbol defined for fuzz_dma_read_cb, and we link against a weak
> stub function.
> 
> When we build softmmu/fuzz with --enable-fuzzing, we link against the
> strong symbol in general_fuzz.c
> 
> When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is
> an empty, inlined function. As long as we don't call any other functions
> when building the arguments, there should be no overhead.

Can you move the weak function somewhere in tests/qtest/fuzz instead?
Then you don't need an #ifdef because you can add it to specific_fuzz_ss.

Paolo
Alexander Bulekov Oct. 11, 2020, 3:45 p.m. UTC | #2 
On 201008 0939, Paolo Bonzini wrote:
> On 21/09/20 04:24, Alexander Bulekov wrote:

> > This patch declares the fuzz_dma_read_cb function and uses the

> > preprocessor and linker(weak symbols) to handle these cases:

> > 

> > When we build softmmu/all with --enable-fuzzing, there should be no

> > strong symbol defined for fuzz_dma_read_cb, and we link against a weak

> > stub function.

> > 

> > When we build softmmu/fuzz with --enable-fuzzing, we link against the

> > strong symbol in general_fuzz.c

> > 

> > When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is

> > an empty, inlined function. As long as we don't call any other functions

> > when building the arguments, there should be no overhead.

> 

> Can you move the weak function somewhere in tests/qtest/fuzz instead?

> Then you don't need an #ifdef because you can add it to specific_fuzz_ss.

> 

> Paolo

> 


If I understand correctly, specific_fuzz_ss is only used to build
qemu-fuzz targets. The goal here was to support building qemu-system
with --enable-fuzzing (ie CONFIG_FUZZ=y), where specific_fuzz isn't
used. If its too ugly, we could make a stub file under tests/qtest/fuzz
and add it to specific_ss when: 'CONFIG_FUZZ'.
-Alex
Paolo Bonzini Oct. 12, 2020, 6:59 a.m. UTC | #3 
On 11/10/20 17:45, Alexander Bulekov wrote:
> On 201008 0939, Paolo Bonzini wrote:

>> On 21/09/20 04:24, Alexander Bulekov wrote:

>>> This patch declares the fuzz_dma_read_cb function and uses the

>>> preprocessor and linker(weak symbols) to handle these cases:

>>>

>>> When we build softmmu/all with --enable-fuzzing, there should be no

>>> strong symbol defined for fuzz_dma_read_cb, and we link against a weak

>>> stub function.

>>>

>>> When we build softmmu/fuzz with --enable-fuzzing, we link against the

>>> strong symbol in general_fuzz.c

>>>

>>> When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is

>>> an empty, inlined function. As long as we don't call any other functions

>>> when building the arguments, there should be no overhead.

>>

>> Can you move the weak function somewhere in tests/qtest/fuzz instead?

>> Then you don't need an #ifdef because you can add it to specific_fuzz_ss.

> 

> If I understand correctly, specific_fuzz_ss is only used to build

> qemu-fuzz targets. The goal here was to support building qemu-system

> with --enable-fuzzing (ie CONFIG_FUZZ=y), where specific_fuzz isn't

> used. If its too ugly, we could make a stub file under tests/qtest/fuzz

> and add it to specific_ss when: 'CONFIG_FUZZ'.


You're right.

Paolo
diff mbox series

Patch

diff --git a/include/exec/memory.h b/include/exec/memory.h
index 975a90c871..d5511c7222 100644
--- a/include/exec/memory.h
+++ b/include/exec/memory.h
@@ -42,6 +42,21 @@  typedef struct IOMMUMemoryRegionClass IOMMUMemoryRegionClass;
 DECLARE_OBJ_CHECKERS(IOMMUMemoryRegion, IOMMUMemoryRegionClass,
                      IOMMU_MEMORY_REGION, TYPE_IOMMU_MEMORY_REGION)
 
+#ifdef CONFIG_FUZZ
+void fuzz_dma_read_cb(size_t addr,
+                      size_t len,
+                      MemoryRegion *mr,
+                      bool is_write);
+#else
+static inline void fuzz_dma_read_cb(size_t addr,
+                                    size_t len,
+                                    MemoryRegion *mr,
+                                    bool is_write)
+{
+    /* Do Nothing */
+}
+#endif
+
 extern bool global_dirty_log;
 
 typedef struct MemoryRegionOps MemoryRegionOps;
diff --git a/softmmu/memory.c b/softmmu/memory.c
index 9db5fbe43a..24e59593ca 100644
--- a/softmmu/memory.c
+++ b/softmmu/memory.c
@@ -3232,6 +3232,19 @@  void memory_region_init_rom_device(MemoryRegion *mr,
     vmstate_register_ram(mr, owner_dev);
 }
 
+/*
+ * Support softmmu builds with CONFIG_FUZZ using a weak symbol and a stub for
+ * the fuzz_dma_read_cb callback
+ */
+#ifdef CONFIG_FUZZ
+void __attribute__((weak)) fuzz_dma_read_cb(size_t addr,
+                      size_t len,
+                      MemoryRegion *mr,
+                      bool is_write)
+{
+}
+#endif
+
 static const TypeInfo memory_region_info = {
     .parent             = TYPE_OBJECT,
     .name               = TYPE_MEMORY_REGION,