qemu/tests/megasas-test.c
<<
>>
Prefs 
   1/*
   2 * QTest testcase for LSI MegaRAID
   3 *
   4 * Copyright (c) 2017 Red Hat Inc.
   5 *
   6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
   7 * See the COPYING file in the top-level directory.
   8 */
   9
  10#include "qemu/osdep.h"
  11#include "libqtest.h"
  12#include "qemu/bswap.h"
  13#include "libqos/qgraph.h"
  14#include "libqos/pci.h"
  15
  16typedef struct QMegasas QMegasas;
  17
  18struct QMegasas {
  19    QOSGraphObject obj;
  20    QPCIDevice dev;
  21};
  22
  23static void *megasas_get_driver(void *obj, const char *interface)
  24{
  25    QMegasas *megasas = obj;
  26
  27    if (!g_strcmp0(interface, "pci-device")) {
  28        return &megasas->dev;
  29    }
  30
  31    fprintf(stderr, "%s not present in megasas\n", interface);
  32    g_assert_not_reached();
  33}
  34
  35static void *megasas_create(void *pci_bus, QGuestAllocator *alloc, void *addr)
  36{
  37    QMegasas *megasas = g_new0(QMegasas, 1);
  38    QPCIBus *bus = pci_bus;
  39
  40    qpci_device_init(&megasas->dev, bus, addr);
  41    megasas->obj.get_driver = megasas_get_driver;
  42
  43    return &megasas->obj;
  44}
  45
  46/* This used to cause a NULL pointer dereference.  */
  47static void megasas_pd_get_info_fuzz(void *obj, void *data, QGuestAllocator *alloc)
  48{
  49    QMegasas *megasas = obj;
  50    QPCIDevice *dev = &megasas->dev;
  51    QPCIBar bar;
  52    uint32_t context[256];
  53    uint64_t context_pa;
  54    int i;
  55
  56    qpci_device_enable(dev);
  57    bar = qpci_iomap(dev, 0, NULL);
  58
  59    memset(context, 0, sizeof(context));
  60    context[0] = cpu_to_le32(0x05050505);
  61    context[1] = cpu_to_le32(0x01010101);
  62    for (i = 2; i < ARRAY_SIZE(context); i++) {
  63        context[i] = cpu_to_le32(0x41414141);
  64    }
  65    context[6] = cpu_to_le32(0x02020000);
  66    context[7] = cpu_to_le32(0);
  67
  68    context_pa = guest_alloc(alloc, sizeof(context));
  69    memwrite(context_pa, context, sizeof(context));
  70    qpci_io_writel(dev, bar, 0x40, context_pa);
  71}
  72
  73static void megasas_register_nodes(void)
  74{
  75    QOSGraphEdgeOptions opts = {
  76        .extra_device_opts = "addr=04.0,id=scsi0",
  77        .before_cmd_line = "-drive id=drv0,if=none,file=null-co://,format=raw",
  78        .after_cmd_line = "-device scsi-hd,bus=scsi0.0,drive=drv0",
  79    };
  80
  81    add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) });
  82
  83    qos_node_create_driver("megasas", megasas_create);
  84    qos_node_consumes("megasas", "pci-bus", &opts);
  85    qos_node_produces("megasas", "pci-device");
  86
  87    qos_add_test("dcmd/pd-get-info/fuzz", "megasas", megasas_pd_get_info_fuzz, NULL);
  88}
  89libqos_init(megasas_register_nodes);
  90
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.