On 9/21/20 4:24 AM, Alexander Bulekov wrote:
> This patch compares TYPE_PCI_DEVICE objects against the user-provided
> matching pattern. If there is a match, we use some hacks and leverage
> QOS to map each possible BAR for that device. Now fuzzed inputs might be
> converted to pci_read/write commands which target specific. This means
> that we can fuzz a particular device's PCI configuration space,
>
> Signed-off-by: Alexander Bulekov <alx...@bu.edu>
> Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
> ---
> tests/qtest/fuzz/general_fuzz.c | 81 +++++++++++++++++++++++++++++++++
> 1 file changed, 81 insertions(+)
>
> diff --git a/tests/qtest/fuzz/general_fuzz.c b/tests/qtest/fuzz/general_fuzz.c
> index bf75b215ca..7c4c1398a7 100644
> --- a/tests/qtest/fuzz/general_fuzz.c
> +++ b/tests/qtest/fuzz/general_fuzz.c
> @@ -24,6 +24,7 @@
> #include "exec/ramblock.h"
> #include "exec/address-spaces.h"
> #include "hw/qdev-core.h"
> +#include "hw/pci/pci.h"
>
> /*
> * SEPARATOR is used to separate "operations" in the fuzz input
> @@ -35,12 +36,17 @@ enum cmds {
> OP_OUT,
> OP_READ,
> OP_WRITE,
> + OP_PCI_READ,
> + OP_PCI_WRITE,
> OP_CLOCK_STEP,
> };
As there is no versioning, does adding new commands
invalidates the corpus?
[...]
