On 200920 2224, Alexander Bulekov wrote:
[snip]
> +static int locate_fuzz_memory_regions(Object *child, void *opaque)
> +{
> + const char *name;
> + MemoryRegion *mr;
> + if (object_dynamic_cast(child, TYPE_MEMORY_REGION)) {
> + mr = MEMORY_REGION(child);
> + if ((memory_region_is_ram(mr) ||
> + memory_region_is_ram_device(mr) ||
> + memory_region_is_rom(mr) ||
> + memory_region_is_romd(mr)) == false) {
> + name = object_get_canonical_path_component(child);
This isn't a great way to check whether MRs have ops with code that is
interesting to fuzz (for example the pflash MemoryRegions do not pass
these checks, so you can't fuzz the pflash device). Need to think of
some better checks to identify MRs that we are interested in fuzzing.
-Alex
> + /*
> + * We don't want duplicate pointers to the same MemoryRegion, so
> + * try to remove copies of the pointer, before adding it.
> + */
> + g_hash_table_insert(fuzzable_memoryregions, mr, (gpointer)true);
> + }
> + }
> + return 0;
> +}
> +static int locate_fuzz_objects(Object *child, void *opaque)
> +{
> + char *pattern = opaque;
> + if (g_pattern_match_simple(pattern, object_get_typename(child))) {
> + /* Find and save ptrs to any child MemoryRegions */
> + object_child_foreach_recursive(child, locate_fuzz_memory_regions,
> NULL);
> +
> + } else if (object_dynamic_cast(OBJECT(child), TYPE_MEMORY_REGION)) {
> + if (g_pattern_match_simple(pattern,
> + object_get_canonical_path_component(child))) {
> + MemoryRegion *mr;
> + mr = MEMORY_REGION(child);
> + if ((memory_region_is_ram(mr) ||
> + memory_region_is_ram_device(mr) ||
> + memory_region_is_rom(mr) ||
> + memory_region_is_romd(mr)) == false) {
> + g_hash_table_insert(fuzzable_memoryregions, mr,
> (gpointer)true);
> + }
> + }
> + }
> + return 0;
> +}
