| Message ID | CAAu8pHsMUBYVUAdd=iEN9fK8BMs4Kq2SAESwA2bHtjnfNGzbpQ@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
Am 19.05.2012 14:54, schrieb Blue Swirl: > Add a simple register fuzzing test to floppy controller tests. > > Signed-off-by: Blue Swirl <blauwirbel@gmail.com> > --- > There's a lot of output like: > GTESTER check-qtest-i386 > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8 > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37 > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93 > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4 > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1 > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92 > > Maybe they should be fixed first. What do you mean by fixing? Turning them into DPRINTFs? Kevin
Il 21/05/2012 09:51, Kevin Wolf ha scritto: >> > GTESTER check-qtest-i386 >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8 >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37 >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93 >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4 >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1 >> > FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92 >> > >> > Maybe they should be fixed first. > What do you mean by fixing? Turning them into DPRINTFs? Or trace events? Paolo
Am 21.05.2012 10:11, schrieb Paolo Bonzini: > Il 21/05/2012 09:51, Kevin Wolf ha scritto: >>>> GTESTER check-qtest-i386 >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8 >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37 >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93 >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4 >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1 >>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92 >>>> >>>> Maybe they should be fixed first. >> What do you mean by fixing? Turning them into DPRINTFs? > > Or trace events? Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the point here is that today it's a FLOPPY_ERROR, and except for register fuzzing they report real problems with the emulation and not just some debugging information. So I'm not sure if hiding them is really a fix. Kevin
> >> What do you mean by fixing? Turning them into DPRINTFs? > > > > Or trace events? > > Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the > point here is that today it's a FLOPPY_ERROR, and except for register > fuzzing they report real problems with the emulation and not just > some debugging information. So I'm not sure if hiding them is really a > fix. It depends, "controller not ready for reading" is most likely just caused by fuzzing. Most unimplemented commands are also invalid on real hardware too. Paolo
On Mon, May 21, 2012 at 8:14 AM, Kevin Wolf <kwolf@redhat.com> wrote: > Am 21.05.2012 10:11, schrieb Paolo Bonzini: >> Il 21/05/2012 09:51, Kevin Wolf ha scritto: >>>>> GTESTER check-qtest-i386 >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8 >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37 >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_read_data: controller not ready for reading >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93 >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4 >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1 >>>>> FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92 >>>>> >>>>> Maybe they should be fixed first. >>> What do you mean by fixing? Turning them into DPRINTFs? >> >> Or trace events? > > Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the > point here is that today it's a FLOPPY_ERROR, and except for register > fuzzing they report real problems with the emulation and not just some > debugging information. So I'm not sure if hiding them is really a fix. While not a DoS, letting the guest spam the console at will is not nice either. Maybe we need a new method to enable a selected set of printouts, something like '-d unimplemented'. That way no recompiling would be needed. > > Kevin
On Mon, May 21, 2012 at 8:18 AM, Paolo Bonzini <pbonzini@redhat.com> wrote: >> >> What do you mean by fixing? Turning them into DPRINTFs? >> > >> > Or trace events? >> >> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the >> point here is that today it's a FLOPPY_ERROR, and except for register >> fuzzing they report real problems with the emulation and not just >> some debugging information. So I'm not sure if hiding them is really a >> fix. > > It depends, "controller not ready for reading" is most likely just caused by > fuzzing. Most unimplemented commands are also invalid on real hardware too. Yes, but a malevolent guest could issue the same commands if those could cause problems to QEMU. > > Paolo
On 21 May 2012 18:30, Blue Swirl <blauwirbel@gmail.com> wrote: > On Mon, May 21, 2012 at 8:14 AM, Kevin Wolf <kwolf@redhat.com> wrote: >> Yeah, you could turn all FLOPPY_DPRINTFs into trace events. But the >> point here is that today it's a FLOPPY_ERROR, and except for register >> fuzzing they report real problems with the emulation and not just some >> debugging information. So I'm not sure if hiding them is really a fix. > > While not a DoS, letting the guest spam the console at will is not > nice either. Maybe we need a new method to enable a selected set of > printouts, something like '-d unimplemented'. That way no recompiling > would be needed. +1 for a better set of graduated logging/debug levels and a sensible command line interface for turning them on and off. Possible severity levels: * debug output * guest has done something that suggests it might be buggy, eg accessing nonexistent register * guest has tried to use something qemu doesn't implement * qemu (fatal) error These should be orthogonal to the "what area should we print logging for" question, I think. With a clean API for defining log messages I think we could clean up a lot of the legacy functions for asserting/aborting in various ways (in particular a lot of the hw_error() uses). -- PMM
From 1ccf05afa5560127b9ccf88348bddf4a2765fe95 Mon Sep 17 00:00:00 2001 Message-Id: <1ccf05afa5560127b9ccf88348bddf4a2765fe95.1337431940.git.blauwirbel@gmail.com> From: Blue Swirl <blauwirbel@gmail.com> Date: Thu, 17 May 2012 18:55:58 +0000 Subject: [PATCH] qtest: add a fuzz test to fdc-test Add a simple register fuzzing test to floppy controller tests. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> --- tests/fdc-test.c | 17 +++++++++++++++++ 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/tests/fdc-test.c b/tests/fdc-test.c index 5b5dd74..5a22a31 100644 --- a/tests/fdc-test.c +++ b/tests/fdc-test.c @@ -154,6 +154,22 @@ static void test_media_change(void) assert_bit_clear(dir, DSKCHG); } +/* success if no crash or abort */ +static void fuzz_registers(void) +{ + unsigned int i; + + for (i = 0; i < 1000; i++) { + uint8_t reg, val; + + reg = (uint8_t)g_test_rand_int_range(0, 8); + val = (uint8_t)g_test_rand_int_range(0, 256); + + outb(FLOPPY_BASE + reg, val); + inb(FLOPPY_BASE + reg); + } +} + int main(int argc, char **argv) { const char *arch = qtest_get_arch(); @@ -184,6 +200,7 @@ int main(int argc, char **argv) qtest_start(cmdline); qtest_irq_intercept_in(global_qtest, "ioapic"); qtest_add_func("/fdc/media_change", test_media_change); + qtest_add_func("/fdc/fuzz-registers", fuzz_registers); ret = g_test_run(); -- 1.7.2.5
Add a simple register fuzzing test to floppy controller tests. Signed-off-by: Blue Swirl <blauwirbel@gmail.com> --- There's a lot of output like: GTESTER check-qtest-i386 FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x1f FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xa8 FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x37 FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_read_data: controller not ready for reading FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x93 FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xe4 FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0xc1 FLOPPY ERROR: fdctrl_unimplemented: unimplemented command 0x92 Maybe they should be fixed first. --- tests/fdc-test.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)