| Message ID | 20211101183516.8455-3-mark.cave-ayland@ilande.co.uk |
|---|---|
| State | New |
| Headers | show |
| Series | esp: fix for fuzzer issues on gitlab | expand |
On 11/1/21 19:35, Mark Cave-Ayland wrote: > Based upon the qtest reproducer posted to Gitlab issue #663 at > https://gitlab.com/qemu-project/qemu/-/issues/663. > > Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> > --- > tests/qtest/am53c974-test.c | 36 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 36 insertions(+) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
On 01/11/21 19:35, Mark Cave-Ayland wrote: > Based upon the qtest reproducer posted to Gitlab issue #663 at > https://gitlab.com/qemu-project/qemu/-/issues/663. > > Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> > --- > tests/qtest/am53c974-test.c | 36 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 36 insertions(+) > > diff --git a/tests/qtest/am53c974-test.c b/tests/qtest/am53c974-test.c > index d996866cd4..9b1e4211bd 100644 > --- a/tests/qtest/am53c974-test.c > +++ b/tests/qtest/am53c974-test.c > @@ -189,6 +189,40 @@ static void test_cancelled_request_ok(void) > qtest_quit(s); > } > > +static void test_inflight_cancel_ok(void) > +{ > + QTestState *s = qtest_init( > + "-device am53c974,id=scsi " > + "-device scsi-hd,drive=disk0 -drive " > + "id=disk0,if=none,file=null-co://,format=raw -nodefaults"); > + qtest_outl(s, 0xcf8, 0x80001000); > + qtest_inw(s, 0xcfc); > + qtest_outl(s, 0xcf8, 0x80001010); > + qtest_outl(s, 0xcfc, 0xffffffff); > + qtest_outl(s, 0xcf8, 0x80001010); > + qtest_inl(s, 0xcfc); > + qtest_outl(s, 0xcf8, 0x80001010); > + qtest_outl(s, 0xcfc, 0xc001); > + qtest_outl(s, 0xcf8, 0x80001004); > + qtest_inw(s, 0xcfc); > + qtest_outl(s, 0xcf8, 0x80001004); > + qtest_outw(s, 0xcfc, 0x7); > + qtest_outl(s, 0xcf8, 0x80001004); > + qtest_inw(s, 0xcfc); > + qtest_inb(s, 0xc000); > + qtest_outb(s, 0xc008, 0x8); > + qtest_outw(s, 0xc00b, 0x4100); > + qtest_outb(s, 0xc009, 0x0); > + qtest_outb(s, 0xc009, 0x0); > + qtest_outw(s, 0xc00b, 0xc212); > + qtest_outl(s, 0xc042, 0x2c2c5a88); > + qtest_outw(s, 0xc00b, 0xc212); > + qtest_outw(s, 0xc00b, 0x415a); > + qtest_outl(s, 0xc03f, 0x3060303); > + qtest_outl(s, 0xc00b, 0x5afa9054); > + qtest_quit(s); > +} > + > int main(int argc, char **argv) > { > const char *arch = qtest_get_arch(); > @@ -212,6 +246,8 @@ int main(int argc, char **argv) > test_fifo_underflow_on_write_ok); > qtest_add_func("am53c974/test_cancelled_request_ok", > test_cancelled_request_ok); > + qtest_add_func("am53c974/test_inflight_cancel_ok", > + test_inflight_cancel_ok); > } > > return g_test_run(); > Queued both, thanks. Paolo
diff --git a/tests/qtest/am53c974-test.c b/tests/qtest/am53c974-test.c index d996866cd4..9b1e4211bd 100644 --- a/tests/qtest/am53c974-test.c +++ b/tests/qtest/am53c974-test.c @@ -189,6 +189,40 @@ static void test_cancelled_request_ok(void) qtest_quit(s); } +static void test_inflight_cancel_ok(void) +{ + QTestState *s = qtest_init( + "-device am53c974,id=scsi " + "-device scsi-hd,drive=disk0 -drive " + "id=disk0,if=none,file=null-co://,format=raw -nodefaults"); + qtest_outl(s, 0xcf8, 0x80001000); + qtest_inw(s, 0xcfc); + qtest_outl(s, 0xcf8, 0x80001010); + qtest_outl(s, 0xcfc, 0xffffffff); + qtest_outl(s, 0xcf8, 0x80001010); + qtest_inl(s, 0xcfc); + qtest_outl(s, 0xcf8, 0x80001010); + qtest_outl(s, 0xcfc, 0xc001); + qtest_outl(s, 0xcf8, 0x80001004); + qtest_inw(s, 0xcfc); + qtest_outl(s, 0xcf8, 0x80001004); + qtest_outw(s, 0xcfc, 0x7); + qtest_outl(s, 0xcf8, 0x80001004); + qtest_inw(s, 0xcfc); + qtest_inb(s, 0xc000); + qtest_outb(s, 0xc008, 0x8); + qtest_outw(s, 0xc00b, 0x4100); + qtest_outb(s, 0xc009, 0x0); + qtest_outb(s, 0xc009, 0x0); + qtest_outw(s, 0xc00b, 0xc212); + qtest_outl(s, 0xc042, 0x2c2c5a88); + qtest_outw(s, 0xc00b, 0xc212); + qtest_outw(s, 0xc00b, 0x415a); + qtest_outl(s, 0xc03f, 0x3060303); + qtest_outl(s, 0xc00b, 0x5afa9054); + qtest_quit(s); +} + int main(int argc, char **argv) { const char *arch = qtest_get_arch(); @@ -212,6 +246,8 @@ int main(int argc, char **argv) test_fifo_underflow_on_write_ok); qtest_add_func("am53c974/test_cancelled_request_ok", test_cancelled_request_ok); + qtest_add_func("am53c974/test_inflight_cancel_ok", + test_inflight_cancel_ok); } return g_test_run();
Based upon the qtest reproducer posted to Gitlab issue #663 at https://gitlab.com/qemu-project/qemu/-/issues/663. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> --- tests/qtest/am53c974-test.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)