Message ID | 20200819061110.1320568-6-alxndr@bu.edu |
---|---|
State | New |
Headers | show |
Series | Add a General Virtual Device Fuzzer | expand |
On Wednesday, 2020-08-19 at 02:11:00 -04, Alexander Bulekov wrote: > This patch declares the fuzz_dma_read_cb function and uses the > preprocessor and linker(weak symbols) to handle these cases: > > When we build softmmu/all with --enable-fuzzing, there should be no > strong symbol defined for fuzz_dma_read_cb, and we link against a weak > stub function. > > When we build softmmu/fuzz with --enable-fuzzing, we link agains the TYPO: s/agains/against/ > strong symbol in general_fuzz.c > > When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is > an empty, inlined function. As long as we don't call any other functions > when building the arguments, there should be no overhead. > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> > --- > include/exec/memory.h | 15 +++++++++++++++ > softmmu/memory.c | 13 +++++++++++++ > 2 files changed, 28 insertions(+) > > diff --git a/include/exec/memory.h b/include/exec/memory.h > index 307e527835..2ec3b597f1 100644 > --- a/include/exec/memory.h > +++ b/include/exec/memory.h > @@ -47,6 +47,21 @@ > OBJECT_GET_CLASS(IOMMUMemoryRegionClass, (obj), \ > TYPE_IOMMU_MEMORY_REGION) > > +#ifdef CONFIG_FUZZ > +void fuzz_dma_read_cb(size_t addr, > + size_t len, > + MemoryRegion *mr, > + bool is_write); > +#else > +static inline void fuzz_dma_read_cb(size_t addr, > + size_t len, > + MemoryRegion *mr, > + bool is_write) > +{ > + /* Do Nothing */ > +} > +#endif > + > extern bool global_dirty_log; > > typedef struct MemoryRegionOps MemoryRegionOps; > diff --git a/softmmu/memory.c b/softmmu/memory.c > index af25987518..b0c2cf2535 100644 > --- a/softmmu/memory.c > +++ b/softmmu/memory.c > @@ -3223,6 +3223,19 @@ void memory_region_init_rom_device(MemoryRegion *mr, > vmstate_register_ram(mr, owner_dev); > } > > +/* > + * Support softmmu builds with CONFIG_FUZZ using a weak symbol and a stub for > + * the fuzz_dma_read_cb callback > + */ > +#ifdef CONFIG_FUZZ > +void __attribute__((weak)) fuzz_dma_read_cb(size_t addr, > + size_t len, > + MemoryRegion *mr, > + bool is_write) > +{ > +} > +#endif > + > static const TypeInfo memory_region_info = { > .parent = TYPE_OBJECT, > .name = TYPE_MEMORY_REGION, > -- > 2.27.0
diff --git a/include/exec/memory.h b/include/exec/memory.h index 307e527835..2ec3b597f1 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -47,6 +47,21 @@ OBJECT_GET_CLASS(IOMMUMemoryRegionClass, (obj), \ TYPE_IOMMU_MEMORY_REGION) +#ifdef CONFIG_FUZZ +void fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write); +#else +static inline void fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write) +{ + /* Do Nothing */ +} +#endif + extern bool global_dirty_log; typedef struct MemoryRegionOps MemoryRegionOps; diff --git a/softmmu/memory.c b/softmmu/memory.c index af25987518..b0c2cf2535 100644 --- a/softmmu/memory.c +++ b/softmmu/memory.c @@ -3223,6 +3223,19 @@ void memory_region_init_rom_device(MemoryRegion *mr, vmstate_register_ram(mr, owner_dev); } +/* + * Support softmmu builds with CONFIG_FUZZ using a weak symbol and a stub for + * the fuzz_dma_read_cb callback + */ +#ifdef CONFIG_FUZZ +void __attribute__((weak)) fuzz_dma_read_cb(size_t addr, + size_t len, + MemoryRegion *mr, + bool is_write) +{ +} +#endif + static const TypeInfo memory_region_info = { .parent = TYPE_OBJECT, .name = TYPE_MEMORY_REGION,
This patch declares the fuzz_dma_read_cb function and uses the preprocessor and linker(weak symbols) to handle these cases: When we build softmmu/all with --enable-fuzzing, there should be no strong symbol defined for fuzz_dma_read_cb, and we link against a weak stub function. When we build softmmu/fuzz with --enable-fuzzing, we link agains the strong symbol in general_fuzz.c When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is an empty, inlined function. As long as we don't call any other functions when building the arguments, there should be no overhead. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- include/exec/memory.h | 15 +++++++++++++++ softmmu/memory.c | 13 +++++++++++++ 2 files changed, 28 insertions(+)