Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 1 | /* |
| 2 | * QOS-assisted fuzzing helpers |
| 3 | * |
| 4 | * Copyright (c) 2018 Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com> |
| 5 | * |
| 6 | * This library is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU Lesser General Public |
Thomas Huth | dc0ad02 | 2020-06-05 12:02:42 +0200 | [diff] [blame] | 8 | * License version 2.1 as published by the Free Software Foundation. |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 9 | * |
| 10 | * This library is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 13 | * Lesser General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU Lesser General Public |
| 16 | * License along with this library; if not, see <http://www.gnu.org/licenses/> |
| 17 | */ |
| 18 | |
| 19 | #include "qemu/osdep.h" |
| 20 | #include "qemu/units.h" |
| 21 | #include "qapi/error.h" |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 22 | #include "exec/memory.h" |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 23 | #include "qemu/main-loop.h" |
| 24 | |
Marc-André Lureau | 907b510 | 2022-03-30 13:39:05 +0400 | [diff] [blame] | 25 | #include "tests/qtest/libqtest.h" |
Xuzhou Cheng | b243c73 | 2022-08-24 17:40:03 +0800 | [diff] [blame] | 26 | #include "tests/qtest/libqos/libqos-malloc.h" |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 27 | #include "tests/qtest/libqos/qgraph.h" |
| 28 | #include "tests/qtest/libqos/qgraph_internal.h" |
| 29 | #include "tests/qtest/libqos/qos_external.h" |
| 30 | |
| 31 | #include "fuzz.h" |
| 32 | #include "qos_fuzz.h" |
| 33 | |
| 34 | #include "qapi/qapi-commands-machine.h" |
| 35 | #include "qapi/qapi-commands-qom.h" |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 36 | |
| 37 | |
| 38 | void *fuzz_qos_obj; |
| 39 | QGuestAllocator *fuzz_qos_alloc; |
| 40 | |
| 41 | static const char *fuzz_target_name; |
| 42 | static char **fuzz_path_vec; |
| 43 | |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 44 | static void qos_set_machines_devices_available(void) |
| 45 | { |
Markus Armbruster | a56f3cd | 2020-04-24 09:11:41 +0200 | [diff] [blame] | 46 | MachineInfoList *mach_info; |
| 47 | ObjectTypeInfoList *type_info; |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 48 | |
Markus Armbruster | a56f3cd | 2020-04-24 09:11:41 +0200 | [diff] [blame] | 49 | mach_info = qmp_query_machines(&error_abort); |
| 50 | machines_apply_to_node(mach_info); |
| 51 | qapi_free_MachineInfoList(mach_info); |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 52 | |
Markus Armbruster | 047f2ca | 2022-11-04 17:07:02 +0100 | [diff] [blame] | 53 | type_info = qmp_qom_list_types("device", true, true, &error_abort); |
Markus Armbruster | a56f3cd | 2020-04-24 09:11:41 +0200 | [diff] [blame] | 54 | types_apply_to_node(type_info); |
| 55 | qapi_free_ObjectTypeInfoList(type_info); |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 56 | } |
| 57 | |
| 58 | static char **current_path; |
| 59 | |
| 60 | void *qos_allocate_objects(QTestState *qts, QGuestAllocator **p_alloc) |
| 61 | { |
| 62 | return allocate_objects(qts, current_path + 1, p_alloc); |
| 63 | } |
| 64 | |
Alexander Bulekov | f5ec79f | 2020-07-14 13:46:16 -0400 | [diff] [blame] | 65 | static GString *qos_build_main_args(void) |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 66 | { |
| 67 | char **path = fuzz_path_vec; |
| 68 | QOSGraphNode *test_node; |
AlexChen | c59c582 | 2020-11-03 22:53:09 +0800 | [diff] [blame] | 69 | GString *cmd_line; |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 70 | void *test_arg; |
| 71 | |
| 72 | if (!path) { |
| 73 | fprintf(stderr, "QOS Path not found\n"); |
| 74 | abort(); |
| 75 | } |
| 76 | |
| 77 | /* Before test */ |
AlexChen | c59c582 | 2020-11-03 22:53:09 +0800 | [diff] [blame] | 78 | cmd_line = g_string_new(path[0]); |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 79 | current_path = path; |
| 80 | test_node = qos_graph_get_node(path[(g_strv_length(path) - 1)]); |
| 81 | test_arg = test_node->u.test.arg; |
| 82 | if (test_node->u.test.before) { |
| 83 | test_arg = test_node->u.test.before(cmd_line, test_arg); |
| 84 | } |
| 85 | /* Prepend the arguments that we need */ |
| 86 | g_string_prepend(cmd_line, |
| 87 | TARGET_NAME " -display none -machine accel=qtest -m 64 "); |
Alexander Bulekov | f5ec79f | 2020-07-14 13:46:16 -0400 | [diff] [blame] | 88 | return cmd_line; |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 89 | } |
| 90 | |
| 91 | /* |
| 92 | * This function is largely a copy of qos-test.c:walk_path. Since walk_path |
| 93 | * is itself a callback, its a little annoying to add another argument/layer of |
| 94 | * indirection |
| 95 | */ |
| 96 | static void walk_path(QOSGraphNode *orig_path, int len) |
| 97 | { |
| 98 | QOSGraphNode *path; |
| 99 | QOSGraphEdge *edge; |
| 100 | |
Alexander Bulekov | 3fc92f8 | 2020-02-26 22:14:39 -0500 | [diff] [blame] | 101 | /* |
| 102 | * etype set to QEDGE_CONSUMED_BY so that machine can add to the command |
| 103 | * line |
| 104 | */ |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 105 | QOSEdgeType etype = QEDGE_CONSUMED_BY; |
| 106 | |
| 107 | /* twice QOS_PATH_MAX_ELEMENT_SIZE since each edge can have its arg */ |
| 108 | char **path_vec = g_new0(char *, (QOS_PATH_MAX_ELEMENT_SIZE * 2)); |
| 109 | int path_vec_size = 0; |
| 110 | |
| 111 | char *after_cmd, *before_cmd, *after_device; |
| 112 | GString *after_device_str = g_string_new(""); |
| 113 | char *node_name = orig_path->name, *path_str; |
| 114 | |
| 115 | GString *cmd_line = g_string_new(""); |
| 116 | GString *cmd_line2 = g_string_new(""); |
| 117 | |
| 118 | path = qos_graph_get_node(node_name); /* root */ |
| 119 | node_name = qos_graph_edge_get_dest(path->path_edge); /* machine name */ |
| 120 | |
| 121 | path_vec[path_vec_size++] = node_name; |
| 122 | path_vec[path_vec_size++] = qos_get_machine_type(node_name); |
| 123 | |
| 124 | for (;;) { |
| 125 | path = qos_graph_get_node(node_name); |
| 126 | if (!path->path_edge) { |
| 127 | break; |
| 128 | } |
| 129 | |
| 130 | node_name = qos_graph_edge_get_dest(path->path_edge); |
| 131 | |
| 132 | /* append node command line + previous edge command line */ |
| 133 | if (path->command_line && etype == QEDGE_CONSUMED_BY) { |
| 134 | g_string_append(cmd_line, path->command_line); |
| 135 | g_string_append(cmd_line, after_device_str->str); |
| 136 | g_string_truncate(after_device_str, 0); |
| 137 | } |
| 138 | |
| 139 | path_vec[path_vec_size++] = qos_graph_edge_get_name(path->path_edge); |
| 140 | /* detect if edge has command line args */ |
| 141 | after_cmd = qos_graph_edge_get_after_cmd_line(path->path_edge); |
| 142 | after_device = qos_graph_edge_get_extra_device_opts(path->path_edge); |
| 143 | before_cmd = qos_graph_edge_get_before_cmd_line(path->path_edge); |
| 144 | edge = qos_graph_get_edge(path->name, node_name); |
| 145 | etype = qos_graph_edge_get_type(edge); |
| 146 | |
| 147 | if (before_cmd) { |
| 148 | g_string_append(cmd_line, before_cmd); |
| 149 | } |
| 150 | if (after_cmd) { |
| 151 | g_string_append(cmd_line2, after_cmd); |
| 152 | } |
| 153 | if (after_device) { |
| 154 | g_string_append(after_device_str, after_device); |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | path_vec[path_vec_size++] = NULL; |
| 159 | g_string_append(cmd_line, after_device_str->str); |
| 160 | g_string_free(after_device_str, true); |
| 161 | |
| 162 | g_string_append(cmd_line, cmd_line2->str); |
| 163 | g_string_free(cmd_line2, true); |
| 164 | |
| 165 | /* |
| 166 | * here position 0 has <arch>/<machine>, position 1 has <machine>. |
| 167 | * The path must not have the <arch>, qtest_add_data_func adds it. |
| 168 | */ |
| 169 | path_str = g_strjoinv("/", path_vec + 1); |
| 170 | |
| 171 | /* Check that this is the test we care about: */ |
| 172 | char *test_name = strrchr(path_str, '/') + 1; |
| 173 | if (strcmp(test_name, fuzz_target_name) == 0) { |
| 174 | /* |
| 175 | * put arch/machine in position 1 so run_one_test can do its work |
| 176 | * and add the command line at position 0. |
| 177 | */ |
| 178 | path_vec[1] = path_vec[0]; |
| 179 | path_vec[0] = g_string_free(cmd_line, false); |
| 180 | |
| 181 | fuzz_path_vec = path_vec; |
| 182 | } else { |
| 183 | g_free(path_vec); |
| 184 | } |
| 185 | |
| 186 | g_free(path_str); |
| 187 | } |
| 188 | |
Alexander Bulekov | f5ec79f | 2020-07-14 13:46:16 -0400 | [diff] [blame] | 189 | static GString *qos_get_cmdline(FuzzTarget *t) |
Alexander Bulekov | 275ab39 | 2020-02-19 23:11:12 -0500 | [diff] [blame] | 190 | { |
| 191 | /* |
| 192 | * Set a global variable that we use to identify the qos_path for our |
| 193 | * fuzz_target |
| 194 | */ |
| 195 | fuzz_target_name = t->name; |
| 196 | qos_set_machines_devices_available(); |
| 197 | qos_graph_foreach_test_path(walk_path); |
| 198 | return qos_build_main_args(); |
| 199 | } |
| 200 | |
| 201 | void fuzz_add_qos_target( |
| 202 | FuzzTarget *fuzz_opts, |
| 203 | const char *interface, |
| 204 | QOSGraphTestOptions *opts |
| 205 | ) |
| 206 | { |
| 207 | qos_add_test(fuzz_opts->name, interface, NULL, opts); |
| 208 | fuzz_opts->get_init_cmdline = qos_get_cmdline; |
| 209 | fuzz_add_target(fuzz_opts); |
| 210 | } |
| 211 | |
| 212 | void qos_init_path(QTestState *s) |
| 213 | { |
| 214 | fuzz_qos_obj = qos_allocate_objects(s , &fuzz_qos_alloc); |
| 215 | } |