2 * QOS-assisted fuzzing helpers
4 * Copyright (c) 2018 Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License version 2 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, see <http://www.gnu.org/licenses/>
19 #include "qemu/osdep.h"
20 #include "qemu/units.h"
21 #include "qapi/error.h"
22 #include "qemu-common.h"
23 #include "exec/memory.h"
24 #include "exec/address-spaces.h"
25 #include "sysemu/sysemu.h"
26 #include "qemu/main-loop.h"
28 #include "tests/qtest/libqtest.h"
29 #include "tests/qtest/libqos/malloc.h"
30 #include "tests/qtest/libqos/qgraph.h"
31 #include "tests/qtest/libqos/qgraph_internal.h"
32 #include "tests/qtest/libqos/qos_external.h"
37 #include "qapi/qapi-commands-machine.h"
38 #include "qapi/qapi-commands-qom.h"
39 #include "qapi/qmp/qlist.h"
43 QGuestAllocator
*fuzz_qos_alloc
;
45 static const char *fuzz_target_name
;
46 static char **fuzz_path_vec
;
49 * Replaced the qmp commands with direct qmp_marshal calls.
50 * Probably there is a better way to do this
52 static void qos_set_machines_devices_available(void)
54 QDict
*req
= qdict_new();
56 QDict
*args
= qdict_new();
60 qmp_marshal_query_machines(NULL
, &response
, &err
);
62 lst
= qobject_to(QList
, response
);
63 apply_to_qlist(lst
, true);
65 qobject_unref(response
);
68 qdict_put_str(req
, "execute", "qom-list-types");
69 qdict_put_str(args
, "implements", "device");
70 qdict_put_bool(args
, "abstract", true);
71 qdict_put_obj(req
, "arguments", (QObject
*) args
);
73 qmp_marshal_qom_list_types(args
, &response
, &err
);
75 lst
= qobject_to(QList
, response
);
76 apply_to_qlist(lst
, false);
77 qobject_unref(response
);
81 static char **current_path
;
83 void *qos_allocate_objects(QTestState
*qts
, QGuestAllocator
**p_alloc
)
85 return allocate_objects(qts
, current_path
+ 1, p_alloc
);
88 static const char *qos_build_main_args(void)
90 char **path
= fuzz_path_vec
;
91 QOSGraphNode
*test_node
;
92 GString
*cmd_line
= g_string_new(path
[0]);
96 fprintf(stderr
, "QOS Path not found\n");
102 test_node
= qos_graph_get_node(path
[(g_strv_length(path
) - 1)]);
103 test_arg
= test_node
->u
.test
.arg
;
104 if (test_node
->u
.test
.before
) {
105 test_arg
= test_node
->u
.test
.before(cmd_line
, test_arg
);
107 /* Prepend the arguments that we need */
108 g_string_prepend(cmd_line
,
109 TARGET_NAME
" -display none -machine accel=qtest -m 64 ");
110 return cmd_line
->str
;
114 * This function is largely a copy of qos-test.c:walk_path. Since walk_path
115 * is itself a callback, its a little annoying to add another argument/layer of
118 static void walk_path(QOSGraphNode
*orig_path
, int len
)
123 /* etype set to QEDGE_CONSUMED_BY so that machine can add to the command line */
124 QOSEdgeType etype
= QEDGE_CONSUMED_BY
;
126 /* twice QOS_PATH_MAX_ELEMENT_SIZE since each edge can have its arg */
127 char **path_vec
= g_new0(char *, (QOS_PATH_MAX_ELEMENT_SIZE
* 2));
128 int path_vec_size
= 0;
130 char *after_cmd
, *before_cmd
, *after_device
;
131 GString
*after_device_str
= g_string_new("");
132 char *node_name
= orig_path
->name
, *path_str
;
134 GString
*cmd_line
= g_string_new("");
135 GString
*cmd_line2
= g_string_new("");
137 path
= qos_graph_get_node(node_name
); /* root */
138 node_name
= qos_graph_edge_get_dest(path
->path_edge
); /* machine name */
140 path_vec
[path_vec_size
++] = node_name
;
141 path_vec
[path_vec_size
++] = qos_get_machine_type(node_name
);
144 path
= qos_graph_get_node(node_name
);
145 if (!path
->path_edge
) {
149 node_name
= qos_graph_edge_get_dest(path
->path_edge
);
151 /* append node command line + previous edge command line */
152 if (path
->command_line
&& etype
== QEDGE_CONSUMED_BY
) {
153 g_string_append(cmd_line
, path
->command_line
);
154 g_string_append(cmd_line
, after_device_str
->str
);
155 g_string_truncate(after_device_str
, 0);
158 path_vec
[path_vec_size
++] = qos_graph_edge_get_name(path
->path_edge
);
159 /* detect if edge has command line args */
160 after_cmd
= qos_graph_edge_get_after_cmd_line(path
->path_edge
);
161 after_device
= qos_graph_edge_get_extra_device_opts(path
->path_edge
);
162 before_cmd
= qos_graph_edge_get_before_cmd_line(path
->path_edge
);
163 edge
= qos_graph_get_edge(path
->name
, node_name
);
164 etype
= qos_graph_edge_get_type(edge
);
167 g_string_append(cmd_line
, before_cmd
);
170 g_string_append(cmd_line2
, after_cmd
);
173 g_string_append(after_device_str
, after_device
);
177 path_vec
[path_vec_size
++] = NULL
;
178 g_string_append(cmd_line
, after_device_str
->str
);
179 g_string_free(after_device_str
, true);
181 g_string_append(cmd_line
, cmd_line2
->str
);
182 g_string_free(cmd_line2
, true);
185 * here position 0 has <arch>/<machine>, position 1 has <machine>.
186 * The path must not have the <arch>, qtest_add_data_func adds it.
188 path_str
= g_strjoinv("/", path_vec
+ 1);
190 /* Check that this is the test we care about: */
191 char *test_name
= strrchr(path_str
, '/') + 1;
192 if (strcmp(test_name
, fuzz_target_name
) == 0) {
194 * put arch/machine in position 1 so run_one_test can do its work
195 * and add the command line at position 0.
197 path_vec
[1] = path_vec
[0];
198 path_vec
[0] = g_string_free(cmd_line
, false);
200 fuzz_path_vec
= path_vec
;
208 static const char *qos_get_cmdline(FuzzTarget
*t
)
211 * Set a global variable that we use to identify the qos_path for our
214 fuzz_target_name
= t
->name
;
215 qos_set_machines_devices_available();
216 qos_graph_foreach_test_path(walk_path
);
217 return qos_build_main_args();
220 void fuzz_add_qos_target(
221 FuzzTarget
*fuzz_opts
,
222 const char *interface
,
223 QOSGraphTestOptions
*opts
226 qos_add_test(fuzz_opts
->name
, interface
, NULL
, opts
);
227 fuzz_opts
->get_init_cmdline
= qos_get_cmdline
;
228 fuzz_add_target(fuzz_opts
);
231 void qos_init_path(QTestState
*s
)
233 fuzz_qos_obj
= qos_allocate_objects(s
, &fuzz_qos_alloc
);