2 * QOS-assisted fuzzing helpers
4 * Copyright (c) 2018 Emanuele Giuseppe Esposito <e.emanuelegiuseppe@gmail.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License version 2.1 as published by the Free Software Foundation.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, see <http://www.gnu.org/licenses/>
19 #include "qemu/osdep.h"
20 #include "qemu/units.h"
21 #include "qapi/error.h"
22 #include "qemu-common.h"
23 #include "exec/memory.h"
24 #include "exec/address-spaces.h"
25 #include "sysemu/sysemu.h"
26 #include "qemu/main-loop.h"
28 #include "tests/qtest/libqtest.h"
29 #include "tests/qtest/libqos/malloc.h"
30 #include "tests/qtest/libqos/qgraph.h"
31 #include "tests/qtest/libqos/qgraph_internal.h"
32 #include "tests/qtest/libqos/qos_external.h"
37 #include "qapi/qapi-commands-machine.h"
38 #include "qapi/qapi-commands-qom.h"
42 QGuestAllocator
*fuzz_qos_alloc
;
44 static const char *fuzz_target_name
;
45 static char **fuzz_path_vec
;
47 static void qos_set_machines_devices_available(void)
49 MachineInfoList
*mach_info
;
50 ObjectTypeInfoList
*type_info
;
52 mach_info
= qmp_query_machines(&error_abort
);
53 machines_apply_to_node(mach_info
);
54 qapi_free_MachineInfoList(mach_info
);
56 type_info
= qmp_qom_list_types(true, "device", true, true,
58 types_apply_to_node(type_info
);
59 qapi_free_ObjectTypeInfoList(type_info
);
62 static char **current_path
;
64 void *qos_allocate_objects(QTestState
*qts
, QGuestAllocator
**p_alloc
)
66 return allocate_objects(qts
, current_path
+ 1, p_alloc
);
69 static GString
*qos_build_main_args(void)
71 char **path
= fuzz_path_vec
;
72 QOSGraphNode
*test_node
;
73 GString
*cmd_line
= g_string_new(path
[0]);
77 fprintf(stderr
, "QOS Path not found\n");
83 test_node
= qos_graph_get_node(path
[(g_strv_length(path
) - 1)]);
84 test_arg
= test_node
->u
.test
.arg
;
85 if (test_node
->u
.test
.before
) {
86 test_arg
= test_node
->u
.test
.before(cmd_line
, test_arg
);
88 /* Prepend the arguments that we need */
89 g_string_prepend(cmd_line
,
90 TARGET_NAME
" -display none -machine accel=qtest -m 64 ");
95 * This function is largely a copy of qos-test.c:walk_path. Since walk_path
96 * is itself a callback, its a little annoying to add another argument/layer of
99 static void walk_path(QOSGraphNode
*orig_path
, int len
)
105 * etype set to QEDGE_CONSUMED_BY so that machine can add to the command
108 QOSEdgeType etype
= QEDGE_CONSUMED_BY
;
110 /* twice QOS_PATH_MAX_ELEMENT_SIZE since each edge can have its arg */
111 char **path_vec
= g_new0(char *, (QOS_PATH_MAX_ELEMENT_SIZE
* 2));
112 int path_vec_size
= 0;
114 char *after_cmd
, *before_cmd
, *after_device
;
115 GString
*after_device_str
= g_string_new("");
116 char *node_name
= orig_path
->name
, *path_str
;
118 GString
*cmd_line
= g_string_new("");
119 GString
*cmd_line2
= g_string_new("");
121 path
= qos_graph_get_node(node_name
); /* root */
122 node_name
= qos_graph_edge_get_dest(path
->path_edge
); /* machine name */
124 path_vec
[path_vec_size
++] = node_name
;
125 path_vec
[path_vec_size
++] = qos_get_machine_type(node_name
);
128 path
= qos_graph_get_node(node_name
);
129 if (!path
->path_edge
) {
133 node_name
= qos_graph_edge_get_dest(path
->path_edge
);
135 /* append node command line + previous edge command line */
136 if (path
->command_line
&& etype
== QEDGE_CONSUMED_BY
) {
137 g_string_append(cmd_line
, path
->command_line
);
138 g_string_append(cmd_line
, after_device_str
->str
);
139 g_string_truncate(after_device_str
, 0);
142 path_vec
[path_vec_size
++] = qos_graph_edge_get_name(path
->path_edge
);
143 /* detect if edge has command line args */
144 after_cmd
= qos_graph_edge_get_after_cmd_line(path
->path_edge
);
145 after_device
= qos_graph_edge_get_extra_device_opts(path
->path_edge
);
146 before_cmd
= qos_graph_edge_get_before_cmd_line(path
->path_edge
);
147 edge
= qos_graph_get_edge(path
->name
, node_name
);
148 etype
= qos_graph_edge_get_type(edge
);
151 g_string_append(cmd_line
, before_cmd
);
154 g_string_append(cmd_line2
, after_cmd
);
157 g_string_append(after_device_str
, after_device
);
161 path_vec
[path_vec_size
++] = NULL
;
162 g_string_append(cmd_line
, after_device_str
->str
);
163 g_string_free(after_device_str
, true);
165 g_string_append(cmd_line
, cmd_line2
->str
);
166 g_string_free(cmd_line2
, true);
169 * here position 0 has <arch>/<machine>, position 1 has <machine>.
170 * The path must not have the <arch>, qtest_add_data_func adds it.
172 path_str
= g_strjoinv("/", path_vec
+ 1);
174 /* Check that this is the test we care about: */
175 char *test_name
= strrchr(path_str
, '/') + 1;
176 if (strcmp(test_name
, fuzz_target_name
) == 0) {
178 * put arch/machine in position 1 so run_one_test can do its work
179 * and add the command line at position 0.
181 path_vec
[1] = path_vec
[0];
182 path_vec
[0] = g_string_free(cmd_line
, false);
184 fuzz_path_vec
= path_vec
;
192 static GString
*qos_get_cmdline(FuzzTarget
*t
)
195 * Set a global variable that we use to identify the qos_path for our
198 fuzz_target_name
= t
->name
;
199 qos_set_machines_devices_available();
200 qos_graph_foreach_test_path(walk_path
);
201 return qos_build_main_args();
204 void fuzz_add_qos_target(
205 FuzzTarget
*fuzz_opts
,
206 const char *interface
,
207 QOSGraphTestOptions
*opts
210 qos_add_test(fuzz_opts
->name
, interface
, NULL
, opts
);
211 fuzz_opts
->get_init_cmdline
= qos_get_cmdline
;
212 fuzz_add_target(fuzz_opts
);
215 void qos_init_path(QTestState
*s
)
217 fuzz_qos_obj
= qos_allocate_objects(s
, &fuzz_qos_alloc
);