aboutsummaryrefslogtreecommitdiff
path: root/tests/qtest/fuzz/i440fx_fuzz.c
diff options
context:
space:
mode:
Diffstat (limited to 'tests/qtest/fuzz/i440fx_fuzz.c')
-rw-r--r--tests/qtest/fuzz/i440fx_fuzz.c47
1 files changed, 30 insertions, 17 deletions
diff --git a/tests/qtest/fuzz/i440fx_fuzz.c b/tests/qtest/fuzz/i440fx_fuzz.c
index ab5f112584..bcd6769b4c 100644
--- a/tests/qtest/fuzz/i440fx_fuzz.c
+++ b/tests/qtest/fuzz/i440fx_fuzz.c
@@ -39,18 +39,17 @@ enum action_id {
ACTION_MAX
};
-static void i440fx_fuzz_qtest(QTestState *s,
+static void ioport_fuzz_qtest(QTestState *s,
const unsigned char *Data, size_t Size) {
/*
* loop over the Data, breaking it up into actions. each action has an
* opcode, address offset and value
*/
- typedef struct QTestFuzzAction {
+ struct {
uint8_t opcode;
uint8_t addr;
uint32_t value;
- } QTestFuzzAction;
- QTestFuzzAction a;
+ } a;
while (Size >= sizeof(a)) {
/* make a copy of the action so we can normalize the values in-place */
@@ -85,25 +84,26 @@ static void i440fx_fuzz_qtest(QTestState *s,
flush_events(s);
}
-static void i440fx_fuzz_qos(QTestState *s,
+static void i440fx_fuzz_qtest(QTestState *s,
+ const unsigned char *Data,
+ size_t Size)
+{
+ ioport_fuzz_qtest(s, Data, Size);
+}
+
+static void pciconfig_fuzz_qos(QTestState *s, QPCIBus *bus,
const unsigned char *Data, size_t Size) {
/*
- * Same as i440fx_fuzz_qtest, but using QOS. devfn is incorporated into the
+ * Same as ioport_fuzz_qtest, but using QOS. devfn is incorporated into the
* value written over Port IO
*/
- typedef struct QOSFuzzAction {
+ struct {
uint8_t opcode;
uint8_t offset;
int devfn;
uint32_t value;
- } QOSFuzzAction;
-
- static QPCIBus *bus;
- if (!bus) {
- bus = qpci_new_pc(s, fuzz_qos_alloc);
- }
+ } a;
- QOSFuzzAction a;
while (Size >= sizeof(a)) {
memcpy(&a, Data, sizeof(a));
switch (a.opcode % ACTION_MAX) {
@@ -132,6 +132,19 @@ static void i440fx_fuzz_qos(QTestState *s,
flush_events(s);
}
+static void i440fx_fuzz_qos(QTestState *s,
+ const unsigned char *Data,
+ size_t Size)
+{
+ static QPCIBus *bus;
+
+ if (!bus) {
+ bus = qpci_new_pc(s, fuzz_qos_alloc);
+ }
+
+ pciconfig_fuzz_qos(s, bus, Data, Size);
+}
+
static void i440fx_fuzz_qos_fork(QTestState *s,
const unsigned char *Data, size_t Size) {
if (fork() == 0) {
@@ -159,7 +172,7 @@ static void register_pci_fuzz_targets(void)
/* Uses simple qtest commands and reboots to reset state */
fuzz_add_target(&(FuzzTarget){
.name = "i440fx-qtest-reboot-fuzz",
- .description = "Fuzz the i440fx using raw qtest commands and"
+ .description = "Fuzz the i440fx using raw qtest commands and "
"rebooting after each run",
.get_init_cmdline = i440fx_argv,
.fuzz = i440fx_fuzz_qtest});
@@ -167,7 +180,7 @@ static void register_pci_fuzz_targets(void)
/* Uses libqos and forks to prevent state leakage */
fuzz_add_qos_target(&(FuzzTarget){
.name = "i440fx-qos-fork-fuzz",
- .description = "Fuzz the i440fx using raw qtest commands and"
+ .description = "Fuzz the i440fx using raw qtest commands and "
"rebooting after each run",
.pre_vm_init = &fork_init,
.fuzz = i440fx_fuzz_qos_fork,},
@@ -182,7 +195,7 @@ static void register_pci_fuzz_targets(void)
*/
fuzz_add_qos_target(&(FuzzTarget){
.name = "i440fx-qos-noreset-fuzz",
- .description = "Fuzz the i440fx using raw qtest commands and"
+ .description = "Fuzz the i440fx using raw qtest commands and "
"rebooting after each run",
.fuzz = i440fx_fuzz_qos,},
"i440FX-pcihost",