[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 52/55] image-fuzzer: Add fuzzing functions for L1/L2
From: |
Stefan Hajnoczi |
Subject: |
[Qemu-devel] [PULL 52/55] image-fuzzer: Add fuzzing functions for L1/L2 table entries |
Date: |
Fri, 15 Aug 2014 18:06:59 +0100 |
From: Maria Kustova <address@hidden>
Signed-off-by: Maria Kustova <address@hidden>
Signed-off-by: Stefan Hajnoczi <address@hidden>
---
tests/image-fuzzer/qcow2/fuzz.py | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests/image-fuzzer/qcow2/fuzz.py
@@ -325,3 +325,31 @@ def feature_name(current):
truncate_string(STRING_V, 46) # Fuzz padding (field length = 46)
]
return selector(current, constraints, string_validator)
+
+
+def l1_entry(current):
+ """Fuzz an entry of the L1 table."""
+ constraints = UINT64_V
+ # Reserved bits are ignored
+ # Added a possibility when only flags are fuzzed
+ offset = 0x7fffffffffffffff & random.choice([selector(current,
+ constraints),
+ current])
+ is_cow = random.randint(0, 1)
+ return offset + (is_cow << UINT64_M)
+
+
+def l2_entry(current):
+ """Fuzz an entry of an L2 table."""
+ constraints = UINT64_V
+ # Reserved bits are ignored
+ # Add a possibility when only flags are fuzzed
+ offset = 0x3ffffffffffffffe & random.choice([selector(current,
+ constraints),
+ current])
+ is_compressed = random.randint(0, 1)
+ is_cow = random.randint(0, 1)
+ is_zero = random.randint(0, 1)
+ value = offset + (is_cow << UINT64_M) + \
+ (is_compressed << UINT64_M - 1) + is_zero
+ return value
--
1.9.3
- [Qemu-devel] [PULL 42/55] libqos: Correct mask to align size to PAGE_SIZE in malloc-pc, (continued)
- [Qemu-devel] [PULL 42/55] libqos: Correct mask to align size to PAGE_SIZE in malloc-pc, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 45/55] ide: only constrain read/write requests to drive size, not other types, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 43/55] libqos: Change free function called in malloc, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 44/55] virtio-blk: Correct bug in support for flexible descriptor layout, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 46/55] docs: Specification for the image fuzzer, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 47/55] image-fuzzer: Tool for fuzz tests execution, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 48/55] image-fuzzer: Fuzzing functions for qcow2 images, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 50/55] image-fuzzer: Public API for image-fuzzer/runner/runner.py, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 49/55] image-fuzzer: Generator of fuzzed qcow2 images, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 51/55] docs: Expand the list of supported image elements with L1/L2 tables, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 52/55] image-fuzzer: Add fuzzing functions for L1/L2 table entries,
Stefan Hajnoczi <=
- [Qemu-devel] [PULL 53/55] image-fuzzer: Add generators of L1/L2 tables, Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 55/55] qcow2: fix new_blocks double-free in alloc_refcount_block(), Stefan Hajnoczi, 2014/08/15
- [Qemu-devel] [PULL 54/55] image-fuzzer: Reduce number of generator functions in __init__, Stefan Hajnoczi, 2014/08/15
- Re: [Qemu-devel] [PULL 00/55] Block patches, Peter Maydell, 2014/08/18