[Question] fuzz: double-fetches in a memory region map session

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Question] fuzz: double-fetches in a memory region map session

From:	Li Qiuhao
Subject:	[Question] fuzz: double-fetches in a memory region map session
Date:	Fri, 13 Aug 2021 03:49:57 +0000

Hi Alex,

Recently I was reading the DMA call-back functions in the fuzzer. It seems
fuzz_dma_read_cb() is inserted into flatview_read_continue() and
address_space_map() to make the host read changed content between different
DMA actions.

My question is about address_space_map() -- How do we emulate double-fetch
bugs in the same map/unmap session? For example:


  FOO *guest_foo = (FOO *) address_space_map(as, ...);
  
  uint64_t size = guest_foo->size;    // first fetch
  if size > limit
    goto error;
  
  /* time window */
  
  memcpy(dest, src, guest_foo->size); // double-fetch ?
  
  error:
  address_space_unmap(as, guest_foo, ...)


Thanks,
  Qiuhao Li

[Prev in Thread]

Current Thread

[Next in Thread]

[Question] fuzz: double-fetches in a memory region map session, Li Qiuhao <=
- Re: [Question] fuzz: double-fetches in a memory region map session, Alexander Bulekov, 2021/08/13
  - Re: [Question] fuzz: double-fetches in a memory region map session, Qiuhao Li, 2021/08/13

Prev by Date: [PULL 1/1] Hexagon (disas/hexagon.c) fix memory leak for early exit cases
Next by Date: [RFC] vfio/migration: reduce the msix virq setup cost in resume phase
Previous by thread: [PULL 0/1] Hexagon (disas/hexagon) fix memory leak for early exit
Next by thread: Re: [Question] fuzz: double-fetches in a memory region map session
Index(es):
- Date
- Thread