[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all

To: Xen-devel <xen-devel@xxxxxxxxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Mon, 27 Mar 2017 10:56:38 +0100
Cc: George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>
Delivery-date: Mon, 27 Mar 2017 10:16:32 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

The swint_emulate parameter indicates how much extra work the emulator needs
to do to cover issues with certain hardware injection methods.

Using x86_swint_emulate_all opens up maximum coverage in the emulator.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
CC: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
---
 tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 21 ++-------------------
 1 file changed, 2 insertions(+), 19 deletions(-)

diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c 
b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
index 1906186..a5dbb2f 100644
--- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
+++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
@@ -626,8 +626,7 @@ enum {
     HOOK_put_fpu,
     HOOK_invlpg,
     HOOK_vmfunc,
-    OPTION_swint_emulation, /* Two bits */
-    CANONICALIZE_rip = OPTION_swint_emulation + 2,
+    CANONICALIZE_rip,
     CANONICALIZE_rsp,
     CANONICALIZE_rbp
 };
@@ -669,21 +668,6 @@ static void disable_hooks(struct x86_emulate_ctxt *ctxt)
     MAYBE_DISABLE_HOOK(invlpg);
 }
 
-static void set_swint_support(struct x86_emulate_ctxt *ctxt)
-{
-    struct fuzz_state *s = ctxt->data;
-    struct fuzz_corpus *c = s->corpus;
-    unsigned int swint_opt = (c->options >> OPTION_swint_emulation) & 3;
-    static const enum x86_swint_emulation map[4] = {
-        x86_swint_emulate_none,
-        x86_swint_emulate_none,
-        x86_swint_emulate_icebp,
-        x86_swint_emulate_all
-    };
-
-    ctxt->swint_emulate = map[swint_opt];
-}
-
 /*
  * Constrain input to architecturally-possible states where
  * the emulator relies on these
@@ -762,6 +746,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t 
size)
     };
     struct x86_emulate_ctxt ctxt = {
         .data = &state,
+        .swint_emulate = x86_swint_emulate_all,
         .regs = &regs,
         .addr_size = 8 * sizeof(void *),
         .sp_size = 8 * sizeof(void *),
@@ -792,8 +777,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t 
size)
 
     disable_hooks(&ctxt);
 
-    set_swint_support(&ctxt);
-
     do {
         /* FIXME: Until we actually implement SIGFPE handling properly */
         setup_fpu_exception_handler();
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all
  - From: George Dunlap

References:
- [Xen-devel] [PATCH 00/10] x86 emulation bugfixes and fuzzer improvements
  - From: Andrew Cooper

Prev by Date: [Xen-devel] [PATCH v3 5/6] x86/pagewalk: Improve the logic behind setting access and dirty bits
Next by Date: [Xen-devel] arm64: dma_to_phys/phys_to_dma need to be properly implemented
Previous by thread: Re: [Xen-devel] [PATCH 09/10] tools/x86emul: Advertise more CPUID features for testing purposes
Next by thread: Re: [Xen-devel] [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.