[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 10/10] tools/insn-fuzz: Always use x86_swint_emulate_all



On 27/03/17 12:00, George Dunlap wrote:
> On 27/03/17 10:56, Andrew Cooper wrote:
>> The swint_emulate parameter indicates how much extra work the emulator needs
>> to do to cover issues with certain hardware injection methods.
>>
>> Using x86_swint_emulate_all opens up maximum coverage in the emulator.
> Uh, no -- removing this means all of the x86_swint_emulate_none
> codepaths don't get tested.

Which codepaths are these?

>
> The idea here is to make sure that the emulator works for all possible
> inputs.  Changing this means that there could (in theory) be a bug that
> is only triggered when ctx->swint_emulate != x86_swint_emulate_all that
> we wouldn't catch.

swint_emulate isn't a regular input.  The only thing it gates is whether
we do work in inject_swint() or not, and it only exists because of SVM's
inability to correctly inject certain events.  (In fact, the more I
think about it, the more I think it ought to move into the svm code
rather than polluting the common emulator.)

This property is not going to change, and coverage inside inject_swint()
is far more important from a fuzzing point of view.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.