[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2 for-4.9 5/7] tools/insn-fuzz: Correct hook prototypes, and assert() appropriate segments

To: "Andrew Cooper" <andrew.cooper3@xxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Thu, 06 Apr 2017 03:28:36 -0600
Cc: George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 06 Apr 2017 09:28:57 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

>>> On 05.04.17 at 19:53, <andrew.cooper3@xxxxxxxxxx> wrote:
> --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
> +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
> @@ -117,12 +117,15 @@ static int data_read(struct x86_emulate_ctxt *ctxt,
>  }
>  
>  static int fuzz_read(
> -    unsigned int seg,
> +    enum x86_segment seg,
>      unsigned long offset,
>      void *p_data,
>      unsigned int bytes,
>      struct x86_emulate_ctxt *ctxt)
>  {
> +    /* Reads expected for all user and system segments. */
> +    assert((unsigned int)seg < x86_seg_none);

Would this perhaps be more clear as
"is_user_segment() || is_system_segment()"?

> @@ -274,6 +302,9 @@ static int fuzz_invlpg(
>      unsigned long offset,
>      struct x86_emulate_ctxt *ctxt)
>  {
> +    /* invlpg(), unlike all other hooks, may be called with x86_seg_none. */
> +    assert((unsigned int)seg <= x86_seg_none);

But no system segment, so rather
"is_user_segment() || seg == none"?

> @@ -300,8 +331,7 @@ static int fuzz_read_segment(
>      const struct fuzz_state *s = ctxt->data;
>      const struct fuzz_corpus *c = s->corpus;
>  
> -    if ( seg >= SEG_NUM )
> -        return X86EMUL_UNHANDLEABLE;
> +    assert((unsigned int)seg < x86_seg_none);

Same as for fuzz_read().

> @@ -317,8 +347,7 @@ static int fuzz_write_segment(
>      struct fuzz_corpus *c = s->corpus;
>      int rc;
>  
> -    if ( seg >= SEG_NUM )
> -        return X86EMUL_UNHANDLEABLE;
> +    assert((unsigned int)seg < x86_seg_none);

And here.

With at least the invlpg part taken care of
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Jan


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v2 for-4.9 0/7] x86/emul: Userspace fuzzing harness fixes
  - From: Andrew Cooper
- [Xen-devel] [PATCH v2 for-4.9 5/7] tools/insn-fuzz: Correct hook prototypes, and assert() appropriate segments
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v2 for-4.9 2/7] tools/insn-fuzz: Don't hit memcpy() for zero-length reads
Next by Date: Re: [Xen-devel] [PATCH v2] x86/vpmu_intel: Handle SMT consistently for programmable and fixed counters
Previous by thread: [Xen-devel] [PATCH v2 for-4.9 5/7] tools/insn-fuzz: Correct hook prototypes, and assert() appropriate segments
Next by thread: [Xen-devel] [PATCH v2 for-4.9 2/7] tools/insn-fuzz: Don't hit memcpy() for zero-length reads
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.