VirtualBox

Changeset 92000 in vbox for trunk


Ignore:
Timestamp:
Oct 22, 2021 11:49:35 AM (3 years ago)
Author:
vboxsync
Message:

Devices/testcase/tstDevice: Some basic MMIO fuzzing, bugref:9006

Location:
trunk/src/VBox/Devices/testcase
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Devices/testcase/tstDevice.cpp

    r91998 r92000  
    919919
    920920        RTListInit(&Dut.LstIoPorts);
     921        RTListInit(&Dut.LstMmio);
    921922        RTListInit(&Dut.LstTimers);
    922923        RTListInit(&Dut.LstMmHeap);
  • trunk/src/VBox/Devices/testcase/tstDeviceInternal.h

    r84509 r92000  
    286286/** Pointer to a const I/O port handler. */
    287287typedef const RTDEVDUTIOPORT *PCRTDEVDUTIOPORT;
     288
     289
     290/**
     291 * Registered MMIO port access handler.
     292 */
     293typedef struct RTDEVDUTMMIO
     294{
     295    /** Node for the list of registered handlers. */
     296    RTLISTNODE                      NdMmio;
     297    /** Start address of the MMIO region when mapped. */
     298    RTGCPHYS                        GCPhysStart;
     299    /** Size of the MMIO region in bytes. */
     300    RTGCPHYS                        cbRegion;
     301    /** Opaque user data - R3. */
     302    void                            *pvUserR3;
     303    /** Write handler - R3. */
     304    PFNIOMMMIONEWWRITE              pfnWriteR3;
     305    /** Read handler - R3. */
     306    PFNIOMMMIONEWREAD               pfnReadR3;
     307    /** Fill handler - R3. */
     308    PFNIOMMMIONEWFILL               pfnFillR3;
     309
     310    /** Opaque user data - R0. */
     311    void                            *pvUserR0;
     312    /** Write handler - R0. */
     313    PFNIOMMMIONEWWRITE              pfnWriteR0;
     314    /** Read handler - R0. */
     315    PFNIOMMMIONEWREAD               pfnReadR0;
     316    /** Fill handler - R0. */
     317    PFNIOMMMIONEWFILL               pfnFillR0;
     318
     319#ifdef TSTDEV_SUPPORTS_RC
     320    /** Opaque user data - RC. */
     321    void                            *pvUserRC;
     322    /** Write handler - RC. */
     323    PFNIOMMMIONEWWRITE              pfnWriteRC;
     324    /** Read handler - RC. */
     325    PFNIOMMMIONEWREAD               pfnReadRC;
     326    /** Fill handler - RC. */
     327    PFNIOMMMIONEWFILL               pfnFillRC;
     328#endif
     329} RTDEVDUTMMIO;
     330/** Pointer to a registered MMIO handler. */
     331typedef RTDEVDUTMMIO *PRTDEVDUTMMIO;
     332/** Pointer to a const MMIO handler. */
     333typedef const RTDEVDUTMMIO *PCRTDEVDUTMMIO;
    288334
    289335
  • trunk/src/VBox/Devices/testcase/tstDeviceIoFuzz.cpp

    r91998 r92000  
    8888    }
    8989
     90    /* Determine the amount of MMIO regions. */
     91    uint32_t cMmioRegions = 0;
     92    PRTDEVDUTMMIO pMmio;
     93    RTListForEach(&hDut->LstMmio, pMmio, RTDEVDUTMMIO, NdMmio)
     94    {
     95        cMmioRegions++;
     96    }
     97
    9098    RTRAND hRnd;
    9199    int rc = RTRandAdvCreateParkMiller(&hRnd);
     
    99107        do
    100108        {
    101             uint32_t iIoPort = RTRandAdvU32Ex(hRnd, 0, cIoPortRegs - 1);
    102             RTListForEach(&hDut->LstIoPorts, pIoPort, RTDEVDUTIOPORT, NdIoPorts)
     109            bool fMmio = false;
     110
     111            if (   cMmioRegions
     112                && !cIoPortRegs)
     113                fMmio = true;
     114            else if (   !cMmioRegions
     115                     && cIoPortRegs)
     116                fMmio = false;
     117            else
     118                fMmio = RT_BOOL(RTRandAdvU32Ex(hRnd, 0, 1));
     119
     120            if (fMmio)
    103121            {
    104                 if (!iIoPort)
    105                     break;
    106                 iIoPort--;
     122                uint32_t iMmio = RTRandAdvU32Ex(hRnd, 0, cMmioRegions - 1);
     123                RTListForEach(&hDut->LstMmio, pMmio, RTDEVDUTMMIO, NdMmio)
     124                {
     125                    if (!iMmio)
     126                        break;
     127                    iMmio--;
     128                }
     129
     130                uint32_t uMin = pMmio->pfnWriteR3 ? 0 : 1;
     131                uint32_t uMax = pMmio->pfnReadR3  ? 1 : 0;
     132
     133                RTGCPHYS offRegion = RTRandAdvU64Ex(hRnd, 0, pMmio->cbRegion);
     134                bool fRead = RT_BOOL(uMin == uMax ? uMin : RTRandAdvU32Ex(hRnd, uMin, uMax));
     135                uint64_t u64Value = fRead ? 0 : RTRandAdvU64(hRnd);
     136                uint32_t cbValue = g_aAccWidths[RTRandAdvU32Ex(hRnd, 0, 2)];
     137
     138                if (fRead)
     139                    pMmio->pfnReadR3(hDut->pDevIns, pMmio->pvUserR3, offRegion, &u64Value, cbValue);
     140                else
     141                    pMmio->pfnWriteR3(hDut->pDevIns, pMmio->pvUserR3, offRegion, &u64Value, cbValue);
    107142            }
     143            else
     144            {
     145                uint32_t iIoPort = RTRandAdvU32Ex(hRnd, 0, cIoPortRegs - 1);
     146                RTListForEach(&hDut->LstIoPorts, pIoPort, RTDEVDUTIOPORT, NdIoPorts)
     147                {
     148                    if (!iIoPort)
     149                        break;
     150                    iIoPort--;
     151                }
    108152
    109             uint32_t uMin = pIoPort->pfnOutR3 ? 0 : 1;
    110             uint32_t uMax = pIoPort->pfnInR3  ? 1 : 0;
     153                uint32_t uMin = pIoPort->pfnOutR3 ? 0 : 1;
     154                uint32_t uMax = pIoPort->pfnInR3  ? 1 : 0;
    111155
    112             uint32_t offPort = RTRandAdvU32Ex(hRnd, 0, pIoPort->cPorts);
    113             bool fRead = RT_BOOL(uMin == uMax ? uMin : RTRandAdvU32Ex(hRnd, uMin, uMax));
    114             uint32_t u32Value = fRead ? 0 : RTRandAdvU32(hRnd);
    115             uint32_t cbValue = 1;//g_aAccWidths[RTRandAdvU32Ex(hRnd, 0, 2)];
     156                uint32_t offPort = RTRandAdvU32Ex(hRnd, 0, pIoPort->cPorts);
     157                bool fRead = RT_BOOL(uMin == uMax ? uMin : RTRandAdvU32Ex(hRnd, uMin, uMax));
     158                uint32_t u32Value = fRead ? 0 : RTRandAdvU32(hRnd);
     159                uint32_t cbValue = g_aAccWidths[RTRandAdvU32Ex(hRnd, 0, 2)];
    116160
    117             if (fRead)
    118                 pIoPort->pfnInR3(hDut->pDevIns, pIoPort->pvUserR3, offPort, &u32Value, cbValue);
    119             else
    120                 pIoPort->pfnOutR3(hDut->pDevIns, pIoPort->pvUserR3, offPort, u32Value, cbValue);
     161                if (fRead)
     162                    pIoPort->pfnInR3(hDut->pDevIns, pIoPort->pvUserR3, offPort, &u32Value, cbValue);
     163                else
     164                    pIoPort->pfnOutR3(hDut->pDevIns, pIoPort->pvUserR3, offPort, u32Value, cbValue);
     165            }
    121166
    122167            cFuzzedInputs++;
  • trunk/src/VBox/Devices/testcase/tstDevicePdmDevHlp.cpp

    r91998 r92000  
    228228             pDevIns->pReg->szName, pDevIns->iInstance, cbRegion, fFlags, pPciDev, iPciRegion, pfnWrite, pfnRead, pfnFill, pvUser, pszDesc, pszDesc, phRegion));
    229229
    230 #ifndef VBOX_TSTDEV_NOT_IMPLEMENTED_STUBS_FAKE_SUCCESS
    231     int rc = VERR_NOT_IMPLEMENTED;
    232     AssertFailed();
    233 #else
    234     *phRegion = 1;
     230    /** @todo Verify there is no overlapping. */
     231
     232    RT_NOREF(pszDesc);
    235233    int rc = VINF_SUCCESS;
    236 #endif
     234    PRTDEVDUTMMIO pMmio = (PRTDEVDUTMMIO)RTMemAllocZ(sizeof(*pMmio));
     235    if (RT_LIKELY(pMmio))
     236    {
     237        pMmio->cbRegion    = cbRegion;
     238        pMmio->pvUserR3    = pvUser;
     239        pMmio->pfnWriteR3  = pfnWrite;
     240        pMmio->pfnReadR3   = pfnRead;
     241        pMmio->pfnFillR3   = pfnFill;
     242        RTListAppend(&pDevIns->Internal.s.pDut->LstMmio, &pMmio->NdMmio);
     243        *phRegion = (IOMMMIOHANDLE)pMmio;
     244    }
     245    else
     246        rc = VERR_NO_MEMORY;
    237247
    238248    LogFlow(("pdmR3DevHlp_MmioCreateEx: caller='%s'/%d: returns %Rrc (*phRegion=%#x)\n",
     
    248258    LogFlow(("pdmR3DevHlp_MmioMap: caller='%s'/%d: hRegion=%#x GCPhys=%#RGp\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion, GCPhys));
    249259
    250 #ifndef VBOX_TSTDEV_NOT_IMPLEMENTED_STUBS_FAKE_SUCCESS
    251     int rc = VERR_NOT_IMPLEMENTED;
    252     AssertFailed();
    253 #else
    254260    int rc = VINF_SUCCESS;
    255 #endif
     261    PRTDEVDUTMMIO pMmio = (PRTDEVDUTMMIO)hRegion;
     262    pMmio->GCPhysStart = GCPhys;
    256263
    257264    LogFlow(("pdmR3DevHlp_MmioMap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
     
    266273    LogFlow(("pdmR3DevHlp_MmioUnmap: caller='%s'/%d: hRegion=%#x\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion));
    267274
    268 #ifndef VBOX_TSTDEV_NOT_IMPLEMENTED_STUBS_FAKE_SUCCESS
    269     int rc = VERR_NOT_IMPLEMENTED;
    270     AssertFailed();
    271 #else
    272275    int rc = VINF_SUCCESS;
    273 #endif
     276    PRTDEVDUTMMIO pMmio = (PRTDEVDUTMMIO)hRegion;
     277    pMmio->GCPhysStart = NIL_RTGCPHYS;
    274278
    275279    LogFlow(("pdmR3DevHlp_MmioUnmap: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
     
    284288    LogFlow(("pdmR3DevHlp_MmioReduce: caller='%s'/%d: hRegion=%#x cbRegion=%#RGp\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion, cbRegion));
    285289
    286 #ifndef VBOX_TSTDEV_NOT_IMPLEMENTED_STUBS_FAKE_SUCCESS
    287     int rc = VERR_NOT_IMPLEMENTED;
    288     AssertFailed();
    289 #else
    290290    int rc = VINF_SUCCESS;
    291 #endif
     291    PRTDEVDUTMMIO pMmio = (PRTDEVDUTMMIO)hRegion;
     292    pMmio->cbRegion = cbRegion;
     293
    292294    LogFlow(("pdmR3DevHlp_MmioReduce: caller='%s'/%d: returns %Rrc\n", pDevIns->pReg->szName, pDevIns->iInstance, rc));
    293295    return rc;
     
    301303    LogFlow(("pdmR3DevHlp_MmioGetMappingAddress: caller='%s'/%d: hRegion=%#x\n", pDevIns->pReg->szName, pDevIns->iInstance, hRegion));
    302304
    303 #ifndef VBOX_TSTDEV_NOT_IMPLEMENTED_STUBS_FAKE_SUCCESS
    304     RTGCPHYS GCPhys = NIL_RTGCPHYS;
    305     AssertFailed();
    306 #else
    307     RTGCPHYS GCPhys = 0x1000;
    308 #endif
     305    PRTDEVDUTMMIO pMmio = (PRTDEVDUTMMIO)hRegion;
     306    RTGCPHYS GCPhys = pMmio->GCPhysStart;
    309307
    310308    LogFlow(("pdmR3DevHlp_MmioGetMappingAddress: caller='%s'/%d: returns %RGp\n", pDevIns->pReg->szName, pDevIns->iInstance, GCPhys));
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette