[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer

To: Jan Beulich <JBeulich@xxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Fri, 3 Feb 2017 11:22:33 +0000
Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 03 Feb 2017 11:22:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Feb 03, 2017 at 12:04:04AM -0700, Jan Beulich wrote:
> >>> On 02.02.17 at 18:12, <wei.liu2@xxxxxxxxxx> wrote:
> > On Thu, Feb 02, 2017 at 10:01:46AM -0700, Jan Beulich wrote:
> >> >>> On 02.02.17 at 17:50, <wei.liu2@xxxxxxxxxx> wrote:
> >> > On Thu, Feb 02, 2017 at 05:20:56AM -0700, Jan Beulich wrote:
> >> >> >>> On 01.02.17 at 13:02, <wei.liu2@xxxxxxxxxx> wrote:
> >> >> > +static int _fuzz_read_msr(
> >> >> > +    unsigned int reg,
> >> >> > +    uint64_t *val,
> >> >> > +    struct x86_emulate_ctxt *ctxt)
> >> >> > +{
> >> >> > +    unsigned int idx;
> >> >> > +
> >> >> > +    switch ( reg )
> >> >> > +    {
> >> >> > +    case MSR_TSC_AUX:
> >> >> > +    case MSR_IA32_TSC:
> >> >> > +        return data_read("read_msr", val, sizeof(*val));
> >> >> 
> >> >> Strictly speaking the above applies to TSC_AUX too. And TSC should
> >> >> return monotonically increasing values. I don't think though that
> >> >> producing random output here matters right now. A comment may
> >> >> be worthwhile.
> >> >> 
> >> > 
> >> > Right, I will add the following:
> >> > 
> >> >         /*
> >> >          * TSC should return monotonically increasing values, but
> >> >          * returning random values is fine in fuzzer.
> >> >          */
> >> 
> >> What about TSC_AUX then?
> >> 
> > 
> > What model would you like it to follow? I suppose returning random value
> > is also fine? I.e. I should just add TSC_AUX to the comment as well.
> 
> That's one option. Even better would be to consistently return
> the same (possibly random) value. But the value itself isn't being
> looked at by the emulator, and iirc the MSR also isn't ever being
> read multiple times, so it really doesn't matter as long as the
> caller(s) of x86_emulate() do(es)n't care.

Returning consistent doable but that would involve rewriting a
significant portion of the fuzzer. Let's leave it for another day.

I will modify the comment as follows:

    /*
     * TSC should return monotonically increasing values, TSC_AUX should
     * preferably return consistent value, but returning random values
     * is fine in fuzzer.
     */

> 
> Jan
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH v3 00/11] fuzz: update x86emul fuzzer
  - From: Wei Liu
- [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Wei Liu
- Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Wei Liu
- Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Wei Liu
- Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
  - From: Jan Beulich

Prev by Date: [Xen-devel] [qemu-mainline bisection] complete build-i386-xsm
Next by Date: Re: [Xen-devel] [PATCH] Fix mispelling of length
Previous by thread: Re: [Xen-devel] [PATCH v3 09/11] fuzz/x86emul: update fuzzer
Next by thread: [Xen-devel] [PATCH v3 10/11] fuzz/x86emul: print out minimal input size
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.