|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 3/3] tools/cpu-policy: Add unit tests and a fuzzing harness
>>> On 04.01.19 at 16:33, <andrew.cooper3@xxxxxxxxxx> wrote:
> The AFL harness currently notices that there are cases where we optimse the
> serialised stream by omitting data beyond the various maximum leaves.
>
> Both sets of tests will be extended with further libx86 work.
>
> Fix the sorting of the CPUID_GUEST_NR_* constants, noticed while writing the
> unit tests.
>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Wei Liu <wei.liu2@xxxxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Sergey Dyasli <sergey.dyasli@xxxxxxxxxx>
> ---
> tools/fuzz/cpu-policy/.gitignore | 1 +
> tools/fuzz/cpu-policy/Makefile | 27 ++++
> tools/fuzz/cpu-policy/afl-policy-fuzzer.c | 117 ++++++++++++++
> tools/tests/Makefile | 1 +
> tools/tests/cpu-policy/.gitignore | 1 +
Did we somehow come to the conclusion that the central .gitignore
at the root of the tree is not the way to go in the future?
> --- /dev/null
> +++ b/tools/tests/cpu-policy/test-cpu-policy.c
> @@ -0,0 +1,247 @@
> +#include <assert.h>
> +#include <errno.h>
> +#include <stdbool.h>
> +#include <stdint.h>
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <string.h>
> +
> +#include <xen-tools/libs.h>
> +#include <xen/lib/x86/cpuid.h>
> +#include <xen/lib/x86/msr.h>
> +#include <xen/domctl.h>
> +
> +static void test_cpuid_serialise_success(void)
> +{
> + static const struct test {
> + struct cpuid_policy p;
> + const char *name;
> + unsigned int nr_leaves;
> + } tests[] = {
> + {
> + .name = "empty policy",
> + .nr_leaves = 4,
> + },
> + };
> + unsigned int i;
> +
> + printf("Testing CPUID serialise success:\n");
> +
> + for ( i = 0; i < ARRAY_SIZE(tests); ++i )
> + {
> + const struct test *t = &tests[i];
> + unsigned int nr = t->nr_leaves;
> + xen_cpuid_leaf_t *leaves = malloc(nr * sizeof(*leaves));
> + int rc;
> +
> + if ( !leaves )
> + goto test_done;
Shouldn't you leave some indication of the test not having got run?
> +static void test_cpuid_deserialise_failure(void)
> +{
> + static const struct test {
> + const char *name;
> + xen_cpuid_leaf_t leaf;
> + } tests[] = {
> + {
> + .name = "incorrect basic subleaf",
> + .leaf = { .leaf = 0, .subleaf = 0 },
> + },
> + {
> + .name = "incorrect hv1 subleaf",
> + .leaf = { .leaf = 0x40000000, .subleaf = 0 },
> + },
> + {
> + .name = "incorrect hv2 subleaf",
> + .leaf = { .leaf = 0x40000100, .subleaf = 0 },
> + },
> + {
> + .name = "incorrect extd subleaf",
> + .leaf = { .leaf = 0x80000000, .subleaf = 0 },
> + },
> + {
> + .name = "OoB basic leaf",
> + .leaf = { .leaf = CPUID_GUEST_NR_BASIC },
> + },
> + {
> + .name = "OoB cache leaf",
> + .leaf = { .leaf = 0x4, .subleaf = CPUID_GUEST_NR_CACHE },
> + },
> + {
> + .name = "OoB feat leaf",
> + .leaf = { .leaf = 0x7, .subleaf = CPUID_GUEST_NR_FEAT },
> + },
> + {
> + .name = "OoB topo leaf",
> + .leaf = { .leaf = 0xb, .subleaf = CPUID_GUEST_NR_TOPO },
> + },
> + {
> + .name = "OoB xstate leaf",
> + .leaf = { .leaf = 0xd, .subleaf = CPUID_GUEST_NR_XSTATE },
> + },
> + {
> + .name = "OoB extd leaf",
> + .leaf = { .leaf = 0x80000000 | CPUID_GUEST_NR_EXTD },
> + },
> + };
> + unsigned int i;
> +
> + printf("Testing CPUID deserialise failure:\n");
> +
> + for ( i = 0; i < ARRAY_SIZE(tests); ++i )
> + {
> + const struct test *t = &tests[i];
> + uint32_t err_leaf = ~0u, err_subleaf = ~0u;
> + int rc;
> +
> + rc = x86_cpuid_copy_from_buffer(NULL, &t->leaf, 1,
> + &err_leaf, &err_subleaf);
> +
> + if ( rc != -ERANGE )
> + {
> + printf(" Test %s, expected rc %d, got %d\n",
> + t->name, -ERANGE, rc);
> + continue;
Perhaps drop this? The subsequent test ought to apply regardless
of error code.
Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |