1d8dd1095SLi Qiang /* 2d8dd1095SLi Qiang * QTest testcase for fuzz case 3d8dd1095SLi Qiang * 4d8dd1095SLi Qiang * Copyright (c) 2020 Li Qiang <liq3ea@gmail.com> 5d8dd1095SLi Qiang * 6d8dd1095SLi Qiang * This work is licensed under the terms of the GNU GPL, version 2 or later. 7d8dd1095SLi Qiang * See the COPYING file in the top-level directory. 8d8dd1095SLi Qiang */ 9d8dd1095SLi Qiang 10d8dd1095SLi Qiang #include "qemu/osdep.h" 11d8dd1095SLi Qiang 12d8dd1095SLi Qiang #include "libqos/libqtest.h" 13d8dd1095SLi Qiang 14d8dd1095SLi Qiang /* 15d8dd1095SLi Qiang * This used to trigger the assert in scsi_dma_complete 16d8dd1095SLi Qiang * https://bugs.launchpad.net/qemu/+bug/1878263 17d8dd1095SLi Qiang */ 18d8dd1095SLi Qiang static void test_lp1878263_megasas_zero_iov_cnt(void) 19d8dd1095SLi Qiang { 20d8dd1095SLi Qiang QTestState *s; 21d8dd1095SLi Qiang 22d8dd1095SLi Qiang s = qtest_init("-nographic -monitor none -serial none " 23d8dd1095SLi Qiang "-M q35 -device megasas -device scsi-cd,drive=null0 " 24d8dd1095SLi Qiang "-blockdev driver=null-co,read-zeroes=on,node-name=null0"); 25d8dd1095SLi Qiang qtest_outl(s, 0xcf8, 0x80001818); 26d8dd1095SLi Qiang qtest_outl(s, 0xcfc, 0xc101); 27d8dd1095SLi Qiang qtest_outl(s, 0xcf8, 0x8000181c); 28d8dd1095SLi Qiang qtest_outl(s, 0xcf8, 0x80001804); 29d8dd1095SLi Qiang qtest_outw(s, 0xcfc, 0x7); 30d8dd1095SLi Qiang qtest_outl(s, 0xcf8, 0x8000186a); 31d8dd1095SLi Qiang qtest_writeb(s, 0x14, 0xfe); 32d8dd1095SLi Qiang qtest_writeb(s, 0x0, 0x02); 33d8dd1095SLi Qiang qtest_outb(s, 0xc1c0, 0x17); 34d8dd1095SLi Qiang qtest_quit(s); 35d8dd1095SLi Qiang } 36d8dd1095SLi Qiang 37fd250172SAlexander Bulekov static void test_lp1878642_pci_bus_get_irq_level_assert(void) 38fd250172SAlexander Bulekov { 39fd250172SAlexander Bulekov QTestState *s; 40fd250172SAlexander Bulekov 41fd250172SAlexander Bulekov s = qtest_init("-M pc-q35-5.0 " 42*c8ffacbfSAlexander Bulekov "-nographic -monitor none -serial none"); 43fd250172SAlexander Bulekov 44fd250172SAlexander Bulekov qtest_outl(s, 0xcf8, 0x8400f841); 45fd250172SAlexander Bulekov qtest_outl(s, 0xcfc, 0xebed205d); 46fd250172SAlexander Bulekov qtest_outl(s, 0x5d02, 0xebed205d); 476536c9e0SPhilippe Mathieu-Daudé qtest_quit(s); 48fd250172SAlexander Bulekov } 49fd250172SAlexander Bulekov 504bfb024bSPaolo Bonzini /* 514bfb024bSPaolo Bonzini * Here a MemoryRegionCache pointed to an MMIO region but had a 524bfb024bSPaolo Bonzini * larger size than the underlying region. 534bfb024bSPaolo Bonzini */ 544bfb024bSPaolo Bonzini static void test_mmio_oob_from_memory_region_cache(void) 554bfb024bSPaolo Bonzini { 564bfb024bSPaolo Bonzini QTestState *s; 574bfb024bSPaolo Bonzini 584bfb024bSPaolo Bonzini s = qtest_init("-M pc-q35-5.2 -display none -m 512M " 594bfb024bSPaolo Bonzini "-device virtio-scsi,num_queues=8,addr=03.0 "); 604bfb024bSPaolo Bonzini 614bfb024bSPaolo Bonzini qtest_outl(s, 0xcf8, 0x80001811); 624bfb024bSPaolo Bonzini qtest_outb(s, 0xcfc, 0x6e); 634bfb024bSPaolo Bonzini qtest_outl(s, 0xcf8, 0x80001824); 644bfb024bSPaolo Bonzini qtest_outl(s, 0xcf8, 0x80001813); 654bfb024bSPaolo Bonzini qtest_outl(s, 0xcfc, 0xa080000); 664bfb024bSPaolo Bonzini qtest_outl(s, 0xcf8, 0x80001802); 674bfb024bSPaolo Bonzini qtest_outl(s, 0xcfc, 0x5a175a63); 684bfb024bSPaolo Bonzini qtest_outb(s, 0x6e08, 0x9e); 694bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f003, 0xff); 704bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f004, 0x01); 714bfb024bSPaolo Bonzini qtest_writeb(s, 0x9e012, 0x0e); 724bfb024bSPaolo Bonzini qtest_writeb(s, 0x9e01b, 0x0e); 734bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f006, 0x01); 744bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f008, 0x01); 754bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f00a, 0x01); 764bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f00c, 0x01); 774bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f00e, 0x01); 784bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f010, 0x01); 794bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f012, 0x01); 804bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f014, 0x01); 814bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f016, 0x01); 824bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f018, 0x01); 834bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f01a, 0x01); 844bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f01c, 0x01); 854bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f01e, 0x01); 864bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f020, 0x01); 874bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f022, 0x01); 884bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f024, 0x01); 894bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f026, 0x01); 904bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f028, 0x01); 914bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f02a, 0x01); 924bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f02c, 0x01); 934bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f02e, 0x01); 944bfb024bSPaolo Bonzini qtest_writeb(s, 0x9f030, 0x01); 954bfb024bSPaolo Bonzini qtest_outb(s, 0x6e10, 0x00); 964bfb024bSPaolo Bonzini qtest_quit(s); 974bfb024bSPaolo Bonzini } 984bfb024bSPaolo Bonzini 99d8dd1095SLi Qiang int main(int argc, char **argv) 100d8dd1095SLi Qiang { 101d8dd1095SLi Qiang const char *arch = qtest_get_arch(); 102d8dd1095SLi Qiang 103d8dd1095SLi Qiang g_test_init(&argc, &argv, NULL); 104d8dd1095SLi Qiang 105d8dd1095SLi Qiang if (strcmp(arch, "i386") == 0 || strcmp(arch, "x86_64") == 0) { 106d8dd1095SLi Qiang qtest_add_func("fuzz/test_lp1878263_megasas_zero_iov_cnt", 107d8dd1095SLi Qiang test_lp1878263_megasas_zero_iov_cnt); 108fd250172SAlexander Bulekov qtest_add_func("fuzz/test_lp1878642_pci_bus_get_irq_level_assert", 109fd250172SAlexander Bulekov test_lp1878642_pci_bus_get_irq_level_assert); 1104bfb024bSPaolo Bonzini qtest_add_func("fuzz/test_mmio_oob_from_memory_region_cache", 1114bfb024bSPaolo Bonzini test_mmio_oob_from_memory_region_cache); 112d8dd1095SLi Qiang } 113d8dd1095SLi Qiang 114d8dd1095SLi Qiang return g_test_run(); 115d8dd1095SLi Qiang } 116