[qemu.git] / tests / megasas-test.c

/*
 * QTest testcase for LSI MegaRAID
 *
 * Copyright (c) 2017 Red Hat Inc.
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 */

#include "qemu/osdep.h"
#include "libqtest.h"
#include "qemu/bswap.h"
#include "qemu/module.h"
#include "libqos/qgraph.h"
#include "libqos/pci.h"

typedef struct QMegasas QMegasas;

struct QMegasas {
    QOSGraphObject obj;
    QPCIDevice dev;
};

static void *megasas_get_driver(void *obj, const char *interface)
{
    QMegasas *megasas = obj;

    if (!g_strcmp0(interface, "pci-device")) {
        return &megasas->dev;
    }

    fprintf(stderr, "%s not present in megasas\n", interface);
    g_assert_not_reached();
}

static void *megasas_create(void *pci_bus, QGuestAllocator *alloc, void *addr)
{
    QMegasas *megasas = g_new0(QMegasas, 1);
    QPCIBus *bus = pci_bus;

    qpci_device_init(&megasas->dev, bus, addr);
    megasas->obj.get_driver = megasas_get_driver;

    return &megasas->obj;
}

/* This used to cause a NULL pointer dereference.  */
static void megasas_pd_get_info_fuzz(void *obj, void *data, QGuestAllocator *alloc)
{
    QMegasas *megasas = obj;
    QPCIDevice *dev = &megasas->dev;
    QPCIBar bar;
    uint32_t context[256];
    uint64_t context_pa;
    int i;

    qpci_device_enable(dev);
    bar = qpci_iomap(dev, 0, NULL);

    memset(context, 0, sizeof(context));
    context[0] = cpu_to_le32(0x05050505);
    context[1] = cpu_to_le32(0x01010101);
    for (i = 2; i < ARRAY_SIZE(context); i++) {
        context[i] = cpu_to_le32(0x41414141);
    }
    context[6] = cpu_to_le32(0x02020000);
    context[7] = cpu_to_le32(0);

    context_pa = guest_alloc(alloc, sizeof(context));
    qtest_memwrite(dev->bus->qts, context_pa, context, sizeof(context));
    qpci_io_writel(dev, bar, 0x40, context_pa);
}

static void megasas_register_nodes(void)
{
    QOSGraphEdgeOptions opts = {
        .extra_device_opts = "addr=04.0,id=scsi0",
        .before_cmd_line = "-drive id=drv0,if=none,file=null-co://,format=raw",
        .after_cmd_line = "-device scsi-hd,bus=scsi0.0,drive=drv0",
    };

    add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) });

    qos_node_create_driver("megasas", megasas_create);
    qos_node_consumes("megasas", "pci-bus", &opts);
    qos_node_produces("megasas", "pci-device");

    qos_add_test("dcmd/pd-get-info/fuzz", "megasas", megasas_pd_get_info_fuzz, NULL);
}
libqos_init(megasas_register_nodes);
Commit	Line	Data
660174fc PB	1	/*
	2	* QTest testcase for LSI MegaRAID
	3	*
	4	* Copyright (c) 2017 Red Hat Inc.
	5	*
	6	* This work is licensed under the terms of the GNU GPL, version 2 or later.
	7	* See the COPYING file in the top-level directory.
	8	*/
	9
	10	#include "qemu/osdep.h"
	11	#include "libqtest.h"
	12	#include "qemu/bswap.h"
0b8fa32f	13	#include "qemu/module.h"
469bb49b PB	14	#include "libqos/qgraph.h"
469bb49b PB	15	#include "libqos/pci.h"
660174fc	16
469bb49b PB	17	typedef struct QMegasas QMegasas;
	18
	19	struct QMegasas {
	20	QOSGraphObject obj;
	21	QPCIDevice dev;
	22	};
	23
	24	static void megasas_get_driver(void obj, const char *interface)
660174fc	25	{
469bb49b PB	26	QMegasas *megasas = obj;
	27
	28	if (!g_strcmp0(interface, "pci-device")) {
	29	return &megasas->dev;
660174fc PB	30	}
660174fc PB	31
469bb49b PB	32	fprintf(stderr, "%s not present in megasas\n", interface);
469bb49b PB	33	g_assert_not_reached();
660174fc PB	34	}
660174fc PB	35
469bb49b	36	static void megasas_create(void pci_bus, QGuestAllocator alloc, void addr)
660174fc	37	{
469bb49b PB	38	QMegasas *megasas = g_new0(QMegasas, 1);
469bb49b PB	39	QPCIBus *bus = pci_bus;
660174fc	40
469bb49b PB	41	qpci_device_init(&megasas->dev, bus, addr);
469bb49b PB	42	megasas->obj.get_driver = megasas_get_driver;
660174fc	43
469bb49b	44	return &megasas->obj;
660174fc PB	45	}
660174fc PB	46
87e459a8	47	/* This used to cause a NULL pointer dereference. */
469bb49b	48	static void megasas_pd_get_info_fuzz(void obj, void data, QGuestAllocator *alloc)
87e459a8	49	{
469bb49b PB	50	QMegasas *megasas = obj;
469bb49b PB	51	QPCIDevice *dev = &megasas->dev;
87e459a8 PB	52	QPCIBar bar;
	53	uint32_t context[256];
	54	uint64_t context_pa;
	55	int i;
	56
87e459a8 PB	57	qpci_device_enable(dev);
	58	bar = qpci_iomap(dev, 0, NULL);
	59
	60	memset(context, 0, sizeof(context));
	61	context[0] = cpu_to_le32(0x05050505);
	62	context[1] = cpu_to_le32(0x01010101);
	63	for (i = 2; i < ARRAY_SIZE(context); i++) {
	64	context[i] = cpu_to_le32(0x41414141);
	65	}
	66	context[6] = cpu_to_le32(0x02020000);
	67	context[7] = cpu_to_le32(0);
	68
469bb49b	69	context_pa = guest_alloc(alloc, sizeof(context));
2756f82a	70	qtest_memwrite(dev->bus->qts, context_pa, context, sizeof(context));
87e459a8	71	qpci_io_writel(dev, bar, 0x40, context_pa);
87e459a8 PB	72	}
87e459a8 PB	73
469bb49b	74	static void megasas_register_nodes(void)
660174fc	75	{
469bb49b PB	76	QOSGraphEdgeOptions opts = {
	77	.extra_device_opts = "addr=04.0,id=scsi0",
	78	.before_cmd_line = "-drive id=drv0,if=none,file=null-co://,format=raw",
	79	.after_cmd_line = "-device scsi-hd,bus=scsi0.0,drive=drv0",
	80	};
	81
	82	add_qpci_address(&opts, &(QPCIAddress) { .devfn = QPCI_DEVFN(4, 0) });
	83
	84	qos_node_create_driver("megasas", megasas_create);
	85	qos_node_consumes("megasas", "pci-bus", &opts);
	86	qos_node_produces("megasas", "pci-device");
660174fc	87
469bb49b	88	qos_add_test("dcmd/pd-get-info/fuzz", "megasas", megasas_pd_get_info_fuzz, NULL);
660174fc	89	}
469bb49b	90	libqos_init(megasas_register_nodes);