Merge tag 'pr-2023-02-16' of https://gitlab.com/a1xndr/qemu into staging

Replace fork-based fuzzing with reboots.
Now the fuzzers will reboot the guest between inputs.

# -----BEGIN PGP SIGNATURE---

Merge tag 'pr-2023-02-16' of https://gitlab.com/a1xndr/qemu into staging

Replace fork-based fuzzing with reboots.
Now the fuzzers will reboot the guest between inputs.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEE+tTiv4cTddY0BRfETmYd3lg6lk4FAmPu/LoACgkQTmYd3lg6
# lk6RHg/7BRGI5ZPXb1MmTNCC+SroQ6TT++lO4b0hbkN2HO6U+WVvfuA6+0wg+8qC
# 4bp+G1Tabpcq1MTYUuim6DBtWswgpqr0AbWNwn1eF7hya+3W9woH2POVYY2wwc7m
# S3EdwXCCKo9gGXlaNrotnbwIk+o8B4BzXOXLIlRtg26wGYhT5fkJA/BQcHKDXz37
# ctyWxlyjIM8pNCgfybMvjC7MYtp8DufPsv/rrKx9t0TM7f1jPVgXLek7t0+ZwjeY
# qz2Om2jiij1INgK9hTieWs4eHwpwre6vH2a+JKRkZ3sS7WYcj1auNKVJb3GvDqmc
# wy+Nz5Lz4+aPP19pkCYjfz5w3CqEEsSlSDn5UVRbfl2fbENSceoNwo9huMXsF1pB
# oO6NK2NxbOygmNpYxp+JEt45KFIXzUcIFQwbn8aCDODIl+0H2yu7/ll6XgELf1Pa
# P83THOaVxIxfcI9VOdt/FwDq1ZzmV5nk/BkIGJeIWNYMbU4Gze6YoaL3U8AHDxKH
# f6f3qDzcVJjqD0wKhvYcQ3kSPq+vHc/ioh6mYwos6VUEVYz/SLOY876MaSB/K4PE
# ofBV7y6HvJ6AMwg1TBg4YtOP08gWK+4sYH+I09oU40U3UcwEpkbkQTF72lPQHxFs
# 8UVRJrgWv/xzrwzXTX5ruQ633F8zuhqQTeERqksj1pPHJ3NdHps=
# =F6qI
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 17 Feb 2023 04:04:10 GMT
# gpg: using RSA key FAD4E2BF871375D6340517C44E661DDE583A964E
# gpg: Good signature from "Alexander Bulekov <alxndr@bu.edu>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAD4 E2BF 8713 75D6 3405 17C4 4E66 1DDE 583A 964E

* tag 'pr-2023-02-16' of https://gitlab.com/a1xndr/qemu:
docs/fuzz: remove mentions of fork-based fuzzing
fuzz: remove fork-fuzzing scaffolding
fuzz/i440fx: remove fork-based fuzzer
fuzz/virtio-blk: remove fork-based fuzzer
fuzz/virtio-net: remove fork-based fuzzer
fuzz/virtio-scsi: remove fork-based fuzzer
fuzz/generic-fuzz: add a limit on DMA bytes written
fuzz/generic-fuzz: use reboots instead of forks to reset state
fuzz: add fuzz_reset API
hw/sparse-mem: clear memory on reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

fuzz: remove fork-fuzzing scaffolding

Fork-fuzzing provides a few pros, but our implementation prevents us
from using fuzzers other than libFuzzer, and may be causing issues such
as coverage-failure

fuzz: remove fork-fuzzing scaffolding

Fork-fuzzing provides a few pros, but our implementation prevents us
from using fuzzers other than libFuzzer, and may be causing issues such
as coverage-failure builds on OSS-Fuzz. It is not a great long-term
solution as it depends on internal implementation details of libFuzzer
(which is no longer in active development). Remove it in favor of other
methods of resetting state between inputs.

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Meson conversions + introspection-based command line parser

# gpg: Signature made Thu 14 Oct 2021 12:51:54 AM PDT
# g

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* Meson conversions + introspection-based command line parser

# gpg: Signature made Thu 14 Oct 2021 12:51:54 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]

* remotes/bonzini/tags/for-upstream: (26 commits)
configure: automatically parse command line for meson -D options
meson-buildoptions: include list of tracing backends
configure: prepare for auto-generated option parsing
configure: accept "internal" for --enable-capstone/slirp/fdt
configure: remove deprecated --{enable, disable}-git-update
configure, meson: move more compiler checks to Meson
configure: remove obsolete Solaris ar check
configure, meson: move Spice configure handling to meson
configure, meson: move netmap detection to meson
configure, meson: move vde detection to meson
configure, meson: move libaio check to meson.build
configure, meson: move pthread_setname_np checks to Meson
configure, meson: move remaining HAVE_* compiler tests to Meson
meson: HAVE_GDB_BIN is not used by C code
configure, meson: remove CONFIG_GCOV from config-host.mak
configure, meson: get HOST_WORDS_BIGENDIAN via the machine object
configure, meson: move CONFIG_HOST_DSOSUF to Meson
trace: move configuration from configure to Meson
trace: simple: pass trace_file unmodified to config-host.h
configure, meson: move fuzzing configuration to Meson
...

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

configure, meson: move fuzzing configuration to Meson

Cc: Alexander Oleinik <alxndr@bu.edu>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <2

configure, meson: move fuzzing configuration to Meson

Cc: Alexander Oleinik <alxndr@bu.edu>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20211007130829.632254-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging

* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitla

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-11-10' into staging

* Some small qtest fixes
* Oss-fuzz updates
* Publish the docs built during gitlab CI to the user's gitlab.io page
* Update the OpenBSD VM test to v6.8
* Fix the device-crash-test script to run with the meson build system
* Some small s390x fixes

# gpg: Signature made Tue 10 Nov 2020 11:05:06 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-11-10:
s390x: Avoid variable size warning in ipl.h
s390x: fix clang 11 warnings in cpu_models.c
qtest: Update references to parse_escape() in comments
fuzz: add virtio-blk fuzz target
docs: add "page source" link to sphinx documentation
gitlab: force enable docs build in Fedora, Ubuntu, Debian
gitlab: publish the docs built during CI
configure: surface deprecated targets in the help output
fuzz: Make fork_fuzz.ld compatible with LLVM's LLD
scripts/oss-fuzz: give all fuzzers -target names
docs/fuzz: update fuzzing documentation post-meson
docs/fuzz: rST-ify the fuzzing documentation
MAINTAINERS: Add gitlab-pipeline-status script to GitLab CI section
gitlab-ci: Drop generic cache rule
tests/qtest/tpm: Remove redundant check in the tpm_test_swtpm_test()
qtest: Fix bad printf format specifiers
device-crash-test: Check if path is actually an executable file
tests/vm: update openbsd to release 6.8
meson: always include contrib/libvhost-user

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

fuzz: add virtio-blk fuzz target

The virtio-blk fuzz target sets up and fuzzes the available virtio-blk
queues. The implementation is based on two files:
- tests/qtest/fuzz/virtio_scsi_fuzz.c
-

fuzz: add virtio-blk fuzz target

The virtio-blk fuzz target sets up and fuzzes the available virtio-blk
queues. The implementation is based on two files:
- tests/qtest/fuzz/virtio_scsi_fuzz.c
- tests/qtest/virtio_blk_test.c

Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <e2405c459302ecaee2555405604975353bfa3837.1604920905.git.dimastep@yandex-team.ru>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-10-26' into staging

* qtest fixes (e.g. memory leaks)
* Fix for Xen dummy cpu loop (which happened due to qtest accel rework)

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-10-26' into staging

* qtest fixes (e.g. memory leaks)
* Fix for Xen dummy cpu loop (which happened due to qtest accel rework)
* Introduction of the generic device fuzzer
* Run more check-acceptance tests in the gitlab-CI

# gpg: Signature made Mon 26 Oct 2020 09:34:04 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-10-26: (31 commits)
tests/acceptance: Use .ppm extention for Portable PixMap files
tests/acceptance: Remove unused import
test/docker/dockerfiles: Add missing packages for acceptance tests
tests/acceptance: Enable AVOCADO_ALLOW_UNTRUSTED_CODE in the gitlab-CI
test/acceptance: Remove the CONTINUOUS_INTEGRATION tags
tests/acceptance/ppc_prep_40p: Fix the URL to the NetBSD-4.0 archive
scripts/oss-fuzz: ignore the generic-fuzz target
scripts/oss-fuzz: use hardlinks instead of copying
fuzz: register predefined generic-fuzz configs
fuzz: add generic-fuzz configs for oss-fuzz
fuzz: add an "opaque" to the FuzzTarget struct
fuzz: Add instructions for using generic-fuzz
scripts/oss-fuzz: Add crash trace minimization script
scripts/oss-fuzz: Add script to reorder a generic-fuzzer trace
fuzz: add a crossover function to generic-fuzzer
fuzz: add a DISABLE_PCI op to generic-fuzzer
fuzz: Add support for custom crossover functions
fuzz: Add fuzzer callbacks to DMA-read functions
fuzz: Declare DMA Read callback function
fuzz: Add DMA support to the generic-fuzzer
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

fuzz: Add generic virtual-device fuzzer

This is a generic fuzzer designed to fuzz a virtual device's
MemoryRegions, as long as they exist within the Memory or Port IO (if it
exists) AddressSpaces. T

fuzz: Add generic virtual-device fuzzer

This is a generic fuzzer designed to fuzz a virtual device's
MemoryRegions, as long as they exist within the Memory or Port IO (if it
exists) AddressSpaces. The fuzzer's input is interpreted into a sequence
of qtest commands (outb, readw, etc). The interpreted commands are
separated by a magic seaparator, which should be easy for the fuzzer to
guess. Without ASan, the separator can be specified as a "dictionary
value" using the -dict argument (see libFuzzer documentation).

Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201023150746.107063-3-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

meson related:
* convert unit tests
* bugfixes for mtest2make
* miscellaneous bugfixes
* dead code removal and co

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

meson related:
* convert unit tests
* bugfixes for mtest2make
* miscellaneous bugfixes
* dead code removal and configure cleanups
* oss-fuzz fixes
* msys fixes

# gpg: Signature made Tue 08 Sep 2020 10:43:27 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (45 commits)
docs: update build system documentation
meson: remove linkage of sdl to baum
meson: Convert undefsym.sh to undefsym.py
fuzz: Add support for custom fuzzing library
meson: specify fuzz linker script as a project arg
oss-fuzz: fix rpath
configure: update dtc submodule
docs: suggest Meson replacements for various configure functions
configure: drop dead variables and functions
configure: do not include dependency flags in QEMU_CFLAGS and LIBS
meson: get opengl compilation flags from OPENGL_CFLAGS
meson: get glib compilation flags from GLIB_CFLAGS
configure: do not look for install(1)
configure: remove unnecessary libm test
configure: move -ldl test to meson
meson: keep all compiler flags detection together
configure: move disassembler configuration to meson
Makefile: inline the relevant parts of rules.mak
Makefile: remove dead variables and includes
meson: compute config_all_devices directly
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

fuzz: Add support for custom fuzzing library

On oss-fuzz, we must use the LIB_FUZZING_ENGINE and CFLAGS environment
variables, rather than -fsanitize=fuzzer. With this change, when
LIB_FUZZING_ENGIN

fuzz: Add support for custom fuzzing library

On oss-fuzz, we must use the LIB_FUZZING_ENGINE and CFLAGS environment
variables, rather than -fsanitize=fuzzer. With this change, when
LIB_FUZZING_ENGINE is set, the --enable-fuzzing configure option will
use that environment variable during the linking stage, rather than
-fsanitize=fuzzer

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200902173652.307222-3-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

meson: specify fuzz linker script as a project arg

With this change, the fuzzer-linker script should be specified outside
any --start-group/--end-group pairs. We need this on oss-fuzz, where
partial

meson: specify fuzz linker script as a project arg

With this change, the fuzzer-linker script should be specified outside
any --start-group/--end-group pairs. We need this on oss-fuzz, where
partially applying the linker-script results in a linker failure

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200902173652.307222-2-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

New build system, with "fake in-tree builds" support.

Missing:
* converting configure tests
* converting unit te

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

New build system, with "fake in-tree builds" support.

Missing:
* converting configure tests
* converting unit tests
* converting some remaining parts of the installation

# gpg: Signature made Fri 21 Aug 2020 11:33:35 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (152 commits)
docs: convert build system documentation to rST
meson: update build-system documentation
meson: avoid unstable module warning with Meson 0.56.0 or newer
meson: convert po/
meson: convert VNC and dependent libraries to meson
meson: move SDL and SDL-image detection to meson
meson: convert sample plugins
meson: replace create-config with meson configure_file
rules.mak: drop unneeded macros
meson: convert check-block
meson: build texi doc
docs: automatically track manual dependencies
meson: sphinx-build
remove Makefile.target
rules.mak: remove version.o
meson: convert systemtap files
configure: place compatibility symlinks in target directories
meson: link emulators without Makefile.target
meson: plugins
meson: cpu-emu
...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

meson: link emulators without Makefile.target

The binaries move to the root directory, e.g. qemu-system-i386 or
qemu-arm. This requires changes to qtests, CI, etc.

Signed-off-by: Marc-André Lureau

meson: link emulators without Makefile.target

The binaries move to the root directory, e.g. qemu-system-i386 or
qemu-arm. This requires changes to qtests, CI, etc.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

show more ...