1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3  * QTest fuzzer-generated testcase for LSI53C895A device
4  *
5  * Copyright (c) Red Hat
6  */
7 
8 #include "qemu/osdep.h"
9 #include "libqos/libqtest.h"
10 
11 /*
12  * This used to trigger the assert in lsi_do_dma()
13  * https://bugs.launchpad.net/qemu/+bug/697510
14  * https://bugs.launchpad.net/qemu/+bug/1905521
15  * https://bugs.launchpad.net/qemu/+bug/1908515
16  */
17 static void test_lsi_do_dma_empty_queue(void)
18 {
19     QTestState *s;
20 
21     s = qtest_init("-M q35 -nographic -monitor none -serial none "
22                    "-drive if=none,id=drive0,"
23                             "file=null-co://,file.read-zeroes=on,format=raw "
24                    "-device lsi53c895a,id=scsi0 "
25                    "-device scsi-hd,drive=drive0,"
26                             "bus=scsi0.0,channel=0,scsi-id=0,lun=0");
27     qtest_outl(s, 0xcf8, 0x80001814);
28     qtest_outl(s, 0xcfc, 0xe1068000);
29     qtest_outl(s, 0xcf8, 0x80001818);
30     qtest_outl(s, 0xcf8, 0x80001804);
31     qtest_outw(s, 0xcfc, 0x7);
32     qtest_outl(s, 0xcf8, 0x80002010);
33 
34     qtest_writeb(s, 0xe106802e, 0xff); /* Fill DSP bits 16-23 */
35     qtest_writeb(s, 0xe106802f, 0xff); /* Fill DSP bits 24-31: trigger SCRIPT */
36 
37     qtest_quit(s);
38 }
39 
40 int main(int argc, char **argv)
41 {
42     g_test_init(&argc, &argv, NULL);
43 
44     qtest_add_func("fuzz/lsi53c895a/lsi_do_dma_empty_queue",
45                    test_lsi_do_dma_empty_queue);
46 
47     return g_test_run();
48 }
49