[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 07/10] tools/insn-fuzz: Provide IA32_DEBUGCTL consistently to the emulator



On 27/03/17 12:53, Jan Beulich wrote:
>>>> On 27.03.17 at 11:56, <andrew.cooper3@xxxxxxxxxx> wrote:
>> x86_emulates()'s is_branch_step() performs a speculative read of
>> IA32_DEBUGCTL, but doesn't squash exceptions should they arise.  In reality,
>> this MSR is always available.
>>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>

Thanks.

> While looking at this I did notice though that the use of
> MSR_INDEX_MAX leads to MSR index zero
> (MSR_IA32_P5_MC_ADDR) to always have a value of zero (until
> all array slots would actually be used). Not actively a problem
> right now, but not entirely correct either.

I have some plans to entirely rework the MSR/CR handing in the fuzzing
harness.  At the moment, AFL is wasting a lot of effort mutating large
areas of the input corpus to try and find new paths, to no avail.

This change is the minimum required to satisfy the existing assertions.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.