From 19fcec84d8d7d21e796c7624e521b60d28ee21ed Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 7 Apr 2024 20:45:59 +0200
Subject: Adding upstream version 16.2.11+ds.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 src/spdk/test/app/fuzz/common/fuzz_common.h | 303 ++++++++++++++++++++++++++++
 src/spdk/test/app/fuzz/common/fuzz_rpc.py   | 106 ++++++++++
 2 files changed, 409 insertions(+)
 create mode 100644 src/spdk/test/app/fuzz/common/fuzz_common.h
 create mode 100755 src/spdk/test/app/fuzz/common/fuzz_rpc.py

(limited to 'src/spdk/test/app/fuzz/common')

diff --git a/src/spdk/test/app/fuzz/common/fuzz_common.h b/src/spdk/test/app/fuzz/common/fuzz_common.h
new file mode 100644
index 000000000..7619f4fb1
--- /dev/null
+++ b/src/spdk/test/app/fuzz/common/fuzz_common.h
@@ -0,0 +1,303 @@
+/*-
+ *   BSD LICENSE
+ *
+ *   Copyright (c) Intel Corporation.
+ *   All rights reserved.
+ *
+ *   Redistribution and use in source and binary forms, with or without
+ *   modification, are permitted provided that the following conditions
+ *   are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in
+ *       the documentation and/or other materials provided with the
+ *       distribution.
+ *     * Neither the name of Intel Corporation nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "spdk/stdinc.h"
+#include "spdk/env.h"
+#include "spdk/file.h"
+#include "spdk/base64.h"
+#include "spdk/json.h"
+
+#define DEFAULT_RUNTIME 30 /* seconds */
+#define MAX_RUNTIME_S 86400 /* 24 hours */
+#define IO_TIMEOUT_S 5
+
+#define UNSIGNED_2BIT_MAX ((1 << 2) - 1)
+#define UNSIGNED_4BIT_MAX ((1 << 4) - 1)
+#define UNSIGNED_8BIT_MAX ((1 << 8) - 1)
+
+typedef bool (*json_parse_fn)(void *ele, struct spdk_json_val *val, size_t num_vals);
+
+static void
+fuzz_fill_random_bytes(char *character_repr, size_t len, unsigned int *rand_seed)
+{
+	size_t i;
+
+	for (i = 0; i < len; i++) {
+		character_repr[i] = rand_r(rand_seed) % UINT8_MAX;
+	}
+}
+
+static uint64_t
+fuzz_refresh_timeout(void)
+{
+	uint64_t current_ticks;
+	uint64_t new_timeout_ticks;
+
+	current_ticks = spdk_get_ticks();
+
+	new_timeout_ticks = current_ticks + IO_TIMEOUT_S * spdk_get_ticks_hz();
+	assert(new_timeout_ticks > current_ticks);
+
+	return new_timeout_ticks;
+}
+
+static char *
+fuzz_get_value_base_64_buffer(void *item, size_t len)
+{
+	char *value_string;
+	size_t total_size;
+	int rc;
+
+	/* Null pointer */
+	total_size = spdk_base64_get_encoded_strlen(len) + 1;
+
+	value_string = calloc(1, total_size);
+	if (value_string == NULL) {
+		return NULL;
+	}
+
+	rc = spdk_base64_encode(value_string, item, len);
+	if (rc < 0) {
+		free(value_string);
+		return NULL;
+	}
+
+	return value_string;
+}
+
+static int
+fuzz_get_base_64_buffer_value(void *item, size_t len, char *buf, size_t buf_len)
+{
+	size_t size_of_data;
+	char *new_buf;
+	int rc;
+
+	new_buf = malloc(buf_len + 1);
+	if (new_buf == NULL) {
+		return -ENOMEM;
+	}
+
+	snprintf(new_buf, buf_len + 1, "%s", buf);
+
+	size_of_data = spdk_base64_get_decoded_len(buf_len);
+
+	if (size_of_data < len) {
+		free(new_buf);
+		return -EINVAL;
+	}
+
+	rc = spdk_base64_decode(item, &size_of_data, new_buf);
+
+	if (rc || size_of_data != len) {
+		free(new_buf);
+		return -EINVAL;
+	}
+
+	free(new_buf);
+	return 0;
+}
+
+static ssize_t
+read_json_into_buffer(const char *filename, struct spdk_json_val **values, void **file_data)
+{
+	FILE *file = fopen(filename, "r");
+	size_t file_data_size;
+	ssize_t num_json_values = 0, rc;
+
+	if (file == NULL) {
+		/* errno is set by fopen */
+		return 0;
+	}
+
+	*file_data = spdk_posix_file_load(file, &file_data_size);
+	if (*file_data == NULL) {
+		fclose(file);
+		return 0;
+	}
+
+	fclose(file);
+
+	num_json_values = spdk_json_parse(*file_data, file_data_size, NULL, 0, NULL,
+					  SPDK_JSON_PARSE_FLAG_ALLOW_COMMENTS);
+
+	*values = calloc(num_json_values, sizeof(**values));
+	if (values == NULL) {
+		free(*file_data);
+		*file_data = NULL;
+		return 0;
+	}
+
+	rc = spdk_json_parse(*file_data, file_data_size, *values, num_json_values, NULL,
+			     SPDK_JSON_PARSE_FLAG_ALLOW_COMMENTS);
+	if (num_json_values != rc) {
+		free(*values);
+		*values = NULL;
+		free(*file_data);
+		*file_data = NULL;
+		return 0;
+	}
+
+	return num_json_values;
+}
+
+static size_t
+double_arr_size(void **buffer, size_t num_ele, size_t ele_size)
+{
+	void *tmp;
+	size_t new_num_ele, allocation_size;
+
+	if (num_ele > SIZE_MAX / 2) {
+		return 0;
+	}
+
+	new_num_ele = num_ele * 2;
+
+	if (new_num_ele > SIZE_MAX / ele_size) {
+		return 0;
+	}
+
+	allocation_size = new_num_ele * ele_size;
+
+	tmp = realloc(*buffer, allocation_size);
+	if (tmp != NULL) {
+		*buffer = tmp;
+		return new_num_ele;
+	}
+
+	return 0;
+}
+
+static uint64_t
+fuzz_parse_args_into_array(const char *file, void **arr, size_t ele_size, const char *obj_name,
+			   json_parse_fn cb_fn)
+{
+	ssize_t i, num_json_values;
+	struct spdk_json_val *values = NULL, *values_head = NULL, *obj_start;
+	void *file_data = NULL;;
+	char *arr_idx_pointer;
+	size_t num_arr_elements, arr_elements_used, values_in_obj;
+	bool rc;
+
+	num_json_values = read_json_into_buffer(file, &values_head, &file_data);
+	values = values_head;
+	if (num_json_values == 0 || values == NULL) {
+		if (file_data != NULL) {
+			free(file_data);
+		}
+		fprintf(stderr, "The file provided does not exist or we were unable to parse it.\n");
+		return 0;
+	}
+
+	num_arr_elements = 10;
+	arr_elements_used = 0;
+	*arr = calloc(num_arr_elements, ele_size);
+	arr_idx_pointer = (char *)*arr;
+	if (arr_idx_pointer == NULL) {
+		free(values);
+		free(file_data);
+		return 0;
+	}
+
+	i = 0;
+	while (i < num_json_values) {
+		if (values->type != SPDK_JSON_VAL_NAME) {
+			i++;
+			values++;
+			continue;
+		}
+
+		if (!strncmp(values->start, obj_name, values->len)) {
+			i++;
+			values++;
+			assert(values->type == SPDK_JSON_VAL_OBJECT_BEGIN);
+			obj_start = values;
+			values_in_obj = spdk_json_val_len(obj_start);
+			values += values_in_obj;
+			i += values_in_obj;
+
+			rc = cb_fn((void *)arr_idx_pointer, obj_start, values_in_obj);
+			if (rc == false) {
+				fprintf(stderr, "failed to parse file after %lu elements.\n", arr_elements_used);
+				goto fail;
+			}
+
+			arr_idx_pointer += ele_size;
+			arr_elements_used++;
+			if (arr_elements_used == num_arr_elements) {
+				num_arr_elements = double_arr_size(arr, num_arr_elements, ele_size);
+				if (num_arr_elements == 0) {
+					fprintf(stderr, "failed to allocate enough space for all json elements in your file.\n");
+					goto fail;
+				} else {
+					/* reset the array element position in case the pointer changed. */
+					arr_idx_pointer = ((char *)*arr) + arr_elements_used * ele_size;
+				}
+			}
+
+			continue;
+		} else {
+			i++;
+			values++;
+			continue;
+		}
+	}
+
+	if (arr_elements_used == 0) {
+		goto fail;
+	}
+
+	free(values_head);
+	free(file_data);
+	return arr_elements_used;
+fail:
+	free(values_head);
+	free(file_data);
+	free(*arr);
+	*arr = NULL;
+	return 0;
+}
+
+static int
+fuzz_parse_json_num(struct spdk_json_val *val, uint64_t max_val, uint64_t *val_ptr)
+{
+	uint64_t tmp_val;
+	int rc;
+
+	rc = spdk_json_number_to_uint64(val, &tmp_val);
+	if (rc || tmp_val > max_val) {
+		return -EINVAL;
+	} else {
+		*val_ptr = tmp_val;
+		return 0;
+	}
+}
diff --git a/src/spdk/test/app/fuzz/common/fuzz_rpc.py b/src/spdk/test/app/fuzz/common/fuzz_rpc.py
new file mode 100755
index 000000000..05cb67ed8
--- /dev/null
+++ b/src/spdk/test/app/fuzz/common/fuzz_rpc.py
@@ -0,0 +1,106 @@
+#!/usr/bin/env python3
+
+from rpc.client import print_dict, JSONRPCException
+
+import logging
+import argparse
+import rpc
+import sys
+import shlex
+
+try:
+    from shlex import quote
+except ImportError:
+    from pipes import quote
+
+
+def print_array(a):
+    print(" ".join((quote(v) for v in a)))
+
+
+def _fuzz_vhost_create_dev(client, socket, is_blk, use_bogus_buffer, use_valid_buffer, test_scsi_tmf, valid_lun):
+    """Create a new device in the vhost fuzzer.
+
+    Args:
+        socket: A valid unix domain socket for the dev to bind to.
+        is_blk: if set, create a virtio_blk device, otherwise use scsi.
+        use_bogus_buffer: if set, pass an invalid memory address as a buffer accompanying requests.
+        use_valid_buffer: if set, pass in a valid memory buffer with requests. Overrides use_bogus_buffer.
+        test_scsi_tmf: Test scsi management commands on the given device. Valid if and only if is_blk is false.
+        valid_lun: Supply only a valid lun number when submitting commands to the given device. Valid if and only if is_blk is false.
+
+    Returns:
+        True or False
+    """
+
+    params = {"socket": socket,
+              "is_blk": is_blk,
+              "use_bogus_buffer": use_bogus_buffer,
+              "use_valid_buffer": use_valid_buffer,
+              "test_scsi_tmf": test_scsi_tmf,
+              "valid_lun": valid_lun}
+
+    return client.call("fuzz_vhost_create_dev", params)
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description='SPDK RPC command line interface. NOTE: spdk/scripts/ is expected in PYTHONPATH')
+    parser.add_argument('-s', dest='server_addr',
+                        help='RPC domain socket path or IP address', default='/var/tmp/spdk.sock')
+    parser.add_argument('-p', dest='port',
+                        help='RPC port number (if server_addr is IP address)',
+                        default=5260, type=int)
+    parser.add_argument('-t', dest='timeout',
+                        help='Timeout as a floating point number expressed in seconds waiting for response. Default: 60.0',
+                        default=60.0, type=float)
+    parser.add_argument('-v', dest='verbose', action='store_const', const="INFO",
+                        help='Set verbose mode to INFO', default="ERROR")
+    parser.add_argument('--verbose', dest='verbose', choices=['DEBUG', 'INFO', 'ERROR'],
+                        help="""Set verbose level. """)
+    subparsers = parser.add_subparsers(help='RPC methods')
+
+    def fuzz_vhost_create_dev(args):
+        _fuzz_vhost_create_dev(
+            args.client,
+            args.socket,
+            args.is_blk,
+            args.use_bogus_buffer,
+            args.use_valid_buffer,
+            args.test_scsi_tmf,
+            args.valid_lun)
+
+    p = subparsers.add_parser('fuzz_vhost_create_dev', help="Add a new device to the vhost fuzzer.")
+    p.add_argument('-s', '--socket', help="Path to a valid unix domain socket for dev binding.")
+    p.add_argument('-b', '--is-blk', help='The specified socket corresponds to a vhost-blk dev.', action='store_true')
+    p.add_argument('-u', '--use-bogus-buffer', help='Pass bogus buffer addresses with requests when fuzzing.', action='store_true')
+    p.add_argument('-v', '--use-valid-buffer', help='Pass valid buffers when fuzzing. overrides use-bogus-buffer.', action='store_true')
+    p.add_argument('-m', '--test-scsi-tmf', help='for a scsi device, test scsi management commands.', action='store_true')
+    p.add_argument('-l', '--valid-lun', help='for a scsi device, test only using valid lun IDs.', action='store_true')
+    p.set_defaults(func=fuzz_vhost_create_dev)
+
+    def call_rpc_func(args):
+        try:
+            args.func(args)
+        except JSONRPCException as ex:
+            print(ex.message)
+            exit(1)
+
+    def execute_script(parser, client, fd):
+        for rpc_call in map(str.rstrip, fd):
+            if not rpc_call.strip():
+                continue
+            args = parser.parse_args(shlex.split(rpc_call))
+            args.client = client
+            call_rpc_func(args)
+
+    args = parser.parse_args()
+    args.client = rpc.client.JSONRPCClient(args.server_addr, args.port, args.timeout, log_level=getattr(logging, args.verbose.upper()))
+    if hasattr(args, 'func'):
+        call_rpc_func(args)
+    elif sys.stdin.isatty():
+        # No arguments and no data piped through stdin
+        parser.print_help()
+        exit(1)
+    else:
+        execute_script(parser, args.client, sys.stdin)
-- 
cgit v1.2.3