fuzz_nvme_driver: add Deallocate action, simplify guid#3030
Open
mattkur wants to merge 3 commits intomicrosoft:mainfrom
Open
fuzz_nvme_driver: add Deallocate action, simplify guid#3030mattkur wants to merge 3 commits intomicrosoft:mainfrom
mattkur wants to merge 3 commits intomicrosoft:mainfrom
Conversation
…ax_interrupt_count Why is this change being made? - Deallocate (DSM) was only called once at shutdown with hardcoded values - arbitrary_guid made 11 separate arbitrary_data calls (lock/unlock each) - max_interrupt_count fuzzing caused driver hangs (see microsoft#3022) What changed? - Added Deallocate action variant with arbitrary target_cpu, context_attributes, starting_lba, and lba_count fields - Removed hardcoded shutdown deallocate (now covered by action loop) - Simplified arbitrary_guid: single [u8; 16] call instead of 11 calls - Changed max_interrupt_count to passthrough (fuzzed values hang the driver due to missing CAP.TO timeout, tracked in microsoft#3022) How was the change tested? - ✅ cargo clippy --all-targets -p fuzz_nvme_driver (clean) - ✅ cargo xtask fmt --fix (clean) - ✅ No hangs in 93-minute campaign (previous version had 732 timeouts)
smalis-msft
reviewed
Mar 17, 2026
vm/devices/storage/disk_nvme/nvme_driver/fuzz/fuzz_nvme_driver.rs
Outdated
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new fuzz action for NVMe DSM deallocation, simplifies GUID generation from arbitrary bytes, and avoids fuzzing max_interrupt_count to prevent driver hangs described in #3022.
Changes:
- Add
NvmeDriverAction::Deallocateand wire it into the fuzz action handler. - Simplify
arbitrary_guid()to build aGuidfrom 16 arbitrary bytes. - Always pass through
max_interrupt_count()in the emulated device to avoidNvmeDriver::new()hangs.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| vm/devices/storage/disk_nvme/nvme_driver/fuzz/fuzz_nvme_driver.rs | Adds Deallocate action handling and refactors GUID generation. |
| vm/devices/storage/disk_nvme/nvme_driver/fuzz/fuzz_emulated_device.rs | Stops fuzzing max_interrupt_count() to prevent initialization hangs. |
vm/devices/storage/disk_nvme/nvme_driver/fuzz/fuzz_nvme_driver.rs
Outdated
Show resolved
Hide resolved
vm/devices/storage/disk_nvme/nvme_driver/fuzz/fuzz_nvme_driver.rs
Outdated
Show resolved
Hide resolved
- Generate Guid fields individually instead of slicing a [u8; 16], removing unwrap() calls (smalis + copilot feedback) - Update doc comment to note Result error case
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds Deallocate action variant, simplifies arbitrary_guid, passthroughs max_interrupt_count (fuzzed values hung the driver, see #3022).