diff options
| author | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
| commit | 3e00721b3b8fed05a99cfcde5b4fdc210f0b33ab (patch) | |
| tree | 7a942f93d9884d9c1fd7b905c1a2078f8207d18b /drivers | |
| parent | 9121478ee6f2aee381f8fe49d8997d43527d351a (diff) | |
| parent | a73f3ba91f15e08d6a7ec8cf0408aed517d22bb1 (diff) | |
Merge branch '2022-06-23-fuzzing-and-asan-for-sandbox' into next
To quote the author:
This series introduces ASAN and a basic fuzzing infrastructure that
works with sandbox. The example fuzz test towards the end of the series
will find something pretty quickly. That something is fixed by the
series "virtio: Harden and test vring" that needs to be applied for the
final patch in this series.
There is some refactoring to stop using '.' prefixed sections. ELF
defines sections with names that contain anything that isn't
alphanumeric or an underscore as being for system use which means
clang's ASAN instrumentation happily add redzones between the contained
objects. That's not what we want for things like linker lists where the
linker script has carefully placed the sections contiguously. By
renaming the sections, clang sees them as user sections and doesn't add
instrumentation.
ASAN is left disabled by default as there are still some tests that it
triggers on and will need some more investigation to fix. It can be
enabled with CONFIG_ASAN or passing `-a ASAN` to buildman.
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/Kconfig | 2 | ||||
| -rw-r--r-- | drivers/Makefile | 1 | ||||
| -rw-r--r-- | drivers/fuzz/Kconfig | 17 | ||||
| -rw-r--r-- | drivers/fuzz/Makefile | 8 | ||||
| -rw-r--r-- | drivers/fuzz/fuzzing_engine-uclass.c | 28 | ||||
| -rw-r--r-- | drivers/fuzz/sandbox_fuzzing_engine.c | 35 | ||||
| -rw-r--r-- | drivers/serial/sandbox.c | 2 |
7 files changed, 92 insertions, 1 deletions
diff --git a/drivers/Kconfig b/drivers/Kconfig index b26ca8cf70c..8b6fead3510 100644 --- a/drivers/Kconfig +++ b/drivers/Kconfig @@ -40,6 +40,8 @@ source "drivers/fastboot/Kconfig" source "drivers/firmware/Kconfig" +source "drivers/fuzz/Kconfig" + source "drivers/fpga/Kconfig" source "drivers/gpio/Kconfig" diff --git a/drivers/Makefile b/drivers/Makefile index 67c8af74424..d63fd1c04d1 100644 --- a/drivers/Makefile +++ b/drivers/Makefile @@ -115,6 +115,7 @@ obj-$(CONFIG_W1) += w1/ obj-$(CONFIG_W1_EEPROM) += w1-eeprom/ obj-$(CONFIG_MACH_PIC32) += ddr/microchip/ +obj-$(CONFIG_FUZZ) += fuzz/ obj-$(CONFIG_DM_HWSPINLOCK) += hwspinlock/ obj-$(CONFIG_DM_RNG) += rng/ endif diff --git a/drivers/fuzz/Kconfig b/drivers/fuzz/Kconfig new file mode 100644 index 00000000000..6311385222f --- /dev/null +++ b/drivers/fuzz/Kconfig @@ -0,0 +1,17 @@ +config DM_FUZZING_ENGINE + bool "Driver support for fuzzing engine devices" + depends on DM + help + Enable driver model for fuzzing engine devices. This interface is + used to get fuzzing inputs from a fuzzing engine. + +if DM_FUZZING_ENGINE + +config FUZZING_ENGINE_SANDBOX + bool "Sanbox fuzzing engine" + depends on SANDBOX + default y + help + Enable fuzzing engine for sandbox. + +endif diff --git a/drivers/fuzz/Makefile b/drivers/fuzz/Makefile new file mode 100644 index 00000000000..073743ba946 --- /dev/null +++ b/drivers/fuzz/Makefile @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2022 Google, Inc. +# Written by Andrew Scull <[email protected]> +# + +obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o +obj-$(CONFIG_FUZZING_ENGINE_SANDBOX) += sandbox_fuzzing_engine.o diff --git a/drivers/fuzz/fuzzing_engine-uclass.c b/drivers/fuzz/fuzzing_engine-uclass.c new file mode 100644 index 00000000000..b16f1c4cfb7 --- /dev/null +++ b/drivers/fuzz/fuzzing_engine-uclass.c @@ -0,0 +1,28 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <[email protected]> + */ + +#define LOG_CATEGORY UCLASS_FUZZING_ENGINE + +#include <common.h> +#include <dm.h> +#include <fuzzing_engine.h> + +int dm_fuzzing_engine_get_input(struct udevice *dev, + const uint8_t **data, + size_t *size) +{ + const struct dm_fuzzing_engine_ops *ops = device_get_ops(dev); + + if (!ops->get_input) + return -ENOSYS; + + return ops->get_input(dev, data, size); +} + +UCLASS_DRIVER(fuzzing_engine) = { + .name = "fuzzing_engine", + .id = UCLASS_FUZZING_ENGINE, +}; diff --git a/drivers/fuzz/sandbox_fuzzing_engine.c b/drivers/fuzz/sandbox_fuzzing_engine.c new file mode 100644 index 00000000000..ebb938e5ba8 --- /dev/null +++ b/drivers/fuzz/sandbox_fuzzing_engine.c @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <[email protected]> + */ + +#include <common.h> +#include <dm.h> +#include <fuzzing_engine.h> +#include <asm/fuzzing_engine.h> + +static int get_input(struct udevice *dev, + const uint8_t **data, + size_t *size) +{ + return sandbox_fuzzing_engine_get_input(data, size); +} + +static const struct dm_fuzzing_engine_ops sandbox_fuzzing_engine_ops = { + .get_input = get_input, +}; + +static const struct udevice_id sandbox_fuzzing_engine_match[] = { + { + .compatible = "sandbox,fuzzing-engine", + }, + {}, +}; + +U_BOOT_DRIVER(sandbox_fuzzing_engine) = { + .name = "sandbox-fuzzing-engine", + .id = UCLASS_FUZZING_ENGINE, + .of_match = sandbox_fuzzing_engine_match, + .ops = &sandbox_fuzzing_engine_ops, +}; diff --git a/drivers/serial/sandbox.c b/drivers/serial/sandbox.c index e726e19c46f..13b54921c41 100644 --- a/drivers/serial/sandbox.c +++ b/drivers/serial/sandbox.c @@ -114,7 +114,7 @@ static ssize_t sandbox_serial_puts(struct udevice *dev, const char *s, struct sandbox_serial_priv *priv = dev_get_priv(dev); ssize_t ret; - if (s[len - 1] == '\n') + if (len && s[len - 1] == '\n') priv->start_of_line = true; if (sandbox_serial_enabled) { |