diff options
| author | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
| commit | 3e00721b3b8fed05a99cfcde5b4fdc210f0b33ab (patch) | |
| tree | 7a942f93d9884d9c1fd7b905c1a2078f8207d18b /include/fuzzing_engine.h | |
| parent | 9121478ee6f2aee381f8fe49d8997d43527d351a (diff) | |
| parent | a73f3ba91f15e08d6a7ec8cf0408aed517d22bb1 (diff) | |
Merge branch '2022-06-23-fuzzing-and-asan-for-sandbox' into next
To quote the author:
This series introduces ASAN and a basic fuzzing infrastructure that
works with sandbox. The example fuzz test towards the end of the series
will find something pretty quickly. That something is fixed by the
series "virtio: Harden and test vring" that needs to be applied for the
final patch in this series.
There is some refactoring to stop using '.' prefixed sections. ELF
defines sections with names that contain anything that isn't
alphanumeric or an underscore as being for system use which means
clang's ASAN instrumentation happily add redzones between the contained
objects. That's not what we want for things like linker lists where the
linker script has carefully placed the sections contiguously. By
renaming the sections, clang sees them as user sections and doesn't add
instrumentation.
ASAN is left disabled by default as there are still some tests that it
triggers on and will need some more investigation to fix. It can be
enabled with CONFIG_ASAN or passing `-a ASAN` to buildman.
Diffstat (limited to 'include/fuzzing_engine.h')
| -rw-r--r-- | include/fuzzing_engine.h | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/include/fuzzing_engine.h b/include/fuzzing_engine.h new file mode 100644 index 00000000000..357346e93df --- /dev/null +++ b/include/fuzzing_engine.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <[email protected]> + */ + +#ifndef __FUZZING_ENGINE_H +#define __FUZZING_ENGINE_H + +struct udevice; + +/** + * dm_fuzzing_engine_get_input() - get an input from the fuzzing engine device + * + * The function will return a pointer to the input data and the size of the + * data pointed to. The pointer will remain valid until the next invocation of + * this function. + * + * @dev: fuzzing engine device + * @data: output pointer to input data + * @size output size of input data + * Return: 0 if OK, -ve on error + */ +int dm_fuzzing_engine_get_input(struct udevice *dev, + const uint8_t **data, + size_t *size); + +/** + * struct dm_fuzzing_engine_ops - operations for the fuzzing engine uclass + * + * This contains the functions implemented by a fuzzing engine device. + */ +struct dm_fuzzing_engine_ops { + /** + * @get_input() - get an input + * + * The function will return a pointer to the input data and the size of + * the data pointed to. The pointer will remain valid until the next + * invocation of this function. + * + * @get_input.dev: fuzzing engine device + * @get_input.data: output pointer to input data + * @get_input.size output size of input data + * @get_input.Return: 0 if OK, -ve on error + */ + int (*get_input)(struct udevice *dev, + const uint8_t **data, + size_t *size); +}; + +#endif /* __FUZZING_ENGINE_H */ |