diff options
| author | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2022-06-23 14:24:24 -0400 |
| commit | 3e00721b3b8fed05a99cfcde5b4fdc210f0b33ab (patch) | |
| tree | 7a942f93d9884d9c1fd7b905c1a2078f8207d18b /include/test | |
| parent | 9121478ee6f2aee381f8fe49d8997d43527d351a (diff) | |
| parent | a73f3ba91f15e08d6a7ec8cf0408aed517d22bb1 (diff) | |
Merge branch '2022-06-23-fuzzing-and-asan-for-sandbox' into next
To quote the author:
This series introduces ASAN and a basic fuzzing infrastructure that
works with sandbox. The example fuzz test towards the end of the series
will find something pretty quickly. That something is fixed by the
series "virtio: Harden and test vring" that needs to be applied for the
final patch in this series.
There is some refactoring to stop using '.' prefixed sections. ELF
defines sections with names that contain anything that isn't
alphanumeric or an underscore as being for system use which means
clang's ASAN instrumentation happily add redzones between the contained
objects. That's not what we want for things like linker lists where the
linker script has carefully placed the sections contiguously. By
renaming the sections, clang sees them as user sections and doesn't add
instrumentation.
ASAN is left disabled by default as there are still some tests that it
triggers on and will need some more investigation to fix. It can be
enabled with CONFIG_ASAN or passing `-a ASAN` to buildman.
Diffstat (limited to 'include/test')
| -rw-r--r-- | include/test/fuzz.h | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/include/test/fuzz.h b/include/test/fuzz.h new file mode 100644 index 00000000000..d4c57540eb3 --- /dev/null +++ b/include/test/fuzz.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <[email protected]> + */ + +#ifndef __TEST_FUZZ_H +#define __TEST_FUZZ_H + +#include <linker_lists.h> +#include <linux/types.h> + +/** + * struct fuzz_test - Information about a fuzz test + * + * @name: Name of fuzz test + * @func: Function to call to perform fuzz test on an input + * @flags: Flags indicate pre-conditions for fuzz test + */ +struct fuzz_test { + const char *name; + int (*func)(const uint8_t * data, size_t size); + int flags; +}; + +/** + * FUZZ_TEST() - register a fuzz test + * + * The fuzz test function must return 0 as other values are reserved for future + * use. + * + * @_name: the name of the fuzz test function + * @_flags: an integer field that can be evaluated by the fuzzer + * implementation + */ +#define FUZZ_TEST(_name, _flags) \ + ll_entry_declare(struct fuzz_test, _name, fuzz_tests) = { \ + .name = #_name, \ + .func = _name, \ + .flags = _flags, \ + } + +/** Get the start of the list of fuzz tests */ +#define FUZZ_TEST_START() \ + ll_entry_start(struct fuzz_test, fuzz_tests) + +/** Get the number of elements in the list of fuzz tests */ +#define FUZZ_TEST_COUNT() \ + ll_entry_count(struct fuzz_test, fuzz_tests) + +#endif /* __TEST_FUZZ_H */ |