Difuse/u-boot
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sandbox: Implement fuzzing engine driver

Browse source 
Add a fuzzing engine driver for the sandbox to take inputs from
libfuzzer and expose them to the fuzz tests.

Signed-off-by: Andrew Scull <ascull@google.com>
This commit is contained in:
Andrew Scull 2022-05-30 10:00:12 +00:00 committed by Tom Rini
parent d9962b12f2
commit 0518e7a28f
5 changed files with 54 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
arch/Kconfig
View file

@ -135,6 +135,7 @@ config SANDBOX
select BZIP2 select BZIP2
select CMD_POWEROFF select CMD_POWEROFF
select DM select DM
select DM_FUZZING_ENGINE
select DM_GPIO select DM_GPIO
select DM_I2C select DM_I2C
select DM_KEYBOARD select DM_KEYBOARD
@ -170,6 +171,7 @@ config SANDBOX
imply CRC32_VERIFY imply CRC32_VERIFY
imply FAT_WRITE imply FAT_WRITE
imply FIRMWARE imply FIRMWARE
imply FUZZING_ENGINE_SANDBOX
imply HASH_VERIFY imply HASH_VERIFY
imply LZMA imply LZMA
imply TEE imply TEE

4
arch/sandbox/dts/test.dts
View file

@ -92,6 +92,10 @@
}; };
}; };
fuzzing-engine {
compatible = "sandbox,fuzzing-engine";
};
reboot-mode0 { reboot-mode0 {
compatible = "reboot-mode-gpio"; compatible = "reboot-mode-gpio";
gpios = <&gpio_c 0 GPIO_ACTIVE_HIGH>, <&gpio_c 1 GPIO_ACTIVE_HIGH>; gpios = <&gpio_c 0 GPIO_ACTIVE_HIGH>, <&gpio_c 1 GPIO_ACTIVE_HIGH>;

16
drivers/fuzz/Kconfig
View file

@ -3,7 +3,15 @@ config DM_FUZZING_ENGINE
depends on DM depends on DM
help help
Enable driver model for fuzzing engine devices. This interface is Enable driver model for fuzzing engine devices. This interface is
used to get successive inputs from a fuzzing engine that aims to used to get fuzzing inputs from a fuzzing engine.
explore different code paths in a fuzz test. The fuzzing engine may
be instrumenting the execution in order to more effectively generate if DM_FUZZING_ENGINE
inputs that explore different code paths.
config FUZZING_ENGINE_SANDBOX
bool "Sanbox fuzzing engine"
depends on SANDBOX
default y
help
Enable fuzzing engine for sandbox.
endif

1
drivers/fuzz/Makefile
View file

@ -5,3 +5,4 @@
# #
obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o
obj-$(CONFIG_FUZZING_ENGINE_SANDBOX) += sandbox_fuzzing_engine.o

35
drivers/fuzz/sandbox_fuzzing_engine.c Normal file
View file

@ -0,0 +1,35 @@
/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright (c) 2022 Google, Inc.
* Written by Andrew Scull <ascull@google.com>
*/
#include <common.h>
#include <dm.h>
#include <fuzzing_engine.h>
#include <asm/fuzzing_engine.h>
static int get_input(struct udevice *dev,
const uint8_t **data,
size_t *size)
{
return sandbox_fuzzing_engine_get_input(data, size);
}
static const struct dm_fuzzing_engine_ops sandbox_fuzzing_engine_ops = {
.get_input = get_input,
};
static const struct udevice_id sandbox_fuzzing_engine_match[] = {
{
.compatible = "sandbox,fuzzing-engine",
},
{},
};
U_BOOT_DRIVER(sandbox_fuzzing_engine) = {
.name = "sandbox-fuzzing-engine",
.id = UCLASS_FUZZING_ENGINE,
.of_match = sandbox_fuzzing_engine_match,
.ops = &sandbox_fuzzing_engine_ops,
};