From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 47872C433F5
	for <u-boot@archiver.kernel.org>; Thu,  7 Apr 2022 09:42:58 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 0703583C63;
	Thu,  7 Apr 2022 11:42:34 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="kgf0hcxa";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id C742E83CEF; Thu,  7 Apr 2022 11:41:57 +0200 (CEST)
Received: from mail-wr1-x44a.google.com (mail-wr1-x44a.google.com
 [IPv6:2a00:1450:4864:20::44a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 78C7083C63
 for <u-boot@lists.denx.de>; Thu,  7 Apr 2022 11:41:45 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=32bFOYgYKBpAuCwE5508805y.w86E-v88D52CDC.xy7H.xy@flex--ascull.bounces.google.com
Received: by mail-wr1-x44a.google.com with SMTP id
 h16-20020adfaa90000000b002061894030bso1092587wrc.0
 for <u-boot@lists.denx.de>; Thu, 07 Apr 2022 02:41:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=ar6lfJkWR5t87woJ/pVhlKEyV1meKKJu2a2Xj/kRX+Y=;
 b=kgf0hcxahcC50vxngOKMeGMKoQluaLLG0dYHKasqW6o2XSfLuWNady4tS64Xk2fdTT
 +c47H5UWvwcF1pIKWk+tFOnX8RUEC5iSTb2CkC5bIXD2Eh6EldM8pkhHu/XICWRvwHK4
 VysGdv8nymAHKEhGZZRsvuNhO+AWCwLeqlU1qGo7xx+avdVTdR/5jw041TnAqvRNCpki
 tHaeFnhGlpG8OvN+te7nIVwlSSoR1/8xsqnJJmK0+iUCk3pVIJPBPAtc+lBJx2eNII9F
 69sbO9lh6SeE8l2q4wZ0AZKnEffNHC83nN/tpzqbaXuBNpNE32ft0LnwgZvVoHacwyem
 RPSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=ar6lfJkWR5t87woJ/pVhlKEyV1meKKJu2a2Xj/kRX+Y=;
 b=gRGvoy+BwLIgCHV4Jq2Rbhm3PNLMHoK/BWxxMtUuFogkxy/6TDoaRBIWN73/BeOVAz
 BUH0v9Xakv1XBAyt770MfGmEjHyGTgYuzyAle7OLEAv+IOl4scAz+7+94xPUznxKDV0d
 F8P1bwpeaE3+SpO3jdXTDTkKqNUL60bLcElyxhQykLWsstJO3LYHhtPvCvnrysPLZEmv
 MroW8vfbhJkSYjmbwO6HQfamu/Th+OGQlz7WZpADQ+vO2J7JH7tyAQJsksRIbqpy8Roo
 dewRWPcEt32Ki0Pgaa1+qGWoSpiG6+wGUD3s475mTheT4DjuW6pWfgYIQc9PxeZAxxXc
 XcDA==
X-Gm-Message-State: AOAM530Vmumv8uH61wDF0Kbx9dgG67Rh1dGH3/fg/eMqzAst9Y7bf1vU
 46LALJ2Fy3dwxz2ItXlHeJTjJLvxxYFdkdf2B4Epnp/kmsjCuAx6U2gE8Fq7dfqf4jMH0XQT37F
 aVRFmIc5/2bNEXOepuIbd++sR4dMmbK8nmugcwZQr4aFuQDotterWmfG4Cvk=
X-Google-Smtp-Source: ABdhPJyxY4wMlEDle0qrB7Iho/lIqVWqkdfbsVEmaVlQL5QtInV/qljh2bV0SfouCeafSQO2LHle/4AtdjE=
X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510])
 (user=ascull job=sendgmr) by 2002:a05:600c:34c9:b0:38c:15a1:eb7c with SMTP id
 d9-20020a05600c34c900b0038c15a1eb7cmr11718976wmq.191.1649324505065; Thu, 07
 Apr 2022 02:41:45 -0700 (PDT)
Date: Thu,  7 Apr 2022 09:41:18 +0000
In-Reply-To: <20220407094123.1752236-1-ascull@google.com>
Message-Id: <20220407094123.1752236-7-ascull@google.com>
Mime-Version: 1.0
References: <20220407094123.1752236-1-ascull@google.com>
X-Mailer: git-send-email 2.35.1.1094.g7c7d902a7c-goog
Subject: [PATCH 06/11] test: fuzz: Add framework for fuzzing
From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, seanga2@gmail.com, Andrew Scull <ascull@google.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.

Signed-off-by: Andrew Scull <ascull@google.com>
---
 Kconfig              |  8 +++++
 include/test/fuzz.h  | 51 +++++++++++++++++++++++++++
 test/Makefile        |  1 +
 test/fuzz/Makefile   |  7 ++++
 test/fuzz/cmd_fuzz.c | 82 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 149 insertions(+)
 create mode 100644 include/test/fuzz.h
 create mode 100644 test/fuzz/Makefile
 create mode 100644 test/fuzz/cmd_fuzz.c

diff --git a/Kconfig b/Kconfig
index ae7e92611d..ce0a69d6aa 100644
--- a/Kconfig
+++ b/Kconfig
@@ -144,6 +144,14 @@ config ASAN
 	  Enables AddressSanitizer to discover out-of-bounds accesses,
 	  use-after-free, double-free and memory leaks.
 
+config FUZZ
+	bool "Enable fuzzing"
+	depends on DM_FUZZING_ENGINE
+	select ASAN
+	help
+	  Enables the fuzzing infrastructure to generate fuzzing data and run
+          fuzz tests.
+
 config CC_HAS_ASM_INLINE
 	def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
 
diff --git a/include/test/fuzz.h b/include/test/fuzz.h
new file mode 100644
index 0000000000..d4c57540eb
--- /dev/null
+++ b/include/test/fuzz.h
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#ifndef __TEST_FUZZ_H
+#define __TEST_FUZZ_H
+
+#include <linker_lists.h>
+#include <linux/types.h>
+
+/**
+ * struct fuzz_test - Information about a fuzz test
+ *
+ * @name: Name of fuzz test
+ * @func: Function to call to perform fuzz test on an input
+ * @flags: Flags indicate pre-conditions for fuzz test
+ */
+struct fuzz_test {
+	const char *name;
+	int (*func)(const uint8_t * data, size_t size);
+	int flags;
+};
+
+/**
+ * FUZZ_TEST() - register a fuzz test
+ *
+ * The fuzz test function must return 0 as other values are reserved for future
+ * use.
+ *
+ * @_name:	the name of the fuzz test function
+ * @_flags:	an integer field that can be evaluated by the fuzzer
+ * 		implementation
+ */
+#define FUZZ_TEST(_name, _flags)					\
+	ll_entry_declare(struct fuzz_test, _name, fuzz_tests) = {	\
+		.name = #_name,						\
+		.func = _name,						\
+		.flags = _flags,					\
+	}
+
+/** Get the start of the list of fuzz tests */
+#define FUZZ_TEST_START() \
+	ll_entry_start(struct fuzz_test, fuzz_tests)
+
+/** Get the number of elements in the list of fuzz tests */
+#define FUZZ_TEST_COUNT() \
+	ll_entry_count(struct fuzz_test, fuzz_tests)
+
+#endif /* __TEST_FUZZ_H */
diff --git a/test/Makefile b/test/Makefile
index b3b2902e2e..bb2b0b5c73 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -16,6 +16,7 @@ obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += command_ut.o
 obj-$(CONFIG_$(SPL_)UT_COMPRESSION) += compression.o
 obj-y += dm/
+obj-$(CONFIG_FUZZ) += fuzz/
 obj-$(CONFIG_$(SPL_)CMDLINE) += print_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += str_ut.o
 obj-$(CONFIG_UT_TIME) += time_ut.o
diff --git a/test/fuzz/Makefile b/test/fuzz/Makefile
new file mode 100644
index 0000000000..03eeeeb497
--- /dev/null
+++ b/test/fuzz/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2022 Google, Inc.
+# Written by Andrew Scull <ascull@google.com>
+#
+
+obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_fuzz.o
diff --git a/test/fuzz/cmd_fuzz.c b/test/fuzz/cmd_fuzz.c
new file mode 100644
index 0000000000..0cc01dc199
--- /dev/null
+++ b/test/fuzz/cmd_fuzz.c
@@ -0,0 +1,82 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#include <command.h>
+#include <common.h>
+#include <dm.h>
+#include <fuzzing_engine.h>
+#include <test/fuzz.h>
+
+static struct fuzz_test *find_fuzz_test(const char *name)
+{
+	struct fuzz_test *fuzzer = FUZZ_TEST_START();
+	size_t count = FUZZ_TEST_COUNT();
+	size_t i;
+
+	for (i = 0; i < count; ++i) {
+		if (strcmp(name, fuzzer->name) == 0)
+			return fuzzer;
+		++fuzzer;
+	}
+
+	return NULL;
+}
+
+static struct udevice *find_fuzzing_engine(void)
+{
+	struct udevice *dev;
+
+	if (uclass_first_device(UCLASS_FUZZING_ENGINE, &dev))
+		return NULL;
+
+	return dev;
+}
+
+static int do_fuzz(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	struct fuzz_test *fuzzer;
+	struct udevice *dev;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+
+	fuzzer = find_fuzz_test(argv[1]);
+	if (!fuzzer) {
+		printf("Could not find fuzzer: %s\n", argv[1]);
+		return 1;
+	}
+
+	dev = find_fuzzing_engine();
+	if (!dev) {
+		puts("No fuzzing engine available\n");
+		return 1;
+	}
+
+	while (1) {
+		const uint8_t *data;
+		size_t size;
+
+		if (dm_fuzzing_engine_get_input(dev, &data, &size)) {
+			puts("Fuzzing engine failed\n");
+			return 1;
+		}
+
+		fuzzer->func(data, size);
+	}
+
+	return 1;
+}
+
+#ifdef CONFIG_SYS_LONGHELP
+static char fuzz_help_text[] =
+	"[fuzz-test-name] - execute the named fuzz test\n"
+	;
+#endif /* CONFIG_SYS_LONGHELP */
+
+U_BOOT_CMD(
+	fuzz, CONFIG_SYS_MAXARGS, 1, do_fuzz,
+	"fuzz tests", fuzz_help_text
+);
-- 
2.35.1.1094.g7c7d902a7c-goog