From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, xypron.glpk@gmx.de, Andrew Scull <ascull@google.com>
Subject: [PATCH 00/11] Fuzzing and ASAN for sandbox
Date: Thu, 14 Apr 2022 13:59:29 +0000 [thread overview]
Message-ID: <20220414135941.1732585-1-ascull@google.com> (raw)
This series sets up a basic fuzzing infrastructure that works with
sandbox. The example fuzz test towards the end of the series will find
something pretty quickly. That something is fixed by the series
"virtio: Harden and test vring" that needs to be applied for the final
patch in this series.
There is some refactoring to stop using '.' prefixed sections that elf
defines as being for system use and clang's ASAN instrumentation happily
adds redzones between, but that's not what we want for things like
linker lists where the linker script has carefully placed the sections
contiguously.
It may require patches from the "Fix misc ASAN reports" series to be
applied as I've already dealt with the first set of ASAN reports from
running the tests.
From v1:
- corrected handling of EFI symbols by sandbox linker script
- per comments, some renaming and explaining
- dropped RFC for dlmalloc ASAN instrumentation (work required to improve it)
- added patch to reduce logging noise in fuzzer
Andrew Scull (12):
sandbox: Fix EFI runtime symbol placement
sandbox: Rename EFI runtime sections
sandbox: Migrate getopt section to linker list
linker_lists: Rename sections to remove . prefix
sandbox: Add support for Address Sanitizer
fuzzing_engine: Add fuzzing engine uclass
test: fuzz: Add framework for fuzzing
sandbox: Decouple program entry from sandbox init
sandbox: Add libfuzzer integration
sandbox: Implement fuzzing engine driver
fuzz: virtio: Add fuzzer for vring
virtio_ring: Reduce logging noise
Kconfig | 16 +++
arch/Kconfig | 2 +
arch/arc/cpu/u-boot.lds | 4 +-
arch/arm/config.mk | 4 +-
arch/arm/cpu/arm926ejs/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv7/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot.lds | 4 +-
arch/arm/cpu/u-boot-spl.lds | 4 +-
arch/arm/cpu/u-boot.lds | 6 +-
arch/arm/mach-at91/arm926ejs/u-boot-spl.lds | 2 +-
arch/arm/mach-at91/armv7/u-boot-spl.lds | 2 +-
arch/arm/mach-omap2/u-boot-spl.lds | 4 +-
arch/arm/mach-orion5x/u-boot-spl.lds | 4 +-
arch/arm/mach-rockchip/u-boot-tpl-v8.lds | 4 +-
arch/arm/mach-zynq/u-boot-spl.lds | 4 +-
arch/arm/mach-zynq/u-boot.lds | 4 +-
arch/m68k/cpu/u-boot.lds | 4 +-
arch/microblaze/cpu/u-boot-spl.lds | 4 +-
arch/microblaze/cpu/u-boot.lds | 4 +-
arch/mips/config.mk | 2 +-
arch/mips/cpu/u-boot-spl.lds | 4 +-
arch/mips/cpu/u-boot.lds | 4 +-
arch/nds32/cpu/n1213/u-boot.lds | 4 +-
arch/nios2/cpu/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc83xx/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot.lds | 4 +-
arch/riscv/cpu/u-boot-spl.lds | 4 +-
arch/riscv/cpu/u-boot.lds | 4 +-
arch/sandbox/config.mk | 15 ++-
arch/sandbox/cpu/os.c | 97 ++++++++++++++++---
arch/sandbox/cpu/start.c | 12 +--
arch/sandbox/cpu/u-boot-spl.lds | 10 +-
arch/sandbox/cpu/u-boot.lds | 41 ++++----
arch/sandbox/dts/test.dts | 4 +
arch/sandbox/include/asm/fuzzing_engine.h | 25 +++++
arch/sandbox/include/asm/getopt.h | 19 ++--
arch/sandbox/include/asm/main.h | 18 ++++
arch/sandbox/include/asm/sections.h | 25 -----
arch/sandbox/lib/sections.c | 8 +-
arch/sh/cpu/u-boot.lds | 4 +-
arch/x86/cpu/u-boot-64.lds | 6 +-
arch/x86/cpu/u-boot-spl.lds | 6 +-
arch/x86/cpu/u-boot.lds | 6 +-
arch/x86/lib/elf_ia32_efi.lds | 4 +-
arch/x86/lib/elf_x86_64_efi.lds | 4 +-
arch/xtensa/cpu/u-boot.lds | 2 +-
arch/xtensa/include/asm/ldscript.h | 4 +-
board/compulab/cm_t335/u-boot.lds | 4 +-
board/cssi/MCR3000/u-boot.lds | 4 +-
.../davinci/da8xxevm/u-boot-spl-da850evm.lds | 2 +-
board/qualcomm/dragonboard820c/u-boot.lds | 4 +-
board/samsung/common/exynos-uboot-spl.lds | 4 +-
board/synopsys/iot_devkit/u-boot.lds | 4 +-
board/ti/am335x/u-boot.lds | 4 +-
board/vscom/baltos/u-boot.lds | 4 +-
configs/sandbox_defconfig | 1 +
doc/api/linker_lists.rst | 22 ++---
doc/develop/commands.rst | 4 +-
doc/develop/driver-model/of-plat.rst | 4 +-
drivers/Kconfig | 2 +
drivers/Makefile | 1 +
drivers/fuzz/Kconfig | 17 ++++
drivers/fuzz/Makefile | 8 ++
drivers/fuzz/fuzzing_engine-uclass.c | 28 ++++++
drivers/fuzz/sandbox_fuzzing_engine.c | 35 +++++++
drivers/virtio/virtio_ring.c | 4 +-
include/dm/uclass-id.h | 1 +
include/fuzzing_engine.h | 51 ++++++++++
include/linker_lists.h | 18 ++--
include/test/fuzz.h | 51 ++++++++++
test/Makefile | 1 +
test/fuzz/Makefile | 8 ++
test/fuzz/cmd_fuzz.c | 82 ++++++++++++++++
test/fuzz/virtio.c | 72 ++++++++++++++
78 files changed, 680 insertions(+), 204 deletions(-)
create mode 100644 arch/sandbox/include/asm/fuzzing_engine.h
create mode 100644 arch/sandbox/include/asm/main.h
create mode 100644 drivers/fuzz/Kconfig
create mode 100644 drivers/fuzz/Makefile
create mode 100644 drivers/fuzz/fuzzing_engine-uclass.c
create mode 100644 drivers/fuzz/sandbox_fuzzing_engine.c
create mode 100644 include/fuzzing_engine.h
create mode 100644 include/test/fuzz.h
create mode 100644 test/fuzz/Makefile
create mode 100644 test/fuzz/cmd_fuzz.c
create mode 100644 test/fuzz/virtio.c
--
2.35.1.1178.g4f1659d476-goog
next reply other threads:[~2022-04-14 13:59 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 13:59 Andrew Scull [this message]
2022-04-14 13:59 ` [PATCH v2 01/12] sandbox: Fix EFI runtime symbol placement Andrew Scull
2022-04-14 13:59 ` [PATCH v2 02/12] sandbox: Rename EFI runtime sections Andrew Scull
2022-04-14 13:59 ` [PATCH v2 03/12] sandbox: Migrate getopt section to linker list Andrew Scull
2022-04-29 15:11 ` Tom Rini
2022-05-02 16:24 ` Andrew Scull
2022-05-02 16:27 ` Tom Rini
2022-05-15 20:37 ` Andrew Scull
2022-05-16 10:47 ` Andrew Scull
2022-04-14 13:59 ` [PATCH v2 04/12] linker_lists: Rename sections to remove . prefix Andrew Scull
2022-05-17 8:06 ` Heinrich Schuchardt
2022-05-18 7:02 ` Andrew Scull
2022-04-14 13:59 ` [PATCH v2 05/12] sandbox: Add support for Address Sanitizer Andrew Scull
2022-04-14 13:59 ` [PATCH v2 06/12] fuzzing_engine: Add fuzzing engine uclass Andrew Scull
2022-04-14 13:59 ` [PATCH v2 07/12] test: fuzz: Add framework for fuzzing Andrew Scull
2022-04-14 13:59 ` [PATCH v2 08/12] sandbox: Decouple program entry from sandbox init Andrew Scull
2022-04-14 13:59 ` [PATCH v2 09/12] sandbox: Add libfuzzer integration Andrew Scull
2022-04-14 13:59 ` [PATCH v2 10/12] sandbox: Implement fuzzing engine driver Andrew Scull
2022-04-14 13:59 ` [PATCH v2 11/12] fuzz: virtio: Add fuzzer for vring Andrew Scull
2022-04-14 13:59 ` [PATCH v2 12/12] virtio_ring: Reduce logging noise Andrew Scull
-- strict thread matches above, loose matches on Subject: below --
2022-04-07 9:41 [PATCH 00/11] Fuzzing and ASAN for sandbox Andrew Scull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220414135941.1732585-1-ascull@google.com \
--to=ascull@google.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox