From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id A075FC433F5
	for <u-boot@archiver.kernel.org>; Thu, 14 Apr 2022 14:01:19 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 4037B83EDD;
	Thu, 14 Apr 2022 16:00:38 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="leAVGxQp";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id 8BD8B83EC3; Thu, 14 Apr 2022 16:00:15 +0200 (CEST)
Received: from mail-wm1-x349.google.com (mail-wm1-x349.google.com
 [IPv6:2a00:1450:4864:20::349])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id E7D8283EAE
 for <u-boot@lists.denx.de>; Thu, 14 Apr 2022 15:59:59 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=33yhYYgYKBqoKcMeVVQYYQVO.MYWe-LYYdVScdc.NOXh.NO@flex--ascull.bounces.google.com
Received: by mail-wm1-x349.google.com with SMTP id
 g9-20020a1c4e09000000b0038f20d94f01so2333483wmh.8
 for <u-boot@lists.denx.de>; Thu, 14 Apr 2022 06:59:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=Uj0+diuVhJqjZ+utog7ChvGXob2y1EWem78CaS3IetQ=;
 b=leAVGxQpmC1yHke0cgL7tYwmb2h4JqNu00En3rQ67gNEhGiw3g0bblBmyIkDQiKvQ2
 j4FTkbkoeKECcPYt0Qfd7BE6TG0ztIWFrlz3oiGkwl3COifuHs/L4EY25JuaNdm/q2VH
 hfdcQJmLWxpkV2ynqvetJdoXGjYQYZp7Gy5Z3jU3MG1WX4GSNJLUDRzAdbah84GrxlgB
 zYcDE8bhQ2v92lQEFrwspSt0ladO0sk/ticFf44mPSN45tD8NbSJVGqqq/8dcqtpgNRp
 zbAE3Vi675YZd6xLGnH4hCz16zDUOovUBFdcWPsuck0zHGmSa2/wU9bDrxySBh0crkJ/
 aZAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=Uj0+diuVhJqjZ+utog7ChvGXob2y1EWem78CaS3IetQ=;
 b=6lps+FlQOjbyUfjNh+VLSfgGt20WTrmtKsmOHaY2zog70pY4owDY9g5ON1u5IqUnAq
 890gE9i8x+CFKVNq2qL0tRIDraBYxyydyowk370t//FxjyJ9o/9VLXVsMs/aLpizZEzG
 cR0gKwyypso37y8+c6ZXggTH4ZXaKLZ/aF95pV41UI93ajl6Q0zeNh3/KOQ4fn8CV2sZ
 UpJhQ6oguOfXEtQGM+/XCmI3N1kPVcPiZ/s+oTHVmtWaQc5/oRwJA+q9nKsl4/k/gA0a
 3h58tCdre6WEw1E0HPbcj/TKuXWGhBuUKErXogNolgC971OW3I5mG+XUbYwhpeb7qxF7
 BazA==
X-Gm-Message-State: AOAM531YkMDezGXS6fPBWnfONyNiVzwg3QYc4FJ1YcqMA0QW+ICnEKGK
 YzMGpaoj6oHEoh3zjaiathPYkFpPDxcvRoJQvcOAGQlDiHJZP+e2yzqTVxPQ6pkEsi6VJFkMcH8
 ejqkzed0oj0BOmfnupyXj06w3xmMBxf3UMpxW/KrN/tJvJsOIE+HbKfC1X6M=
X-Google-Smtp-Source: ABdhPJyaPFbamjGXoBuXXztNsIfC4BBWvjk7yVl/9IDbY7/V4A/FPMvSuKjonTUNrqZL3MmtBcEhvw04utQ=
X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510])
 (user=ascull job=sendgmr) by 2002:a7b:c105:0:b0:38e:b992:a035 with SMTP id
 w5-20020a7bc105000000b0038eb992a035mr3337875wmi.106.1649944799483; Thu, 14
 Apr 2022 06:59:59 -0700 (PDT)
Date: Thu, 14 Apr 2022 13:59:36 +0000
In-Reply-To: <20220414135941.1732585-1-ascull@google.com>
Message-Id: <20220414135941.1732585-8-ascull@google.com>
Mime-Version: 1.0
References: <20220414135941.1732585-1-ascull@google.com>
X-Mailer: git-send-email 2.35.1.1178.g4f1659d476-goog
Subject: [PATCH v2 07/12] test: fuzz: Add framework for fuzzing
From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, xypron.glpk@gmx.de, Andrew Scull <ascull@google.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 Kconfig              |  9 +++++
 include/test/fuzz.h  | 51 +++++++++++++++++++++++++++
 test/Makefile        |  1 +
 test/fuzz/Makefile   |  7 ++++
 test/fuzz/cmd_fuzz.c | 82 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 150 insertions(+)
 create mode 100644 include/test/fuzz.h
 create mode 100644 test/fuzz/Makefile
 create mode 100644 test/fuzz/cmd_fuzz.c

diff --git a/Kconfig b/Kconfig
index a2577bcce6..1d472a7862 100644
--- a/Kconfig
+++ b/Kconfig
@@ -161,6 +161,15 @@ config ASAN
 	  Enables AddressSanitizer to discover out-of-bounds accesses,
 	  use-after-free, double-free and memory leaks.
 
+config FUZZ
+	bool "Enable fuzzing"
+	depends on CC_IS_CLANG
+	depends on DM_FUZZING_ENGINE
+	select ASAN
+	help
+	  Enables the fuzzing infrastructure to generate fuzzing data and run
+          fuzz tests.
+
 config CC_HAS_ASM_INLINE
 	def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
 
diff --git a/include/test/fuzz.h b/include/test/fuzz.h
new file mode 100644
index 0000000000..d4c57540eb
--- /dev/null
+++ b/include/test/fuzz.h
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#ifndef __TEST_FUZZ_H
+#define __TEST_FUZZ_H
+
+#include <linker_lists.h>
+#include <linux/types.h>
+
+/**
+ * struct fuzz_test - Information about a fuzz test
+ *
+ * @name: Name of fuzz test
+ * @func: Function to call to perform fuzz test on an input
+ * @flags: Flags indicate pre-conditions for fuzz test
+ */
+struct fuzz_test {
+	const char *name;
+	int (*func)(const uint8_t * data, size_t size);
+	int flags;
+};
+
+/**
+ * FUZZ_TEST() - register a fuzz test
+ *
+ * The fuzz test function must return 0 as other values are reserved for future
+ * use.
+ *
+ * @_name:	the name of the fuzz test function
+ * @_flags:	an integer field that can be evaluated by the fuzzer
+ * 		implementation
+ */
+#define FUZZ_TEST(_name, _flags)					\
+	ll_entry_declare(struct fuzz_test, _name, fuzz_tests) = {	\
+		.name = #_name,						\
+		.func = _name,						\
+		.flags = _flags,					\
+	}
+
+/** Get the start of the list of fuzz tests */
+#define FUZZ_TEST_START() \
+	ll_entry_start(struct fuzz_test, fuzz_tests)
+
+/** Get the number of elements in the list of fuzz tests */
+#define FUZZ_TEST_COUNT() \
+	ll_entry_count(struct fuzz_test, fuzz_tests)
+
+#endif /* __TEST_FUZZ_H */
diff --git a/test/Makefile b/test/Makefile
index b3b2902e2e..bb2b0b5c73 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -16,6 +16,7 @@ obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += command_ut.o
 obj-$(CONFIG_$(SPL_)UT_COMPRESSION) += compression.o
 obj-y += dm/
+obj-$(CONFIG_FUZZ) += fuzz/
 obj-$(CONFIG_$(SPL_)CMDLINE) += print_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += str_ut.o
 obj-$(CONFIG_UT_TIME) += time_ut.o
diff --git a/test/fuzz/Makefile b/test/fuzz/Makefile
new file mode 100644
index 0000000000..03eeeeb497
--- /dev/null
+++ b/test/fuzz/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2022 Google, Inc.
+# Written by Andrew Scull <ascull@google.com>
+#
+
+obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_fuzz.o
diff --git a/test/fuzz/cmd_fuzz.c b/test/fuzz/cmd_fuzz.c
new file mode 100644
index 0000000000..0cc01dc199
--- /dev/null
+++ b/test/fuzz/cmd_fuzz.c
@@ -0,0 +1,82 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#include <command.h>
+#include <common.h>
+#include <dm.h>
+#include <fuzzing_engine.h>
+#include <test/fuzz.h>
+
+static struct fuzz_test *find_fuzz_test(const char *name)
+{
+	struct fuzz_test *fuzzer = FUZZ_TEST_START();
+	size_t count = FUZZ_TEST_COUNT();
+	size_t i;
+
+	for (i = 0; i < count; ++i) {
+		if (strcmp(name, fuzzer->name) == 0)
+			return fuzzer;
+		++fuzzer;
+	}
+
+	return NULL;
+}
+
+static struct udevice *find_fuzzing_engine(void)
+{
+	struct udevice *dev;
+
+	if (uclass_first_device(UCLASS_FUZZING_ENGINE, &dev))
+		return NULL;
+
+	return dev;
+}
+
+static int do_fuzz(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	struct fuzz_test *fuzzer;
+	struct udevice *dev;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+
+	fuzzer = find_fuzz_test(argv[1]);
+	if (!fuzzer) {
+		printf("Could not find fuzzer: %s\n", argv[1]);
+		return 1;
+	}
+
+	dev = find_fuzzing_engine();
+	if (!dev) {
+		puts("No fuzzing engine available\n");
+		return 1;
+	}
+
+	while (1) {
+		const uint8_t *data;
+		size_t size;
+
+		if (dm_fuzzing_engine_get_input(dev, &data, &size)) {
+			puts("Fuzzing engine failed\n");
+			return 1;
+		}
+
+		fuzzer->func(data, size);
+	}
+
+	return 1;
+}
+
+#ifdef CONFIG_SYS_LONGHELP
+static char fuzz_help_text[] =
+	"[fuzz-test-name] - execute the named fuzz test\n"
+	;
+#endif /* CONFIG_SYS_LONGHELP */
+
+U_BOOT_CMD(
+	fuzz, CONFIG_SYS_MAXARGS, 1, do_fuzz,
+	"fuzz tests", fuzz_help_text
+);
-- 
2.35.1.1178.g4f1659d476-goog