From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <u-boot-bounces@lists.denx.de>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.lore.kernel.org (Postfix) with ESMTPS id 9D860C433F5
	for <u-boot@archiver.kernel.org>; Mon, 30 May 2022 10:02:42 +0000 (UTC)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id E5E1D843DC;
	Mon, 30 May 2022 12:01:42 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="tN/+6366";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id D8AF684367; Mon, 30 May 2022 12:01:05 +0200 (CEST)
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 65248843D2
 for <u-boot@lists.denx.de>; Mon, 30 May 2022 12:00:48 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: phobos.denx.de; spf=pass
 smtp.mailfrom=3zpWUYgYKBmcFXHZQQLTTLQJ.HTRZ-GTTYQNXYX.IJSc.IJ@flex--ascull.bounces.google.com
Received: by mail-yb1-xb4a.google.com with SMTP id
 i204-20020a2522d5000000b006524ae5d7d7so9224948ybi.16
 for <u-boot@lists.denx.de>; Mon, 30 May 2022 03:00:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112;
 h=date:in-reply-to:message-id:mime-version:references:subject:from:to
 :cc; bh=qPSrCEtbeHo836Eb4T0MrbQt0Mx3fNhl5TzCpIdnioM=;
 b=tN/+6366uwuJTE+iJtwX1dcneD2t4e727WPN2nm0nZYI+3pDpGaw+tNtq58aQIbkGw
 Uje8J4ecQz257G3GgY8pE39frWHFvg9u0sQ5JZrgvFMPqKjgoj+jA0UIjElU+/t3xNJa
 OdDue4yK+8N+69gBW/C1d+zWgG2AE0Usbrs9579qABQGTHAbhMKCTB1FXN0i/DQEljVs
 bvXXTnbf+ync8TmXKoMsTsNU/En5LjN5zT7xJPNwPWfBOLSrRbTxhlikxhy2Qn3S6Wje
 tQY+9HvhGTw7/YA/KXCE2DfQQFKEndCRIJwukkjxgXq6KQDn2KfKc9J5NrqRy08dh0Li
 R1Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:in-reply-to:message-id:mime-version
 :references:subject:from:to:cc;
 bh=qPSrCEtbeHo836Eb4T0MrbQt0Mx3fNhl5TzCpIdnioM=;
 b=C/ded+mVYEU8Cf+1oPTaQBR4Zv9qmK6mtrVQQ5o2FJwOkUgL3ujMgXn471Njng0fxq
 6zsoMTPbRoRMFSg4/hLYWoHbTWxqlDTWTx1q35HTDLP7L5QWpWpAr7IrNWocrMtcbpa9
 gY1Dukdz3n2g2Z19VMAe4UG1ROOTO6WWOox7bj5UpbUHVQEj8rGTLKXCNkS1IISBq3WL
 S0XNm5Fokyw/KKbsL1b9km82Tp8lIfDbFlM5oF/F2vQEcTPbBmGx87ChBYdEhCoyl1zH
 TuOoWCAUaLEjZMZzb4er5VMErlyMSUtuWpkcO3Ntp0dwCCybDNBjzAD86bmkHATXUsTe
 97Qw==
X-Gm-Message-State: AOAM5322hQvvAwSPGZ7sZzDS3+iulLLX6w7l2uW+NTdW2etmoajp1bni
 od1dkgaep1R52lK4KJZwS0BOH8kErGcrlFFmC3+BPkDSREwY0VTMLn/X0KMcvSyRD6N0emN4KFC
 BAHNp9BA3BO1uK0vqxBvXOVtS1drw0pf+rQdFNKlxtlRDvhKMqpC/uiKcKec=
X-Google-Smtp-Source: ABdhPJw16elSsMGr8o22b8Q3Fu6gRhK9XSaWGPcOwEBf1vmcBbFoNv/riRJCl89u4PP22pQcQIXZi9JPPbU=
X-Received: from ascull.c.googlers.com ([fda3:e722:ac3:cc00:28:9cb1:c0a8:1510])
 (user=ascull job=sendgmr) by 2002:a81:3a93:0:b0:2ff:a0f1:53fe with SMTP id
 h141-20020a813a93000000b002ffa0f153femr46796007ywa.352.1653904846477; Mon, 30
 May 2022 03:00:46 -0700 (PDT)
Date: Mon, 30 May 2022 10:00:09 +0000
In-Reply-To: <20220530100013.3753780-1-ascull@google.com>
Message-Id: <20220530100013.3753780-10-ascull@google.com>
Mime-Version: 1.0
References: <20220530100013.3753780-1-ascull@google.com>
X-Mailer: git-send-email 2.36.1.124.g0e6072fb45-goog
Subject: [PATCH v3 09/13] test: fuzz: Add framework for fuzzing
From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, trini@konsulko.com, xypron.glpk@gmx.de, 
 jonbottarini@google.com, seanga2@gmail.com, Andrew Scull <ascull@google.com>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de
X-Virus-Status: Clean

Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 Kconfig              |  9 +++++
 include/test/fuzz.h  | 51 +++++++++++++++++++++++++++
 test/Makefile        |  1 +
 test/fuzz/Makefile   |  7 ++++
 test/fuzz/cmd_fuzz.c | 82 ++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 150 insertions(+)
 create mode 100644 include/test/fuzz.h
 create mode 100644 test/fuzz/Makefile
 create mode 100644 test/fuzz/cmd_fuzz.c

diff --git a/Kconfig b/Kconfig
index 2257aca97f..fbd16a3f03 100644
--- a/Kconfig
+++ b/Kconfig
@@ -161,6 +161,15 @@ config ASAN
 	  Enables AddressSanitizer to discover out-of-bounds accesses,
 	  use-after-free, double-free and memory leaks.
 
+config FUZZ
+	bool "Enable fuzzing"
+	depends on CC_IS_CLANG
+	depends on DM_FUZZING_ENGINE
+	select ASAN
+	help
+	  Enables the fuzzing infrastructure to generate fuzzing data and run
+          fuzz tests.
+
 config CC_HAS_ASM_INLINE
 	def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
 
diff --git a/include/test/fuzz.h b/include/test/fuzz.h
new file mode 100644
index 0000000000..d4c57540eb
--- /dev/null
+++ b/include/test/fuzz.h
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#ifndef __TEST_FUZZ_H
+#define __TEST_FUZZ_H
+
+#include <linker_lists.h>
+#include <linux/types.h>
+
+/**
+ * struct fuzz_test - Information about a fuzz test
+ *
+ * @name: Name of fuzz test
+ * @func: Function to call to perform fuzz test on an input
+ * @flags: Flags indicate pre-conditions for fuzz test
+ */
+struct fuzz_test {
+	const char *name;
+	int (*func)(const uint8_t * data, size_t size);
+	int flags;
+};
+
+/**
+ * FUZZ_TEST() - register a fuzz test
+ *
+ * The fuzz test function must return 0 as other values are reserved for future
+ * use.
+ *
+ * @_name:	the name of the fuzz test function
+ * @_flags:	an integer field that can be evaluated by the fuzzer
+ * 		implementation
+ */
+#define FUZZ_TEST(_name, _flags)					\
+	ll_entry_declare(struct fuzz_test, _name, fuzz_tests) = {	\
+		.name = #_name,						\
+		.func = _name,						\
+		.flags = _flags,					\
+	}
+
+/** Get the start of the list of fuzz tests */
+#define FUZZ_TEST_START() \
+	ll_entry_start(struct fuzz_test, fuzz_tests)
+
+/** Get the number of elements in the list of fuzz tests */
+#define FUZZ_TEST_COUNT() \
+	ll_entry_count(struct fuzz_test, fuzz_tests)
+
+#endif /* __TEST_FUZZ_H */
diff --git a/test/Makefile b/test/Makefile
index abd605a435..1dfd567744 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -16,6 +16,7 @@ obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += command_ut.o
 obj-$(CONFIG_$(SPL_)UT_COMPRESSION) += compression.o
 obj-y += dm/
+obj-$(CONFIG_FUZZ) += fuzz/
 obj-$(CONFIG_$(SPL_)CMDLINE) += print_ut.o
 obj-$(CONFIG_$(SPL_)CMDLINE) += str_ut.o
 obj-$(CONFIG_UT_TIME) += time_ut.o
diff --git a/test/fuzz/Makefile b/test/fuzz/Makefile
new file mode 100644
index 0000000000..03eeeeb497
--- /dev/null
+++ b/test/fuzz/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2022 Google, Inc.
+# Written by Andrew Scull <ascull@google.com>
+#
+
+obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_fuzz.o
diff --git a/test/fuzz/cmd_fuzz.c b/test/fuzz/cmd_fuzz.c
new file mode 100644
index 0000000000..0cc01dc199
--- /dev/null
+++ b/test/fuzz/cmd_fuzz.c
@@ -0,0 +1,82 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#include <command.h>
+#include <common.h>
+#include <dm.h>
+#include <fuzzing_engine.h>
+#include <test/fuzz.h>
+
+static struct fuzz_test *find_fuzz_test(const char *name)
+{
+	struct fuzz_test *fuzzer = FUZZ_TEST_START();
+	size_t count = FUZZ_TEST_COUNT();
+	size_t i;
+
+	for (i = 0; i < count; ++i) {
+		if (strcmp(name, fuzzer->name) == 0)
+			return fuzzer;
+		++fuzzer;
+	}
+
+	return NULL;
+}
+
+static struct udevice *find_fuzzing_engine(void)
+{
+	struct udevice *dev;
+
+	if (uclass_first_device(UCLASS_FUZZING_ENGINE, &dev))
+		return NULL;
+
+	return dev;
+}
+
+static int do_fuzz(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	struct fuzz_test *fuzzer;
+	struct udevice *dev;
+
+	if (argc != 2)
+		return CMD_RET_USAGE;
+
+	fuzzer = find_fuzz_test(argv[1]);
+	if (!fuzzer) {
+		printf("Could not find fuzzer: %s\n", argv[1]);
+		return 1;
+	}
+
+	dev = find_fuzzing_engine();
+	if (!dev) {
+		puts("No fuzzing engine available\n");
+		return 1;
+	}
+
+	while (1) {
+		const uint8_t *data;
+		size_t size;
+
+		if (dm_fuzzing_engine_get_input(dev, &data, &size)) {
+			puts("Fuzzing engine failed\n");
+			return 1;
+		}
+
+		fuzzer->func(data, size);
+	}
+
+	return 1;
+}
+
+#ifdef CONFIG_SYS_LONGHELP
+static char fuzz_help_text[] =
+	"[fuzz-test-name] - execute the named fuzz test\n"
+	;
+#endif /* CONFIG_SYS_LONGHELP */
+
+U_BOOT_CMD(
+	fuzz, CONFIG_SYS_MAXARGS, 1, do_fuzz,
+	"fuzz tests", fuzz_help_text
+);
-- 
2.36.1.124.g0e6072fb45-goog