On Mon, 11 Apr 2022 at 19:36, Simon Glass sjg@chromium.org wrote:
Hi Andrew,
On Thu, 7 Apr 2022 at 03:41, Andrew Scull ascull@google.com wrote:
Add a fuzzing engine driver for the sandbox to take inputs from libfuzzer and expose them to the fuzz tests.
Signed-off-by: Andrew Scull ascull@google.com
arch/Kconfig | 2 ++ arch/sandbox/dts/test.dts | 4 +++ drivers/fuzzing_engine/Kconfig | 11 ++++++ drivers/fuzzing_engine/Makefile | 1 + .../fuzzing_engine/sandbox_fuzzing_engine.c | 35 +++++++++++++++++++ 5 files changed, 53 insertions(+) create mode 100644 drivers/fuzzing_engine/sandbox_fuzzing_engine.c
Reviewed-by: Simon Glass sjg@chromium.org
Thoughts below
diff --git a/arch/Kconfig b/arch/Kconfig index e6191446a3..6320a98db6 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -135,6 +135,7 @@ config SANDBOX select BZIP2 select CMD_POWEROFF select DM
select DM_FUZZING_ENGINE select DM_GPIO select DM_I2C select DM_KEYBOARD@@ -170,6 +171,7 @@ config SANDBOX imply CRC32_VERIFY imply FAT_WRITE imply FIRMWARE
imply FUZZING_ENGINE_SANDBOX imply HASH_VERIFY imply LZMA imply TEEdiff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index 48ca3e1e47..848329fda5 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -71,6 +71,10 @@ }; };
fuzzing-engine {compatible = "sandbox,sandbox-fuzzing-engine";};reboot-mode0 { compatible = "reboot-mode-gpio"; gpios = <&gpio_c 0 GPIO_ACTIVE_HIGH>, <&gpio_c 1 GPIO_ACTIVE_HIGH>;diff --git a/drivers/fuzzing_engine/Kconfig b/drivers/fuzzing_engine/Kconfig index f405fc75e8..6311385222 100644 --- a/drivers/fuzzing_engine/Kconfig +++ b/drivers/fuzzing_engine/Kconfig @@ -4,3 +4,14 @@ config DM_FUZZING_ENGINE help Enable driver model for fuzzing engine devices. This interface is used to get fuzzing inputs from a fuzzing engine.
+if DM_FUZZING_ENGINE
+config FUZZING_ENGINE_SANDBOX
bool "Sanbox fuzzing engine"depends on SANDBOXdefault yhelpEnable fuzzing engine for sandbox.+endif diff --git a/drivers/fuzzing_engine/Makefile b/drivers/fuzzing_engine/Makefile index acd894999c..073743ba94 100644 --- a/drivers/fuzzing_engine/Makefile +++ b/drivers/fuzzing_engine/Makefile @@ -5,3 +5,4 @@ #
obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o +obj-$(CONFIG_FUZZING_ENGINE_SANDBOX) += sandbox_fuzzing_engine.o diff --git a/drivers/fuzzing_engine/sandbox_fuzzing_engine.c b/drivers/fuzzing_engine/sandbox_fuzzing_engine.c new file mode 100644 index 0000000000..4d187deaa4 --- /dev/null +++ b/drivers/fuzzing_engine/sandbox_fuzzing_engine.c @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/*
- Copyright (c) 2022 Google, Inc.
- Written by Andrew Scull ascull@google.com
- */
+#include <common.h> +#include <dm.h> +#include <fuzzing_engine.h> +#include <asm/fuzzing_engine.h>
+static int get_input(struct udevice *dev,
const uint8_t **data,size_t *size)+{
return sandbox_fuzzing_engine_get_input(data, size);+}
+static const struct dm_fuzzing_engine_ops sandbox_fuzzing_engine_ops = {
.get_input = get_input,+};
+static const struct udevice_id sandbox_fuzzing_engine_match[] = {
In the interests of brevity, perhaps sb_fuzz_engine as the prefix, or sbfuzz_engine?
I've left them longform for now as they symbols don't get widely used.
{.compatible = "sandbox,sandbox-fuzzing-engine",Do you need the second 'sandbox-' ?
I was copying "sandbox,sandbox-rng" but turns out that was the odd-one-out. Dropping the 'sandbox-'
},{},+};
+U_BOOT_DRIVER(sandbox_fuzzing_engine) = {
.name = "sandbox-fuzzing-engine",.id = UCLASS_FUZZING_ENGINE,.of_match = sandbox_fuzzing_engine_match,.ops = &sandbox_fuzzing_engine_ops,+};
2.35.1.1094.g7c7d902a7c-goog
Regards, Simon