diff options
author | Andrew Scull <ascull@google.com> | 2022-05-30 10:00:09 +0000 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-06-23 12:58:18 -0400 |
commit | 36f641c54e1ad7f08552fe51f9826c1a27b662f9 (patch) | |
tree | 2740cd9df93ae778ca0861432985bf76bf0cdf3d /test | |
parent | 3f807c6b81219555ac964f2623cfcbd1103151fa (diff) |
test: fuzz: Add framework for fuzzing
Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'test')
-rw-r--r-- | test/Makefile | 1 | ||||
-rw-r--r-- | test/fuzz/Makefile | 7 | ||||
-rw-r--r-- | test/fuzz/cmd_fuzz.c | 82 |
3 files changed, 90 insertions, 0 deletions
diff --git a/test/Makefile b/test/Makefile index abd605a435..1dfd567744 100644 --- a/test/Makefile +++ b/test/Makefile @@ -16,6 +16,7 @@ obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_ut.o obj-$(CONFIG_$(SPL_)CMDLINE) += command_ut.o obj-$(CONFIG_$(SPL_)UT_COMPRESSION) += compression.o obj-y += dm/ +obj-$(CONFIG_FUZZ) += fuzz/ obj-$(CONFIG_$(SPL_)CMDLINE) += print_ut.o obj-$(CONFIG_$(SPL_)CMDLINE) += str_ut.o obj-$(CONFIG_UT_TIME) += time_ut.o diff --git a/test/fuzz/Makefile b/test/fuzz/Makefile new file mode 100644 index 0000000000..03eeeeb497 --- /dev/null +++ b/test/fuzz/Makefile @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: GPL-2.0+ +# +# Copyright (c) 2022 Google, Inc. +# Written by Andrew Scull <ascull@google.com> +# + +obj-$(CONFIG_$(SPL_)CMDLINE) += cmd_fuzz.o diff --git a/test/fuzz/cmd_fuzz.c b/test/fuzz/cmd_fuzz.c new file mode 100644 index 0000000000..0cc01dc199 --- /dev/null +++ b/test/fuzz/cmd_fuzz.c @@ -0,0 +1,82 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <ascull@google.com> + */ + +#include <command.h> +#include <common.h> +#include <dm.h> +#include <fuzzing_engine.h> +#include <test/fuzz.h> + +static struct fuzz_test *find_fuzz_test(const char *name) +{ + struct fuzz_test *fuzzer = FUZZ_TEST_START(); + size_t count = FUZZ_TEST_COUNT(); + size_t i; + + for (i = 0; i < count; ++i) { + if (strcmp(name, fuzzer->name) == 0) + return fuzzer; + ++fuzzer; + } + + return NULL; +} + +static struct udevice *find_fuzzing_engine(void) +{ + struct udevice *dev; + + if (uclass_first_device(UCLASS_FUZZING_ENGINE, &dev)) + return NULL; + + return dev; +} + +static int do_fuzz(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[]) +{ + struct fuzz_test *fuzzer; + struct udevice *dev; + + if (argc != 2) + return CMD_RET_USAGE; + + fuzzer = find_fuzz_test(argv[1]); + if (!fuzzer) { + printf("Could not find fuzzer: %s\n", argv[1]); + return 1; + } + + dev = find_fuzzing_engine(); + if (!dev) { + puts("No fuzzing engine available\n"); + return 1; + } + + while (1) { + const uint8_t *data; + size_t size; + + if (dm_fuzzing_engine_get_input(dev, &data, &size)) { + puts("Fuzzing engine failed\n"); + return 1; + } + + fuzzer->func(data, size); + } + + return 1; +} + +#ifdef CONFIG_SYS_LONGHELP +static char fuzz_help_text[] = + "[fuzz-test-name] - execute the named fuzz test\n" + ; +#endif /* CONFIG_SYS_LONGHELP */ + +U_BOOT_CMD( + fuzz, CONFIG_SYS_MAXARGS, 1, do_fuzz, + "fuzz tests", fuzz_help_text +); |