[PATCH 00/11] Fuzzing and ASAN for sandbox
Andrew Scull
ascull at google.com
Thu Apr 7 11:41:12 CEST 2022
This series sets up a basic fuzzing infrastructure that works with
sandbox. The example fuzz test towards the end of the series will find
something pretty quickly (that something is fixed by
"virtio_ring: Maintain a shadow copy of descriptors" from another
series).
There is some refactoring to stop using '.' prefixed sections that elf
defines as being for system use and clang's ASAN instrumentation happily
adds redzones between, but that's not what we want for things like
linker lists where the linker script has carefully placed the sections
contiguously.
It may require patches from the "Fix misc ASAN reports" series to be
applied as I've already dealt with the first set of ASAN reports from
running the tests.
Andrew Scull (11):
sandbox: Set the EFI symbols in linker script
sandbox: Migrate getopt section to linker list
linker_lists: Rename sections to remove . prefix
sandbox: Add support for Address Sanitizer
fuzzing_engine: Add fuzzing engine uclass
test: fuzz: Add framework for fuzzing
sandbox: Decouple program entry from sandbox init
sandbox: Add libfuzzer integration
sandbox: Implement fuzzing engine driver
fuzz: virtio: Add fuzzer for vring
RFC: Hack dlmalloc to poison memory
Kconfig | 15 +
arch/Kconfig | 2 +
arch/arc/cpu/u-boot.lds | 4 +-
arch/arm/config.mk | 4 +-
arch/arm/cpu/arm926ejs/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv7/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot.lds | 4 +-
arch/arm/cpu/u-boot-spl.lds | 4 +-
arch/arm/cpu/u-boot.lds | 6 +-
arch/arm/mach-at91/arm926ejs/u-boot-spl.lds | 2 +-
arch/arm/mach-at91/armv7/u-boot-spl.lds | 2 +-
arch/arm/mach-omap2/u-boot-spl.lds | 4 +-
arch/arm/mach-orion5x/u-boot-spl.lds | 4 +-
arch/arm/mach-rockchip/u-boot-tpl-v8.lds | 4 +-
arch/arm/mach-zynq/u-boot-spl.lds | 4 +-
arch/arm/mach-zynq/u-boot.lds | 4 +-
arch/m68k/cpu/u-boot.lds | 4 +-
arch/microblaze/cpu/u-boot-spl.lds | 4 +-
arch/microblaze/cpu/u-boot.lds | 4 +-
arch/mips/config.mk | 2 +-
arch/mips/cpu/u-boot-spl.lds | 4 +-
arch/mips/cpu/u-boot.lds | 4 +-
arch/nds32/cpu/n1213/u-boot.lds | 4 +-
arch/nios2/cpu/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc83xx/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot.lds | 4 +-
arch/riscv/cpu/u-boot-spl.lds | 4 +-
arch/riscv/cpu/u-boot.lds | 4 +-
arch/sandbox/config.mk | 15 +-
arch/sandbox/cpu/os.c | 97 +++++-
arch/sandbox/cpu/start.c | 12 +-
arch/sandbox/cpu/u-boot-spl.lds | 10 +-
arch/sandbox/cpu/u-boot.lds | 42 +--
arch/sandbox/dts/test.dts | 4 +
arch/sandbox/include/asm/fuzzing_engine.h | 25 ++
arch/sandbox/include/asm/getopt.h | 19 +-
arch/sandbox/include/asm/main.h | 18 ++
arch/sandbox/include/asm/sections.h | 25 --
arch/sandbox/lib/Makefile | 2 +-
arch/sandbox/lib/sections.c | 13 -
arch/sh/cpu/u-boot.lds | 4 +-
arch/x86/cpu/u-boot-64.lds | 6 +-
arch/x86/cpu/u-boot-spl.lds | 6 +-
arch/x86/cpu/u-boot.lds | 6 +-
arch/x86/lib/elf_ia32_efi.lds | 4 +-
arch/x86/lib/elf_x86_64_efi.lds | 4 +-
arch/xtensa/cpu/u-boot.lds | 2 +-
arch/xtensa/include/asm/ldscript.h | 4 +-
board/compulab/cm_t335/u-boot.lds | 4 +-
board/cssi/MCR3000/u-boot.lds | 4 +-
.../davinci/da8xxevm/u-boot-spl-da850evm.lds | 2 +-
board/qualcomm/dragonboard820c/u-boot.lds | 4 +-
board/samsung/common/exynos-uboot-spl.lds | 4 +-
board/synopsys/iot_devkit/u-boot.lds | 4 +-
board/ti/am335x/u-boot.lds | 4 +-
board/vscom/baltos/u-boot.lds | 4 +-
common/dlmalloc.c | 284 +++++++++++++++---
configs/sandbox_defconfig | 1 +
doc/api/linker_lists.rst | 22 +-
doc/develop/commands.rst | 4 +-
doc/develop/driver-model/of-plat.rst | 4 +-
drivers/Kconfig | 2 +
drivers/Makefile | 1 +
drivers/fuzzing_engine/Kconfig | 17 ++
drivers/fuzzing_engine/Makefile | 8 +
.../fuzzing_engine/fuzzing_engine-uclass.c | 28 ++
.../fuzzing_engine/sandbox_fuzzing_engine.c | 35 +++
include/compiler.h | 1 +
include/dm/uclass-id.h | 1 +
include/fuzzing_engine.h | 51 ++++
include/linker_lists.h | 18 +-
include/linux/types.h | 1 +
include/test/fuzz.h | 51 ++++
test/Makefile | 1 +
test/fuzz/Makefile | 8 +
test/fuzz/cmd_fuzz.c | 82 +++++
test/fuzz/virtio.c | 72 +++++
81 files changed, 909 insertions(+), 264 deletions(-)
create mode 100644 arch/sandbox/include/asm/fuzzing_engine.h
create mode 100644 arch/sandbox/include/asm/main.h
delete mode 100644 arch/sandbox/lib/sections.c
create mode 100644 drivers/fuzzing_engine/Kconfig
create mode 100644 drivers/fuzzing_engine/Makefile
create mode 100644 drivers/fuzzing_engine/fuzzing_engine-uclass.c
create mode 100644 drivers/fuzzing_engine/sandbox_fuzzing_engine.c
create mode 100644 include/fuzzing_engine.h
create mode 100644 include/test/fuzz.h
create mode 100644 test/fuzz/Makefile
create mode 100644 test/fuzz/cmd_fuzz.c
create mode 100644 test/fuzz/virtio.c
--
2.35.1.1094.g7c7d902a7c-goog
More information about the U-Boot
mailing list