[PATCH 00/11] Fuzzing and ASAN for sandbox
Andrew Scull
ascull at google.com
Thu Apr 14 15:59:29 CEST 2022
This series sets up a basic fuzzing infrastructure that works with
sandbox. The example fuzz test towards the end of the series will find
something pretty quickly. That something is fixed by the series
"virtio: Harden and test vring" that needs to be applied for the final
patch in this series.
There is some refactoring to stop using '.' prefixed sections that elf
defines as being for system use and clang's ASAN instrumentation happily
adds redzones between, but that's not what we want for things like
linker lists where the linker script has carefully placed the sections
contiguously.
It may require patches from the "Fix misc ASAN reports" series to be
applied as I've already dealt with the first set of ASAN reports from
running the tests.
>From v1:
- corrected handling of EFI symbols by sandbox linker script
- per comments, some renaming and explaining
- dropped RFC for dlmalloc ASAN instrumentation (work required to improve it)
- added patch to reduce logging noise in fuzzer
Andrew Scull (12):
sandbox: Fix EFI runtime symbol placement
sandbox: Rename EFI runtime sections
sandbox: Migrate getopt section to linker list
linker_lists: Rename sections to remove . prefix
sandbox: Add support for Address Sanitizer
fuzzing_engine: Add fuzzing engine uclass
test: fuzz: Add framework for fuzzing
sandbox: Decouple program entry from sandbox init
sandbox: Add libfuzzer integration
sandbox: Implement fuzzing engine driver
fuzz: virtio: Add fuzzer for vring
virtio_ring: Reduce logging noise
Kconfig | 16 +++
arch/Kconfig | 2 +
arch/arc/cpu/u-boot.lds | 4 +-
arch/arm/config.mk | 4 +-
arch/arm/cpu/arm926ejs/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv7/sunxi/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot-spl.lds | 4 +-
arch/arm/cpu/armv8/u-boot.lds | 4 +-
arch/arm/cpu/u-boot-spl.lds | 4 +-
arch/arm/cpu/u-boot.lds | 6 +-
arch/arm/mach-at91/arm926ejs/u-boot-spl.lds | 2 +-
arch/arm/mach-at91/armv7/u-boot-spl.lds | 2 +-
arch/arm/mach-omap2/u-boot-spl.lds | 4 +-
arch/arm/mach-orion5x/u-boot-spl.lds | 4 +-
arch/arm/mach-rockchip/u-boot-tpl-v8.lds | 4 +-
arch/arm/mach-zynq/u-boot-spl.lds | 4 +-
arch/arm/mach-zynq/u-boot.lds | 4 +-
arch/m68k/cpu/u-boot.lds | 4 +-
arch/microblaze/cpu/u-boot-spl.lds | 4 +-
arch/microblaze/cpu/u-boot.lds | 4 +-
arch/mips/config.mk | 2 +-
arch/mips/cpu/u-boot-spl.lds | 4 +-
arch/mips/cpu/u-boot.lds | 4 +-
arch/nds32/cpu/n1213/u-boot.lds | 4 +-
arch/nios2/cpu/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc83xx/u-boot.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-nand_spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot-spl.lds | 4 +-
arch/powerpc/cpu/mpc85xx/u-boot.lds | 4 +-
arch/riscv/cpu/u-boot-spl.lds | 4 +-
arch/riscv/cpu/u-boot.lds | 4 +-
arch/sandbox/config.mk | 15 ++-
arch/sandbox/cpu/os.c | 97 ++++++++++++++++---
arch/sandbox/cpu/start.c | 12 +--
arch/sandbox/cpu/u-boot-spl.lds | 10 +-
arch/sandbox/cpu/u-boot.lds | 41 ++++----
arch/sandbox/dts/test.dts | 4 +
arch/sandbox/include/asm/fuzzing_engine.h | 25 +++++
arch/sandbox/include/asm/getopt.h | 19 ++--
arch/sandbox/include/asm/main.h | 18 ++++
arch/sandbox/include/asm/sections.h | 25 -----
arch/sandbox/lib/sections.c | 8 +-
arch/sh/cpu/u-boot.lds | 4 +-
arch/x86/cpu/u-boot-64.lds | 6 +-
arch/x86/cpu/u-boot-spl.lds | 6 +-
arch/x86/cpu/u-boot.lds | 6 +-
arch/x86/lib/elf_ia32_efi.lds | 4 +-
arch/x86/lib/elf_x86_64_efi.lds | 4 +-
arch/xtensa/cpu/u-boot.lds | 2 +-
arch/xtensa/include/asm/ldscript.h | 4 +-
board/compulab/cm_t335/u-boot.lds | 4 +-
board/cssi/MCR3000/u-boot.lds | 4 +-
.../davinci/da8xxevm/u-boot-spl-da850evm.lds | 2 +-
board/qualcomm/dragonboard820c/u-boot.lds | 4 +-
board/samsung/common/exynos-uboot-spl.lds | 4 +-
board/synopsys/iot_devkit/u-boot.lds | 4 +-
board/ti/am335x/u-boot.lds | 4 +-
board/vscom/baltos/u-boot.lds | 4 +-
configs/sandbox_defconfig | 1 +
doc/api/linker_lists.rst | 22 ++---
doc/develop/commands.rst | 4 +-
doc/develop/driver-model/of-plat.rst | 4 +-
drivers/Kconfig | 2 +
drivers/Makefile | 1 +
drivers/fuzz/Kconfig | 17 ++++
drivers/fuzz/Makefile | 8 ++
drivers/fuzz/fuzzing_engine-uclass.c | 28 ++++++
drivers/fuzz/sandbox_fuzzing_engine.c | 35 +++++++
drivers/virtio/virtio_ring.c | 4 +-
include/dm/uclass-id.h | 1 +
include/fuzzing_engine.h | 51 ++++++++++
include/linker_lists.h | 18 ++--
include/test/fuzz.h | 51 ++++++++++
test/Makefile | 1 +
test/fuzz/Makefile | 8 ++
test/fuzz/cmd_fuzz.c | 82 ++++++++++++++++
test/fuzz/virtio.c | 72 ++++++++++++++
78 files changed, 680 insertions(+), 204 deletions(-)
create mode 100644 arch/sandbox/include/asm/fuzzing_engine.h
create mode 100644 arch/sandbox/include/asm/main.h
create mode 100644 drivers/fuzz/Kconfig
create mode 100644 drivers/fuzz/Makefile
create mode 100644 drivers/fuzz/fuzzing_engine-uclass.c
create mode 100644 drivers/fuzz/sandbox_fuzzing_engine.c
create mode 100644 include/fuzzing_engine.h
create mode 100644 include/test/fuzz.h
create mode 100644 test/fuzz/Makefile
create mode 100644 test/fuzz/cmd_fuzz.c
create mode 100644 test/fuzz/virtio.c
--
2.35.1.1178.g4f1659d476-goog
More information about the U-Boot
mailing list