sandbox: Implement fuzzing engine driver

Add a fuzzing engine driver for the sandbox to take inputs from libfuzzer and expose them to the fuzz tests. Signed-off-by: Andrew Scull <ascull@google.com>
2022-05-30 10:00:12 +00:00 · 2022-05-30 10:00:12 +00:00 · 0518e7a28f
commit 0518e7a28f
parent d9962b12f2
5 changed files with 54 additions and 4 deletions
--- a/arch/Kconfig
+++ b/arch/Kconfig
@ -135,6 +135,7 @@ config SANDBOX
 	select BZIP2
 	select CMD_POWEROFF
 	select DM
+	select DM_FUZZING_ENGINE
 	select DM_GPIO
 	select DM_I2C
 	select DM_KEYBOARD
@ -170,6 +171,7 @@ config SANDBOX
 	imply CRC32_VERIFY
 	imply FAT_WRITE
 	imply FIRMWARE
+	imply FUZZING_ENGINE_SANDBOX
 	imply HASH_VERIFY
 	imply LZMA
 	imply TEE
--- a/arch/sandbox/dts/test.dts
+++ b/arch/sandbox/dts/test.dts
@ -92,6 +92,10 @@
 		};
 	};

+	fuzzing-engine {
+		compatible = "sandbox,fuzzing-engine";
+	};
+
 	reboot-mode0 {
 		compatible = "reboot-mode-gpio";
 		gpios = <&gpio_c 0 GPIO_ACTIVE_HIGH>, <&gpio_c 1 GPIO_ACTIVE_HIGH>;
--- a/drivers/fuzz/Kconfig
+++ b/drivers/fuzz/Kconfig
@ -3,7 +3,15 @@ config DM_FUZZING_ENGINE
 	depends on DM
 	help
 	  Enable driver model for fuzzing engine devices. This interface is
-	  used to get successive inputs from a fuzzing engine that aims to
-	  explore different code paths in a fuzz test. The fuzzing engine may
-	  be instrumenting the execution in order to more effectively generate
-	  inputs that explore different code paths.
+	  used to get fuzzing inputs from a fuzzing engine.
+
+if DM_FUZZING_ENGINE
+
+config FUZZING_ENGINE_SANDBOX
+	bool "Sanbox fuzzing engine"
+	depends on SANDBOX
+	default y
+	help
+	  Enable fuzzing engine for sandbox.
+
+endif
--- a/drivers/fuzz/Makefile
+++ b/drivers/fuzz/Makefile
@ -5,3 +5,4 @@
 #

 obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o
+obj-$(CONFIG_FUZZING_ENGINE_SANDBOX) += sandbox_fuzzing_engine.o
--- a/drivers/fuzz/sandbox_fuzzing_engine.c
+++ b/drivers/fuzz/sandbox_fuzzing_engine.c
@ -0,0 +1,35 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <fuzzing_engine.h>
+#include <asm/fuzzing_engine.h>
+
+static int get_input(struct udevice *dev,
+		     const uint8_t **data,
+		     size_t *size)
+{
+	return sandbox_fuzzing_engine_get_input(data, size);
+}
+
+static const struct dm_fuzzing_engine_ops sandbox_fuzzing_engine_ops = {
+	.get_input = get_input,
+};
+
+static const struct udevice_id sandbox_fuzzing_engine_match[] = {
+	{
+		.compatible = "sandbox,fuzzing-engine",
+	},
+	{},
+};
+
+U_BOOT_DRIVER(sandbox_fuzzing_engine) = {
+	.name = "sandbox-fuzzing-engine",
+	.id = UCLASS_FUZZING_ENGINE,
+	.of_match = sandbox_fuzzing_engine_match,
+	.ops = &sandbox_fuzzing_engine_ops,
+};