diff options
author | Tom Rini <trini@konsulko.com> | 2022-07-11 10:18:13 -0400 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2022-07-11 14:58:57 -0400 |
commit | 36b661dc919da318c163a45f4a220d2e3d9db608 (patch) | |
tree | 268703050f58280feb3287d48eb0cedc974730e1 /arch/sandbox | |
parent | e092e3250270a1016c877da7bdd9384f14b1321e (diff) | |
parent | 05a4859637567b13219efd6f1707fb236648b1b7 (diff) | |
download | u-boot-36b661dc919da318c163a45f4a220d2e3d9db608.zip u-boot-36b661dc919da318c163a45f4a220d2e3d9db608.tar.gz u-boot-36b661dc919da318c163a45f4a220d2e3d9db608.tar.bz2 |
Merge branch 'next'
Diffstat (limited to 'arch/sandbox')
-rw-r--r-- | arch/sandbox/Kconfig | 4 | ||||
-rw-r--r-- | arch/sandbox/config.mk | 21 | ||||
-rw-r--r-- | arch/sandbox/cpu/cpu.c | 8 | ||||
-rw-r--r-- | arch/sandbox/cpu/os.c | 89 | ||||
-rw-r--r-- | arch/sandbox/cpu/start.c | 2 | ||||
-rw-r--r-- | arch/sandbox/cpu/u-boot-spl.lds | 10 | ||||
-rw-r--r-- | arch/sandbox/cpu/u-boot.lds | 32 | ||||
-rw-r--r-- | arch/sandbox/dts/sandbox.dts | 1 | ||||
-rw-r--r-- | arch/sandbox/dts/sandbox64.dts | 1 | ||||
-rw-r--r-- | arch/sandbox/dts/test.dts | 38 | ||||
-rw-r--r-- | arch/sandbox/include/asm/fuzzing_engine.h | 25 | ||||
-rw-r--r-- | arch/sandbox/include/asm/getopt.h | 2 | ||||
-rw-r--r-- | arch/sandbox/include/asm/main.h | 18 | ||||
-rw-r--r-- | arch/sandbox/include/asm/sections.h | 4 | ||||
-rw-r--r-- | arch/sandbox/include/asm/spl.h | 2 | ||||
-rw-r--r-- | arch/sandbox/lib/sections.c | 8 |
16 files changed, 215 insertions, 50 deletions
diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig index 5f55c7f..852a7c8 100644 --- a/arch/sandbox/Kconfig +++ b/arch/sandbox/Kconfig @@ -17,11 +17,11 @@ config SANDBOX64 config SANDBOX_RAM_SIZE_MB int "RAM size in MiB" - default 128 + default 256 range 64 4095 if !SANDBOX64 range 64 268435456 if SANDBOX64 help - Memory size of the sandbox in MiB. The default value is 128 MiB. + Memory size of the sandbox in MiB. The default value is 256 MiB. The minimum value is 64 MiB. The maximum value is 4095 MiB for the 32bit sandbox. diff --git a/arch/sandbox/config.mk b/arch/sandbox/config.mk index 02a3ba0..3e2c7f9 100644 --- a/arch/sandbox/config.mk +++ b/arch/sandbox/config.mk @@ -15,8 +15,19 @@ PLATFORM_LIBS += $(shell $(SDL_CONFIG) --libs) PLATFORM_CPPFLAGS += $(shell $(SDL_CONFIG) --cflags) endif +SANITIZERS := +ifdef CONFIG_ASAN +SANITIZERS += -fsanitize=address +endif +ifdef CONFIG_FUZZ +SANITIZERS += -fsanitize=fuzzer +endif +KBUILD_CFLAGS += $(SANITIZERS) + cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \ - $(KBUILD_LDFLAGS:%=-Wl,%)$(LTO_FINAL_LDFLAGS) \ + $(KBUILD_LDFLAGS:%=-Wl,%) \ + $(SANITIZERS) \ + $(LTO_FINAL_LDFLAGS) \ -Wl,--whole-archive \ $(u-boot-main) \ $(u-boot-keep-syms-lto) \ @@ -24,7 +35,9 @@ cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \ $(PLATFORM_LIBS) -Wl,-Map -Wl,u-boot.map cmd_u-boot-spl = (cd $(obj) && $(CC) -o $(SPL_BIN) -Wl,-T u-boot-spl.lds \ - $(KBUILD_LDFLAGS:%=-Wl,%) $(LTO_FINAL_LDFLAGS) \ + $(KBUILD_LDFLAGS:%=-Wl,%) \ + $(SANITIZERS) \ + $(LTO_FINAL_LDFLAGS) \ $(patsubst $(obj)/%,%,$(u-boot-spl-init)) \ -Wl,--whole-archive \ $(patsubst $(obj)/%,%,$(u-boot-spl-main)) \ @@ -44,13 +57,13 @@ EFI_TARGET := --target=efi-app-ia32 else ifeq ($(HOST_ARCH),$(HOST_ARCH_AARCH64)) EFI_LDS := ${SRCDIR}/../../../arch/arm/lib/elf_aarch64_efi.lds OBJCOPYFLAGS += -j .text -j .secure_text -j .secure_data -j .rodata -j .data \ - -j .u_boot_list -j .rela.dyn -j .got -j .got.plt \ + -j __u_boot_list -j .rela.dyn -j .got -j .got.plt \ -j .binman_sym_table -j .text_rest \ -j .efi_runtime -j .efi_runtime_rel else ifeq ($(HOST_ARCH),$(HOST_ARCH_ARM)) EFI_LDS := ${SRCDIR}/../../../arch/arm/lib/elf_arm_efi.lds OBJCOPYFLAGS += -j .text -j .secure_text -j .secure_data -j .rodata -j .hash \ - -j .data -j .got -j .got.plt -j .u_boot_list -j .rel.dyn \ + -j .data -j .got -j .got.plt -j __u_boot_list -j .rel.dyn \ -j .binman_sym_table -j .text_rest \ -j .efi_runtime -j .efi_runtime_rel else ifeq ($(HOST_ARCH),$(HOST_ARCH_RISCV32)) diff --git a/arch/sandbox/cpu/cpu.c b/arch/sandbox/cpu/cpu.c index 7a82798..d077948 100644 --- a/arch/sandbox/cpu/cpu.c +++ b/arch/sandbox/cpu/cpu.c @@ -331,27 +331,27 @@ void *board_fdt_blob_setup(int *ret) err = setup_auto_tree(blob); if (!err) goto done; - printf("Unable to create empty FDT: %s\n", fdt_strerror(err)); + os_printf("Unable to create empty FDT: %s\n", fdt_strerror(err)); *ret = -EINVAL; goto fail; } err = os_get_filesize(fname, &size); if (err < 0) { - printf("Failed to find FDT file '%s'\n", fname); + os_printf("Failed to find FDT file '%s'\n", fname); *ret = err; goto fail; } fd = os_open(fname, OS_O_RDONLY); if (fd < 0) { - printf("Failed to open FDT file '%s'\n", fname); + os_printf("Failed to open FDT file '%s'\n", fname); *ret = -EACCES; goto fail; } if (os_read(fd, blob, size) != size) { os_close(fd); - printf("Failed to read FDT file '%s'\n", fname); + os_printf("Failed to read FDT file '%s'\n", fname); *ret = -EIO; goto fail; } diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c index 5ea5417..f937991 100644 --- a/arch/sandbox/cpu/os.c +++ b/arch/sandbox/cpu/os.c @@ -8,9 +8,11 @@ #include <dirent.h> #include <errno.h> #include <fcntl.h> +#include <pthread.h> #include <getopt.h> #include <setjmp.h> #include <signal.h> +#include <stdarg.h> #include <stdio.h> #include <stdint.h> #include <stdlib.h> @@ -26,7 +28,9 @@ #include <linux/compiler_attributes.h> #include <linux/types.h> +#include <asm/fuzzing_engine.h> #include <asm/getopt.h> +#include <asm/main.h> #include <asm/sections.h> #include <asm/state.h> #include <os.h> @@ -51,6 +55,18 @@ ssize_t os_write(int fd, const void *buf, size_t count) return write(fd, buf, count); } +int os_printf(const char *fmt, ...) +{ + va_list args; + int i; + + va_start(args, fmt); + i = vfprintf(stdout, fmt, args); + va_end(args); + + return i; +} + off_t os_lseek(int fd, off_t offset, int whence) { if (whence == OS_SEEK_SET) @@ -1001,3 +1017,76 @@ void os_relaunch(char *argv[]) execv(argv[0], argv); os_exit(1); } + + +#ifdef CONFIG_FUZZ +static void *fuzzer_thread(void * ptr) +{ + char cmd[64]; + char *argv[5] = {"./u-boot", "-T", "-c", cmd, NULL}; + const char *fuzz_test; + + /* Find which test to run from an environment variable. */ + fuzz_test = getenv("UBOOT_SB_FUZZ_TEST"); + if (!fuzz_test) + os_abort(); + + snprintf(cmd, sizeof(cmd), "fuzz %s", fuzz_test); + + sandbox_main(4, argv); + os_abort(); + return NULL; +} + +static bool fuzzer_initialized = false; +static pthread_mutex_t fuzzer_mutex = PTHREAD_MUTEX_INITIALIZER; +static pthread_cond_t fuzzer_cond = PTHREAD_COND_INITIALIZER; +static const uint8_t *fuzzer_data; +static size_t fuzzer_size; + +int sandbox_fuzzing_engine_get_input(const uint8_t **data, size_t *size) +{ + if (!fuzzer_initialized) + return -ENOSYS; + + /* Tell the main thread we need new inputs then wait for them. */ + pthread_mutex_lock(&fuzzer_mutex); + pthread_cond_signal(&fuzzer_cond); + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + *data = fuzzer_data; + *size = fuzzer_size; + pthread_mutex_unlock(&fuzzer_mutex); + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + static pthread_t tid; + + pthread_mutex_lock(&fuzzer_mutex); + + /* Initialize the sandbox on another thread. */ + if (!fuzzer_initialized) { + fuzzer_initialized = true; + if (pthread_create(&tid, NULL, fuzzer_thread, NULL)) + os_abort(); + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + } + + /* Hand over the input. */ + fuzzer_data = data; + fuzzer_size = size; + pthread_cond_signal(&fuzzer_cond); + + /* Wait for the inputs to be finished with. */ + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + pthread_mutex_unlock(&fuzzer_mutex); + + return 0; +} +#else +int main(int argc, char *argv[]) +{ + return sandbox_main(argc, argv); +} +#endif diff --git a/arch/sandbox/cpu/start.c b/arch/sandbox/cpu/start.c index 0f5a873..90a84e9 100644 --- a/arch/sandbox/cpu/start.c +++ b/arch/sandbox/cpu/start.c @@ -453,7 +453,7 @@ void sandbox_reset(void) os_relaunch(os_argv); } -int main(int argc, char *argv[]) +int sandbox_main(int argc, char *argv[]) { struct sandbox_state *state; void * text_base; diff --git a/arch/sandbox/cpu/u-boot-spl.lds b/arch/sandbox/cpu/u-boot-spl.lds index 206e265..ef885fd 100644 --- a/arch/sandbox/cpu/u-boot-spl.lds +++ b/arch/sandbox/cpu/u-boot-spl.lds @@ -9,8 +9,8 @@ SECTIONS { . = ALIGN(32); - .u_boot_list : { - KEEP(*(SORT(.u_boot_list*))); + __u_boot_list : { + KEEP(*(SORT(__u_boot_list*))); } /* Private data for devices with OF_PLATDATA_RT */ @@ -22,9 +22,9 @@ SECTIONS } _u_boot_sandbox_getopt : { - *(.u_boot_sandbox_getopt_start) - KEEP(*(.u_boot_sandbox_getopt)) - *(.u_boot_sandbox_getopt_end) + *(_u_boot_sandbox_getopt_start) + KEEP(*(_u_boot_sandbox_getopt)) + *(_u_boot_sandbox_getopt_end) } } diff --git a/arch/sandbox/cpu/u-boot.lds b/arch/sandbox/cpu/u-boot.lds index 92e834a..ba8dee5 100644 --- a/arch/sandbox/cpu/u-boot.lds +++ b/arch/sandbox/cpu/u-boot.lds @@ -9,42 +9,40 @@ SECTIONS { . = ALIGN(32); - .u_boot_list : { - KEEP(*(SORT(.u_boot_list*))); + __u_boot_list : { + KEEP(*(SORT(__u_boot_list*))); } _u_boot_sandbox_getopt : { - *(.u_boot_sandbox_getopt_start) - *(.u_boot_sandbox_getopt) - *(.u_boot_sandbox_getopt_end) + *(_u_boot_sandbox_getopt_start) + *(_u_boot_sandbox_getopt) + *(_u_boot_sandbox_getopt_end) } - .__efi_runtime_start : { - *(.__efi_runtime_start) + efi_runtime_start : { + *(___efi_runtime_start) } - .efi_runtime : { + efi_runtime : { *(efi_runtime_text) *(efi_runtime_data) } - .__efi_runtime_stop : { - *(.__efi_runtime_stop) + efi_runtime_stop : { + *(___efi_runtime_stop) } - .efi_runtime_rel_start : - { - *(.__efi_runtime_rel_start) + efi_runtime_rel_start : { + *(___efi_runtime_rel_start) } - .efi_runtime_rel : { + efi_runtime_rel : { *(.relefi_runtime_text) *(.relefi_runtime_data) } - .efi_runtime_rel_stop : - { - *(.__efi_runtime_rel_stop) + efi_runtime_rel_stop : { + *(___efi_runtime_rel_stop) } .dynsym : diff --git a/arch/sandbox/dts/sandbox.dts b/arch/sandbox/dts/sandbox.dts index 18fde1c..21f00fc 100644 --- a/arch/sandbox/dts/sandbox.dts +++ b/arch/sandbox/dts/sandbox.dts @@ -63,7 +63,6 @@ eth@10002000 { compatible = "sandbox,eth"; reg = <0x10002000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 00]; }; host-fs { diff --git a/arch/sandbox/dts/sandbox64.dts b/arch/sandbox/dts/sandbox64.dts index ec53106..3eb0457 100644 --- a/arch/sandbox/dts/sandbox64.dts +++ b/arch/sandbox/dts/sandbox64.dts @@ -58,7 +58,6 @@ eth@10002000 { compatible = "sandbox,eth"; reg = <0x0 0x10002000 0x0 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 00]; }; i2c_0: i2c@0 { diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts index 8f93775..0194b9b 100644 --- a/arch/sandbox/dts/test.dts +++ b/arch/sandbox/dts/test.dts @@ -28,6 +28,9 @@ ethernet3 = ð_3; ethernet4 = &dsa_eth0; ethernet5 = ð_5; + ethernet6 = "/eth@10004000"; + ethernet7 = &swp_1; + ethernet8 = &phy_eth0; gpio1 = &gpio_a; gpio2 = &gpio_b; gpio3 = &gpio_c; @@ -89,6 +92,10 @@ }; }; + fuzzing-engine { + compatible = "sandbox,fuzzing-engine"; + }; + reboot-mode0 { compatible = "reboot-mode-gpio"; gpios = <&gpio_c 0 GPIO_ACTIVE_HIGH>, <&gpio_c 1 GPIO_ACTIVE_HIGH>; @@ -524,31 +531,31 @@ eth@10002000 { compatible = "sandbox,eth"; reg = <0x10002000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 00]; }; eth_5: eth@10003000 { compatible = "sandbox,eth"; reg = <0x10003000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 11]; + nvmem-cells = <ð5_addr>; + nvmem-cell-names = "mac-address"; }; eth_3: sbe5 { compatible = "sandbox,eth"; reg = <0x10005000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 33]; + nvmem-cells = <ð3_addr>; + nvmem-cell-names = "mac-address"; }; eth@10004000 { compatible = "sandbox,eth"; reg = <0x10004000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 22]; }; phy_eth0: phy-test-eth { compatible = "sandbox,eth"; reg = <0x10007000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 77]; + mac-address = [ 02 00 11 22 33 49 ]; phy-handle = <ðphy1>; phy-mode = "2500base-x"; }; @@ -556,7 +563,8 @@ dsa_eth0: dsa-test-eth { compatible = "sandbox,eth"; reg = <0x10006000 0x1000>; - fake-host-hwaddr = [00 00 66 44 22 66]; + nvmem-cells = <ð4_addr>; + nvmem-cell-names = "mac-address"; }; dsa-test { @@ -700,6 +708,8 @@ pinctrl-0 = <&pinmux_i2c0_pins>; eeprom@2c { + #address-cells = <1>; + #size-cells = <1>; reg = <0x2c>; compatible = "i2c-eeprom"; sandbox,emul = <&emul_eeprom>; @@ -711,12 +721,22 @@ reg = <10 2>; }; }; + + eth3_addr: mac-address@24 { + reg = <24 6>; + }; }; rtc_0: rtc@43 { + #address-cells = <1>; + #size-cells = <1>; reg = <0x43>; compatible = "sandbox-rtc"; sandbox,emul = <&emul0>; + + eth4_addr: mac-address@40 { + reg = <0x40 6>; + }; }; rtc_1: rtc@61 { @@ -898,7 +918,13 @@ }; misc-test { + #address-cells = <1>; + #size-cells = <1>; compatible = "sandbox,misc_sandbox"; + + eth5_addr: mac-address@10 { + reg = <0x10 6>; + }; }; mmc2 { diff --git a/arch/sandbox/include/asm/fuzzing_engine.h b/arch/sandbox/include/asm/fuzzing_engine.h new file mode 100644 index 0000000..cf63963 --- /dev/null +++ b/arch/sandbox/include/asm/fuzzing_engine.h @@ -0,0 +1,25 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <ascull@google.com> + */ + +#ifndef __ASM_FUZZING_ENGINE_H +#define __ASM_FUZZING_ENGINE_H + +/** Function to get fuzzing engine input data. */ +/** + * sandbox_fuzzing_engine_get_input() - get an input from the sandbox fuzzing + * engine + * + * The function will return a pointer to the input data and the size of the + * data pointed to. The pointer will remain valid until the next invocation of + * this function. + * + * @data: output pointer to input data + * @size output size of input data + * Return: 0 if OK, -ve on error + */ +int sandbox_fuzzing_engine_get_input(const uint8_t **data, size_t *size); + +#endif /* __ASM_FUZZING_ENGINE_H */ diff --git a/arch/sandbox/include/asm/getopt.h b/arch/sandbox/include/asm/getopt.h index d2145ad..df30572 100644 --- a/arch/sandbox/include/asm/getopt.h +++ b/arch/sandbox/include/asm/getopt.h @@ -44,7 +44,7 @@ struct sandbox_cmdline_option { .callback = sandbox_cmdline_cb_##f, \ }; \ /* Ppointer to the struct in a special section for the linker script */ \ - static __used __section(".u_boot_sandbox_getopt") \ + static __used __section("_u_boot_sandbox_getopt") \ struct sandbox_cmdline_option \ *sandbox_cmdline_option_##f##_ptr = \ &sandbox_cmdline_option_##f diff --git a/arch/sandbox/include/asm/main.h b/arch/sandbox/include/asm/main.h new file mode 100644 index 0000000..7a2f0d3 --- /dev/null +++ b/arch/sandbox/include/asm/main.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull <ascull@google.com> + */ + +#ifndef __ASM_SANDBOX_MAIN_H +#define __ASM_SANDBOX_MAIN_H + +/** + * sandbox_main() - main entrypoint for sandbox + * + * @argc: the number of arguments passed to the program + * @argv: array of argc+1 pointers, of which the last one is null + */ +int sandbox_main(int argc, char *argv[]); + +#endif /* __ASM_SANDBOX_MAIN_H */ diff --git a/arch/sandbox/include/asm/sections.h b/arch/sandbox/include/asm/sections.h index f4351ae..88837bb 100644 --- a/arch/sandbox/include/asm/sections.h +++ b/arch/sandbox/include/asm/sections.h @@ -17,7 +17,7 @@ static inline struct sandbox_cmdline_option ** __u_boot_sandbox_option_start(void) { static char start[0] __aligned(4) __attribute__((unused)) - __section(".u_boot_sandbox_getopt_start"); + __section("_u_boot_sandbox_getopt_start"); return (struct sandbox_cmdline_option **)&start; } @@ -26,7 +26,7 @@ static inline struct sandbox_cmdline_option ** __u_boot_sandbox_option_end(void) { static char end[0] __aligned(4) __attribute__((unused)) - __section(".u_boot_sandbox_getopt_end"); + __section("_u_boot_sandbox_getopt_end"); return (struct sandbox_cmdline_option **)&end; } diff --git a/arch/sandbox/include/asm/spl.h b/arch/sandbox/include/asm/spl.h index d25dc7c..bf5a585 100644 --- a/arch/sandbox/include/asm/spl.h +++ b/arch/sandbox/include/asm/spl.h @@ -6,8 +6,6 @@ #ifndef __asm_spl_h #define __asm_spl_h -#define CONFIG_SPL_BOARD_LOAD_IMAGE - enum { BOOT_DEVICE_BOARD, }; diff --git a/arch/sandbox/lib/sections.c b/arch/sandbox/lib/sections.c index 2559eee..2f2f3fb 100644 --- a/arch/sandbox/lib/sections.c +++ b/arch/sandbox/lib/sections.c @@ -5,9 +5,9 @@ */ #include <linux/compiler.h> -char __efi_runtime_start[0] __section(".__efi_runtime_start"); -char __efi_runtime_stop[0] __section(".__efi_runtime_stop"); +char __efi_runtime_start[0] __section("___efi_runtime_start"); +char __efi_runtime_stop[0] __section("___efi_runtime_stop"); char __efi_runtime_rel_start[0] - __section(".__efi_runtime_rel_start"); + __section("___efi_runtime_rel_start"); char __efi_runtime_rel_stop[0] - __section(".__efi_runtime_rel_stop"); + __section("___efi_runtime_rel_stop"); |