fuzzing_engine: Add fuzzing engine uclass

This new class of device will provide fuzzing inputs from a fuzzing
engine.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Andrew Scull 2022-05-30 10:00:08 +00:00 committed by Tom Rini
parent eabc4e2980
commit 3f807c6b81
7 changed files with 99 additions and 0 deletions

View file

@ -40,6 +40,8 @@ source "drivers/fastboot/Kconfig"
source "drivers/firmware/Kconfig"
source "drivers/fuzz/Kconfig"
source "drivers/fpga/Kconfig"
source "drivers/gpio/Kconfig"

View file

@ -115,6 +115,7 @@ obj-$(CONFIG_W1) += w1/
obj-$(CONFIG_W1_EEPROM) += w1-eeprom/
obj-$(CONFIG_MACH_PIC32) += ddr/microchip/
obj-$(CONFIG_FUZZ) += fuzz/
obj-$(CONFIG_DM_HWSPINLOCK) += hwspinlock/
obj-$(CONFIG_DM_RNG) += rng/
endif

9
drivers/fuzz/Kconfig Normal file
View file

@ -0,0 +1,9 @@
config DM_FUZZING_ENGINE
bool "Driver support for fuzzing engine devices"
depends on DM
help
Enable driver model for fuzzing engine devices. This interface is
used to get successive inputs from a fuzzing engine that aims to
explore different code paths in a fuzz test. The fuzzing engine may
be instrumenting the execution in order to more effectively generate
inputs that explore different code paths.

7
drivers/fuzz/Makefile Normal file
View file

@ -0,0 +1,7 @@
# SPDX-License-Identifier: GPL-2.0+
#
# Copyright (c) 2022 Google, Inc.
# Written by Andrew Scull <ascull@google.com>
#
obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o

View file

@ -0,0 +1,28 @@
/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright (c) 2022 Google, Inc.
* Written by Andrew Scull <ascull@google.com>
*/
#define LOG_CATEGORY UCLASS_FUZZING_ENGINE
#include <common.h>
#include <dm.h>
#include <fuzzing_engine.h>
int dm_fuzzing_engine_get_input(struct udevice *dev,
const uint8_t **data,
size_t *size)
{
const struct dm_fuzzing_engine_ops *ops = device_get_ops(dev);
if (!ops->get_input)
return -ENOSYS;
return ops->get_input(dev, data, size);
}
UCLASS_DRIVER(fuzzing_engine) = {
.name = "fuzzing_engine",
.id = UCLASS_FUZZING_ENGINE,
};

View file

@ -56,6 +56,7 @@ enum uclass_id {
UCLASS_ETH, /* Ethernet device */
UCLASS_ETH_PHY, /* Ethernet PHY device */
UCLASS_FIRMWARE, /* Firmware */
UCLASS_FUZZING_ENGINE, /* Fuzzing engine */
UCLASS_FS_FIRMWARE_LOADER, /* Generic loader */
UCLASS_GPIO, /* Bank of general-purpose I/O pins */
UCLASS_HASH, /* Hash device */

51
include/fuzzing_engine.h Normal file
View file

@ -0,0 +1,51 @@
/* SPDX-License-Identifier: GPL-2.0+ */
/*
* Copyright (c) 2022 Google, Inc.
* Written by Andrew Scull <ascull@google.com>
*/
#ifndef __FUZZING_ENGINE_H
#define __FUZZING_ENGINE_H
struct udevice;
/**
* dm_fuzzing_engine_get_input() - get an input from the fuzzing engine device
*
* The function will return a pointer to the input data and the size of the
* data pointed to. The pointer will remain valid until the next invocation of
* this function.
*
* @dev: fuzzing engine device
* @data: output pointer to input data
* @size output size of input data
* Return: 0 if OK, -ve on error
*/
int dm_fuzzing_engine_get_input(struct udevice *dev,
const uint8_t **data,
size_t *size);
/**
* struct dm_fuzzing_engine_ops - operations for the fuzzing engine uclass
*
* This contains the functions implemented by a fuzzing engine device.
*/
struct dm_fuzzing_engine_ops {
/**
* @get_input() - get an input
*
* The function will return a pointer to the input data and the size of
* the data pointed to. The pointer will remain valid until the next
* invocation of this function.
*
* @get_input.dev: fuzzing engine device
* @get_input.data: output pointer to input data
* @get_input.size output size of input data
* @get_input.Return: 0 if OK, -ve on error
*/
int (*get_input)(struct udevice *dev,
const uint8_t **data,
size_t *size);
};
#endif /* __FUZZING_ENGINE_H */