Add an implementation of LLVMFuzzerTestOneInput() that starts the
sandbox on a secondary thread and exposes a function to synchronize the
generation of fuzzing inputs with their consumption by the sandbox.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Add CONFIG_ASAN to build with the Address Sanitizer. This only works
with the sandbox so the config is likewise dependent. The resulting
executable will have ASAN instrumentation, including the leak detector
that can be disabled with the ASAN_OPTIONS environment variable:
ASAN_OPTIONS=detect_leaks=0 ./u-boot
Since u-boot uses its own dlmalloc, dynamic allocations aren't
automatically instrumented, but stack variables and globals are.
Instrumentation could be added to dlmalloc to poison and unpoison memory
as it is allocated and deallocated, and to introduce redzones between
allocations. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
The config is not yet enabled for any targets by default.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Rename the sections used to implement linker lists so they begin with
'__u_boot_list' rather than '.u_boot_list'. The double underscore at the
start is still distinct from the single underscore used by the symbol
names.
Having a '.' in the section names conflicts with clang's ASAN
instrumentation which tries to add redzones between the linker list
elements, causing expected accesses to fail. However, clang doesn't try
to add redzones to user sections, which are names with all alphanumeric
and underscore characters.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Currently we use incremental linking (ld -r) to link several object
files from one directory into one built-in.o object file containing the
linked code from that directory (and its subdirectories).
Linux has, some time ago, moved to thin archives instead.
Thin archives are archives (.a) that do not really contain the object
files, only references to them.
Using thin archives instead of incremental linking
- saves disk space
- apparently works better with dead code elimination
- makes things easier for LTO
The third point is the important one for us. With incremental linking
there are several options how to do LTO, and that would unnecessarily
complicate things.
We have to use the --whole-archive/--no-whole-archive linking option
instead of --start-group/--end-group, otherwise linking may fail because
of unresolved symbols, or the resulting binary will be unusable.
We also need to use the P flag for ar, otherwise final linking may fail.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Reviewed-by: Simon Glass <sjg@chromium.org>
Sandbox currently uses SDL1.2. SDL2 has been around for quite a while and
is widely supported. It has a number of useful features. It seems
appropriate to move sandbox over.
Update the code to use SDL2 instead of SDL1.2.
Signed-off-by: Simon Glass <sjg@chromium.org>
On the sandbox the UEFI binaries must match the host architectures.
Adjust the Makefiles. Provide the PE/COFF header and relocation files.
Allow building helloworld.efi on the sandbox.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
When cross-compiling, sometimes sdl-config must come from a different path
from the default. Add a way to override it, by adding SDL_CONFIG to the
environment before building U-Boot.
Signed-off-by: Simon Glass <sjg@chromium.org>
The check for CONFIG_SANDBOX_SDL in config.mk does not work since the
build config is not available by the time that file is included. Remove it
so that we always call sdl-config except when NO_SDL is used.
Signed-off-by: Simon Glass <sjg@chromium.org>
At present sandbox has a start.o in the 'start' target but also includes
it in the normal target list. This is not how this is normally handled. It
is needed because sandbox does not include the u-boot-init variable in its
link rule.
Update the rule and move start.o from the normal target list to the
'extras' list.
Signed-off-by: Simon Glass <sjg@chromium.org>
Sandbox is not a real bootloader and it does require
a position independent code to be supported.
Thus, build it with -fPIC explicitly.
Fixes: 16940f720f9b ("Makefile: Don't generate position independent code")
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Reported-by: Simon Glass <sjg@chromium.org>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Tested-by: Simon Glass <sjg@chromium.org>
This partially reverts commit 7e21fbca26.
That change broke sandbox EFI support for unknown reasons. It also changes
sandbox to use--gc-sections which we don't want.
For now I am just reverting the sandbox portion as presumably this change
is safe on other architectures.
Fixes: 7e21fbca26 (efi_loader: Rename sections to allow for implicit data)
Signed-off-by: Simon Glass <sjg@chromium.org>
Some times gcc may generate data that is then used within code that may
be part of an efi runtime section. That data could be jump tables,
constants or strings.
In order to make sure we catch these, we need to ensure that gcc emits
them into a section that we can relocate together with all the other
efi runtime bits. This only works if the -ffunction-sections and
-fdata-sections flags are passed and the efi runtime functions are
in a section that starts with ".text".
Up to now we had all efi runtime bits in sections that did not
interfere with the normal section naming scheme, but this forces
us to do so. Hence we need to move the efi_loader text/data/rodata
sections before the global *(.text*) catch-all section.
With this patch in place, we should hopefully have an easier time
to extend the efi runtime functionality in the future.
Signed-off-by: Alexander Graf <agraf@suse.de>
[agraf: Fix x86_64 breakage]
When U-Boot started using SPDX tags we were among the early adopters and
there weren't a lot of other examples to borrow from. So we picked the
area of the file that usually had a full license text and replaced it
with an appropriate SPDX-License-Identifier: entry. Since then, the
Linux Kernel has adopted SPDX tags and they place it as the very first
line in a file (except where shebangs are used, then it's second line)
and with slightly different comment styles than us.
In part due to community overlap, in part due to better tag visibility
and in part for other minor reasons, switch over to that style.
This commit changes all instances where we have a single declared
license in the tag as both the before and after are identical in tag
contents. There's also a few places where I found we did not have a tag
and have introduced one.
Signed-off-by: Tom Rini <trini@konsulko.com>
When building an SPL image, override the link flags so that it uses the
system libraries. This is similar to the way the non-SPL image is built.
Signed-off-by: Simon Glass <sjg@chromium.org>
- The macro __BIGGEST_ALIGNMENT__ is gcc-specific. If it is not defined
we'll just assume 16. This is correct for at least the common cases
and LLVM does not provide an equivalent macro.
- When linking U-Boot we're passing -T to the linker, and while gcc will
just pass this along with LLVM we need to be specific.
Cc: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
We have done with the generic board conversion for all the boards
of ARC, Blackfin, M68000, MicroBlaze, MIPS, NIOS2, Sandbox, X86.
Let's select SYS_GENERIC_BOARD for those architectures, so we can
tell which architecture has finished the conversion at a glance.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexey Brodkin <abrodkin@synopsys.com>
Move the option to Kconfig renaming it to CONFIG_HAVE_GENERIC_BOARD.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Alexey Brodkin <abrodkin@synopsys.com>
An option is provided to avoid using SDL in U-Boot sandbox (and drop
support for the LCD). However the check in the Makefile is too late
and warnings are printed even if NO_SDL=y is given.
Adjust the order to avoid this warning.
Signed-off-by: Simon Glass <sjg@chromium.org>
Acked-by: Jeroen Hofstee <jeroen@myspectrum.nl>
Some machines do not have SDL libraries installed, and it is still useful
to build sandbox without LCD/keyboard support.
Add an option for this, used as follows:
make sandbox_config all NO_SDL=1
Signed-off-by: Simon Glass <sjg@chromium.org>
SDL (Simple DirectMedia Layer - see www.libsdl.org) is a library which
provides simple graphics and sound features. It works under X11 and also
with a simple frame buffer interface. It is ideally suited to sandbox
U-Boot since it fits nicely with the low-level feature set required by
U-Boot. For example, U-Boot has its own font drawing routines, its own
keyboard processing and just needs raw sound output.
We can use SDL to provide emulation of these basic functions for sandbox.
This significantly expands the testing that is possible with sandbox.
Add a basic SDL library which we will use in future commits.
Tested-by: Che-Liang Chiou <clchiou@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
Add support for building a device tree for sandbox's CONFIG_OF_HOSTFILE
option to make it easier to use device tree with sandbox.
This adjusts the Makefile to build a u-boot.dtb file which can be passed
to sandbox U-Boot with:
./u-boot -d u-boot.dtb
Signed-off-by: Simon Glass <sjg@chromium.org>
Add generic board support for sandbox. and remove the old board init code.
Select CONFIG_SYS_GENERIC_BOARD for sandbox now that this is supported.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Tom Rini <trini@ti.com>
Sandbox doesn't actually provide U-Boot access to the machine's physical
memory. Instead it provides a RAM buffer of configurable size, and all
memory accesses are within that buffer. Sandbox memory starts at 0 and
is CONFIG_DRAM_SIZE bytes in size. Allowing access outside this buffer
might produce unpredictable results in the event of an error, and would
expose the host machine's memory architecture to the sandbox U-Boot.
Most U-Boot functions assume that they can just access memory at given
address. For sandbox this is not true.
Add a map_sysmem() call which converts a U-Boot address to a system
address. In most cases this is a NOP, but for sandbox it returns a
pointer to that memory inside the RAM buffer.
To get a U-Boot feature to work correctly within sandbox, you should call
map_sysmem() to get a pointer to the address, and then use that address for
any U-Boot memory accesses.
Signed-off-by: Simon Glass <sjg@chromium.org>
Since we provide all our own library calls, the fortification from
glibc just gets in our way (which some distros enable by default).
Acked-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This is an initial implementation with all functions defined but not working.
The lds file is very simple since we can mostly rely on the linker defaults.
Signed-off-by: Simon Glass <sjg@chromium.org>