h clang's ASAN
instrumentation which tries to add redzones between the linker list
elements, causing expected accesses to fail. However, clang doesn't try
to add redzones to user sections, which are names with all alphanumeric
and underscore characters.
Signed-off-by: Andrew Scull
Revie
e sandbox EFI and getopt refactoring, they obstruct the series
- resolve a couple more ASAN errors
- fix LTO, xtensa and MIPS builds
- add ASAN build targets for CI
Andrew Scull (13):
serial: sandbox: Fix buffer underflow in puts
sandbox: Rename EFI runtime sections
sandbox: Rename getopt
On Tue, 17 May 2022 at 09:06, Heinrich Schuchardt wrote:
>
> On 4/14/22 15:59, Andrew Scull wrote:
> > Rename the sections used to implement linker lists so they begin with
> > '__u_boot_list' rather than '.u_boot_list'. The double underscore at the
>
The virtio-rng driver is extremely simple, making it suitable for
testing more of the virtio uclass logic. Have the sandbox driver bind
the virtio-rng driver rather than the virtio-blk driver so it can be
used in tests.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio
Add a regression test for virtio-rng reading beyond the end of its
buffer if the virtio device provides an invalid length.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/Makefile | 1 +
test/dm/virtio_rng.c | 52
2 files
Check the length of data written by the device is consistent with the
size of the buffers to avoid out-of-bounds memory accesses in case
values aren't consistent.
Signed-off-by: Andrew Scull
Cc: Sughosh Ganu
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_rng.c | 3 +++
1 file chang
The virtio sandbox transport was setting the device features value to
the bit index rather than shifting a bit to the right index. Fix this
using the bit manipulation macros.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_sandbox.c | 2 +-
test/dm/virtio.c
Virtio tests that find a child device require the virtio device driver
to be included in the build so it can probe. The sandbox virtio
transport driver currently reports a virtio-blk device so make sure the
corresponding driver is built before running tests that need it.
Signed-off-by: Andrew
ge and it was a bad example.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/dm/virtio.c b/test/dm/virtio.c
index aa4e3d778e..ff1dea323c 100644
--- a/test/dm/virtio.c
+++ b/test/dm/virtio.c
The virtio ring is the basis of virtio communication. Test its basic
functionality and its resilience against corruption from the device.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/virtio.c | 72
1 file changed, 72
: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_ring.c | 49
include/virtio_ring.h| 10
2 files changed, 43 insertions(+), 16 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index d3fc842f30
When the device returns used buffers, it should refer to the descriptor
that is the head of the descriptor chain for that buffer. Confirm this
to be the case by tracking the head of descriptor chains that have been
made available to the device.
Signed-off-by: Andrew Scull
Reviewed-by: Simon
The variables `total_sg` and `descs_used` have the same value. Replace
the few uses of `total_sg` with `descs_used` to simplify the situation.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
Reviewed-by: Bin Meng
---
drivers/virtio/virtio_ring.c | 7 +++
1 file changed, 3 insertions
Friendly ping on this patch as I've seen a few others being accepted
recently and wanted to make sure this fix hasn't fallen by the
wayside.
On Wed, 23 Mar 2022 at 20:20, Andrew Scull wrote:
>
> Building the sandbox with NO_SDL=1 resulted in an undefi
On Fri, 29 Apr 2022 at 08:11, Tom Rini wrote:
>
> On Thu, Apr 14, 2022 at 01:59:32PM +, Andrew Scull wrote:
>
> > Use the common infrastructure to create a linker list of the sandbox
> > command line flags rather than using a custom method.
> >
> > The list is
the current
implementations don't have the needed consistencty checks.
Changelog:
v2:
- Refactor dm_pci_* functions, not adding new ones
- Reorder patches per request in v1
v3:
- Use CI to test more targets
- Move EA config patch to end for dropping if needed
Andrew Scull (18):
virtio
Demote logs about problems with the vrings to debug level rather than
always logging. This reduces noise from the logs, especially in the fuzz
test where these cases get reached frequently.
Signed-off-by: Andrew Scull
---
drivers/virtio/virtio_ring.c | 4 ++--
1 file changed, 2 insertions(+), 2
Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
Kconfig | 9 +
include/test/fuzz.h | 51 +++
test/Makefile| 1 +
test/fuzz/Makefile | 7
test
This new class of device will provide fuzzing inputs from a fuzzing
engine.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/Kconfig | 2 ++
drivers/Makefile | 1 +
drivers/fuzz/Kconfig | 9 +
drivers/fuzz/Makefile
tions. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
Kconfig
h clang's ASAN
instrumentation which tries to add redzones between the linker list
elements, causing expected accesses to fail. However, clang doesn't try
to add redzones to user sections, which are names with all alphanumeric
and underscore characters.
Signed-off-by: Andrew Scull
Revie
Use the common infrastructure to create a linker list of the sandbox
command line flags rather than using a custom method.
The list is changed from containing pointers to containing structs and
the uses are updated accordingly.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
arch
ed redzones to the
sections and the extra padding meant that the relocation list was no
longer in the expected format. Naming the sections as user sections
resolves this issue.
Signed-off-by: Andrew Scull
---
arch/sandbox/cpu/u-boot.lds | 22 ++
arch/sandbox/lib/sections.c
The EFI symbols are collected in subsections of the .text, .rodata,
.data and .rel sections. Use those when creating EFI runtime sections.
Fixes: 7bf07cf872 (Partially revert "efi_loader: Rename sections to allow for
implicit data")
Signed-off-by: Andrew Scull
Cc: Heinrich Schuchardt
aming and explaining
- dropped RFC for dlmalloc ASAN instrumentation (work required to improve it)
- added patch to reduce logging noise in fuzzer
Andrew Scull (12):
sandbox: Fix EFI runtime symbol placement
sandbox: Rename EFI runtime sections
sandbox: Migrate getopt section to linke
On Thu, 14 Apr 2022 at 08:58, Andrew Scull wrote:
>
> On Thu, 14 Apr 2022 at 01:42, Bin Meng wrote:
> >
> > On Thu, Apr 14, 2022 at 12:30 AM Andrew Scull wrote:
> > >
> > > > > diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig
> > > >
On Thu, 14 Apr 2022 at 01:42, Bin Meng wrote:
>
> On Thu, Apr 14, 2022 at 12:30 AM Andrew Scull wrote:
> >
> > > > diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig
> > > > index 47cd074aa1..fd2203420c 100644
> > > > --- a/drive
On Wed, 13 Apr 2022 at 15:05, Bin Meng wrote:
>
> On Wed, Mar 30, 2022 at 12:59 AM Andrew Scull wrote:
> >
> > Evolve dm_pci_map_bar() to include an offset and length parameter. These
> > allow a portion of the memory to be mapped and range checks to be
> > app
On Wed, 13 Apr 2022 at 15:03, Bin Meng wrote:
>
> On Wed, Mar 30, 2022 at 12:59 AM Andrew Scull wrote:
> >
> > Add tests for the functions dm_pci_bus_to_phys() and
> > dm_pci_phys_to_bus() which convert between PCI bus addresses and
> > physical addresses based on t
> > diff --git a/drivers/pci/pci-uclass.c b/drivers/pci/pci-uclass.c
> > index 33dda2..8bbeb62f2e 100644
> > --- a/drivers/pci/pci-uclass.c
> > +++ b/drivers/pci/pci-uclass.c
> > @@ -1533,8 +1533,8 @@ static phys_addr_t dm_pci_map_ea_virt(struct udevice
> > *dev, int ea_off,
> > return
Add a regression test for virtio-rng reading beyond the end of its
buffer if the virtio device provides an invalid length.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/Makefile | 1 +
test/dm/virtio_rng.c | 52
2 files
Check the length of data written by the device is consistent with the
size of the buffers to avoid out-of-bounds memory accesses in case
values aren't consistent.
Signed-off-by: Andrew Scull
Cc: Sughosh Ganu
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_rng.c | 3 +++
1 file chang
Once the virtio-rng driver has been bound, probe it to trigger the pre
and post child probe hooks of the virtio uclass driver. Check the status
of the virtio device to confirm it reached the expected state.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/virtio_device.c | 9
Virtio tests that find a child device require the virtio device driver
to be included in the build so it can probe. The sandbox virtio
transport driver currently reports a virtio-blk device so make sure the
corresponding driver is built before running tests that need it.
Signed-off-by: Andrew
The virtio-rng driver is extremely simple, making it suitable for
testing more of the virtio uclass logic. Have the sandbox driver bind
the virtio-rng driver rather than the virtio-blk driver so it can be
used in tests.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio
ge and it was a bad example.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/virtio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/dm/virtio.c b/test/dm/virtio.c
index aa4e3d778e..ff1dea323c 100644
--- a/test/dm/virtio.c
+++ b/test/dm/virtio.c
The virtio sandbox transport was setting the device features value to
the bit index rather than shifting a bit to the right index. Fix this
using the bit manipulation macros.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_sandbox.c | 2 +-
test/dm/virtio.c
The virtio ring is the basis of virtio communication. Test its basic
functionality and its resilience against corruption from the device.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
test/dm/virtio.c | 72
1 file changed, 72
When the device returns used buffers, it should refer to the descriptor
that is the head of the descriptor chain for that buffer. Confirm this
to be the case by tracking the head of descriptor chains that have been
made available to the device.
Signed-off-by: Andrew Scull
Reviewed-by: Simon
: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_ring.c | 49
include/virtio_ring.h| 10
2 files changed, 43 insertions(+), 16 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 8e0cb3d666
Move the logic for attaching a descriptor to its own function.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_ring.c | 30 +++---
1 file changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers
The variables `total_sg` and `descs_used` have the same value. Replace
the few uses of `total_sg` with `descs_used` to simplify the situation.
Signed-off-by: Andrew Scull
Reviewed-by: Simon Glass
---
drivers/virtio/virtio_ring.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions
On Tue, 12 Apr 2022 at 19:10, Tom Rini wrote:
>
> On Thu, Mar 31, 2022 at 10:09:38AM +, Andrew Scull wrote:
>
> > Continuing the theme of making the virtio code resilient against
> > corruption of the buffers shared with the device, this series focusses
> > o
On Mon, 11 Apr 2022 at 19:36, Simon Glass wrote:
>
> Hi Andrew,
>
> On Thu, 7 Apr 2022 at 03:41, Andrew Scull wrote:
> >
> > Add a fuzzer to test the vring handling code against unexpected
> > mutations from the virtio device.
> >
> > After building the
On Mon, 11 Apr 2022 at 23:15, Heinrich Schuchardt wrote:
>
> On 4/7/22 11:41, Andrew Scull wrote:
> > The sandbox doesn't populate the EFI lists so explicitly set the list
> > start and end symbols to indicate that the lists are empty. This
> > simplifies the linker s
On Thu, 7 Apr 2022 at 08:20, Heinrich Schuchardt wrote:
>
> On 3/31/22 12:09, Andrew Scull wrote:
> > The virtio-rng driver is extremely simple, making it suitable for
> > testing more of the virtio uclass logic. Have the sandbox driver bind
> > the virtio-rng driver ra
On Wed, 6 Apr 2022 at 15:18, Pierre-Clément Tosi wrote:
>
> Hi,
>
> On Thu, Mar 31, 2022 at 10:09:48AM +0000, Andrew Scull wrote:
> > Check the length of data written by the device is consistent with the
> > size of the buffers to avoid out-of-bounds memory accesses i
limted value but has able to spot immediate buffer overruns.
The instrumentation is extremely intrusive and would be benefited by
more intrusions to increase redzone sizes etc.
Signed-off-by: Andrew Scull
---
common/dlmalloc.c | 284 --
include
Move the program's entry point to os.c, in preparation for a separate
fuzzing entry point to be added.
Signed-off-by: Andrew Scull
---
arch/sandbox/cpu/os.c | 6 ++
arch/sandbox/cpu/start.c| 2 +-
arch/sandbox/include/asm/main.h | 18 ++
3 files ch
Add a fuzzing engine driver for the sandbox to take inputs from
libfuzzer and expose them to the fuzz tests.
Signed-off-by: Andrew Scull
---
arch/Kconfig | 2 ++
arch/sandbox/dts/test.dts | 4 +++
drivers/fuzzing_engine/Kconfig
h clang's ASAN
instrumentation which tries to add redzones between the linker list
elements, causing expected accesses to fail. However, clang doesn't try
to add redzones to user sections, which are names with all alphanumeric
and underscore characters.
Signed-off-by: An
Add an implementation of LLVMFuzzerTestOneInput() that starts the
sandbox on a secondary thread and exposes a function to synchronize the
generation of fuzzing inputs with their consumption by the sandbox.
Signed-off-by: Andrew Scull
---
arch/sandbox/config.mk| 3 +
arch
Add the basic infrastructure for declaring fuzz tests and a command to
invoke them.
Signed-off-by: Andrew Scull
---
Kconfig | 8 +
include/test/fuzz.h | 51 +++
test/Makefile| 1 +
test/fuzz/Makefile | 7
test/fuzz/cmd_fuzz.c | 82
tions. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
Signed-off-by: Andrew Scull
---
Kconfig | 7 +++
arch/sandbox/conf
This new class of device will provide fuzzing inputs from a fuzzing
engine.
Signed-off-by: Andrew Scull
---
drivers/Kconfig | 2 +
drivers/Makefile | 1 +
drivers/fuzzing_engine/Kconfig| 6 +++
drivers/fuzzing_engine
Use the common infrastructure to create a linker list of the sandbox
command line flags rather than using a custom method.
The list is changed from containing pointers to containing structs and
the uses are updated accordingly.
Signed-off-by: Andrew Scull
---
arch/sandbox/cpu/os.c
ASAN.
Signed-off-by: Andrew Scull
---
arch/sandbox/cpu/u-boot.lds | 32 +---
arch/sandbox/lib/Makefile | 2 +-
arch/sandbox/lib/sections.c | 13 -
3 files changed, 6 insertions(+), 41 deletions(-)
delete mode 100644 arch/sandbox/lib/sections.c
diff --git
This tests calls regmap_read() which takes a uint pointer as an output
parameter. The test was passing a pointer to a u16 which resulted in an
overflow when the output was written. Fix this by following the
regmap_read() API and passing a uint pointer instead.
Signed-off-by: Andrew Scull
Cc
On Sun, 27 Mar 2022 at 21:27, Simon Glass wrote:
>
> LTO (Link-Time Optimisation) is an very useful feature which can
> significantly reduce the size of U-Boot binaries. So far it has been
> made available for selected ARM boards and sandbox.
>
> However, incremental builds are much slower when LT
When the device returns used buffers, it should refer to the descriptor
that is the head of the descriptor chain for that buffer. Confirm this
to be the case by tracking the head of descriptor chains that have been
made available to the device.
Signed-off-by: Andrew Scull
---
drivers/virtio
The variables `total_sg` and `descs_used` have the same value. Replace
the few uses of `total_sg` with `descs_used` to simplify the situation.
Signed-off-by: Andrew Scull
---
drivers/virtio/virtio_ring.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/virtio
: Andrew Scull
---
drivers/virtio/virtio_ring.c | 49
include/virtio_ring.h| 10
2 files changed, 43 insertions(+), 16 deletions(-)
diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
index 8e0cb3d666..69fd8c6aa0 100644
--- a
The virtio PCI capabilities describe regions of memory that should be
mapped. Map those with dm_pci_map_bar() which will ensure they are valid
PCI regions.
Signed-off-by: Andrew Scull
---
drivers/virtio/virtio_pci_modern.c | 18 --
1 file changed, 8 insertions(+), 10 deletions
igned-off-by: Andrew Scull
---
drivers/bios_emulator/atibios.c | 4 ++--
drivers/pci/pci-uclass.c| 4 ++--
include/pci.h | 19 ++-
3 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/drivers/bios_emulator/atibios.c b/drivers/bios_emulator/atib
.
Signed-off-by: Andrew Scull
---
arch/sandbox/dts/test.dts | 2 +-
test/dm/pci.c | 102 ++
2 files changed, 103 insertions(+), 1 deletion(-)
diff --git a/arch/sandbox/dts/test.dts b/arch/sandbox/dts/test.dts
index 48ca3e1e47..76c75e08e7 100644
The flags parameter of dm_pci_map_bar() is used for PCI region flags
rather than memory mapping flags. Fix the type to match that of the
region flags and stop using the regions flags as memory mapping flags.
Signed-off-by: Andrew Scull
---
drivers/pci/pci-uclass.c | 10 +-
include/pci.h
When parsing the `ranges` DT node, check that both extremes of the
regions are addressable without overflow. This assumption can then be
safely made when processing the regions.
Signed-off-by: Andrew Scull
Reviewed-by: Bin Meng
---
drivers/pci/pci-uclass.c | 17 -
1 file
-of-use problems,
should the value in the configuration space change. The range check of
the `bar` field and the later call to `dm_pci_read_bar32()` is an
example of where this could happen.
Signed-off-by: Andrew Scull
---
drivers/virtio/virtio_pci_modern.c | 72 --
1
Ensure the virtio PCI capabilities are contained within the bounds of
the device's configuration space. The expected size of the capability is
passed when searching for the capability to enforce this check.
Signed-off-by: Andrew Scull
---
drivers/virtio/virtio_pci_modern.c
Make sure virtio notifications are written within their allocated
buffer.
Signed-off-by: Andrew Scull
Reviewed-by: Bin Meng
---
drivers/virtio/virtio_pci_modern.c | 17 +++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/virtio/virtio_pci_modern.c
b
Check that the common config is at least as large as the struct it is
expected to contain. Only then is it safe to cast the pointer and be
safe from out-of-bounds accesses.
Signed-off-by: Andrew Scull
Reviewed-by: Bin Meng
---
drivers/virtio/virtio_pci_modern.c | 8
1 file changed, 8
The device config is optional, so check it was present and mapped before
trying to use the pointer. Bounds violations are an error, not just a
warning, so bail if the checks fail.
Signed-off-by: Andrew Scull
Reviewed-by: Bin Meng
---
drivers/virtio/virtio_pci_modern.c | 16
1
the current
implementations don't have the needed consistencty checks.
Changelog:
v2:
- Refactor dm_pci_* functions, not adding new ones
- Reorder patches per request in v1
Andrew Scull (18):
virtio: pci: Allow exclusion of legacy driver
virtio: pci: Fix discovery of device config l
On Fri, 25 Mar 2022 at 07:14, Bin Meng wrote:
>
> On Sun, Mar 20, 2022 at 7:42 PM Andrew Scull wrote:
> >
> > Add a function to convert a PCI address range to a physical address
> > range. The address range is validated to ensure it is contained within
> > one of th
On Thu, 24 Mar 2022 at 15:24, Bin Meng wrote:
>
> On Sun, Mar 20, 2022 at 7:41 PM Andrew Scull wrote:
> >
> > Ensure the virtio PCI capabilities are contained within the bounds of
> > the device's configuration space. The expected size of the capability is
>
75 matches
Mail list logo
