From patchwork Thu Sep 4 13:04:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 220 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1756991137; bh=8iomBcgHRQQ4czh6sAsTsUJjG1CLQrJ5UhOSdRpYhPE=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=c5wxlmtQ7YNqXyQLVTYFyd/4pnOjGvP8q3xpHzGBsHWcHZDiGlMo0UcADVwz1DZpH Bi4Cn93Gt2nLE7q+A/aL/tKRqGYfYUCw/68kRMp952ZGqW9s16Y07zPUYB2vpUlDq7 NK9uQ+U/ys/02XLOwV2qxGvy8F2J6+gAM0y/NIKVABtBjlUDN85mrB2JRg6usukMST oWz9DHVpNv0oiYhKeeqYixeeoWZadmdOEM9kEp2tUYoBBVBOoCyQfUkdkz4ezgBXhQ 4znYHjc0QLvGtd3Ivod/IghbhswvNYjQrJKh09I4KR9Ob/9iFOU+y/u1TNfh6qEBbV OMv9b3ciU+DSA== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id DD04E6795C for ; Thu, 4 Sep 2025 07:05:37 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id kaMsBm10zFAT for ; Thu, 4 Sep 2025 07:05:37 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1756991137; bh=8iomBcgHRQQ4czh6sAsTsUJjG1CLQrJ5UhOSdRpYhPE=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=c5wxlmtQ7YNqXyQLVTYFyd/4pnOjGvP8q3xpHzGBsHWcHZDiGlMo0UcADVwz1DZpH Bi4Cn93Gt2nLE7q+A/aL/tKRqGYfYUCw/68kRMp952ZGqW9s16Y07zPUYB2vpUlDq7 NK9uQ+U/ys/02XLOwV2qxGvy8F2J6+gAM0y/NIKVABtBjlUDN85mrB2JRg6usukMST oWz9DHVpNv0oiYhKeeqYixeeoWZadmdOEM9kEp2tUYoBBVBOoCyQfUkdkz4ezgBXhQ 4znYHjc0QLvGtd3Ivod/IghbhswvNYjQrJKh09I4KR9Ob/9iFOU+y/u1TNfh6qEBbV OMv9b3ciU+DSA== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id C71196795E for ; Thu, 4 Sep 2025 07:05:37 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1756991136; bh=Jks8s3eJBu2M7bW4kISynsudaY2Jr6ltb48vMSpHAHI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cOrgiGU7qtM4YBe/qgvbKLyNg3T4HudUaQFvUHaOxMyme+nXaW7S3UWVJ27d4k0ab e26p51o6qA9NjHTWnvVThg5DmiJnIVat+T3scRvjOrhw1Nc1Vu4l9gT1BneMe69sb/ +6LgD7j0fx72kbNKlEtMOLufDGxN8Els5jPNstel0Qed4AamF0+Vdf1xjOv+FR+K0G kWsDe9WLxPqxNrGYzS9jzAGYiTszPSkjqyXSaPHySJ/+uPxyVk1UWAmTxerp5825MS Ds2jQnVI+kQ626+5Fxj1veLAtSDTdFDDHpHJiE2t63FkwfxM56cvB+AeIF7Tw22gdC pMKQYo0uq6RQw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id A0A986795C; Thu, 4 Sep 2025 07:05:36 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id NLtp9IkMa4BF; Thu, 4 Sep 2025 07:05:36 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1756991132; bh=7fWddYT/cH2ic11yhGYXZTA+q8p6IMG4j4RuLWPI57o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=K5ZwTZ0cqBqh8um86LFaVmKJU85cOJcskQcfM0Hvya6Rd1L9ofC34N1BZoH7vdb75 qeNBFcbcwGSN389/8rXC1WPb19L1UbAeFA6bEck5J7oz+GIvJD6eK7En7JENVd+rTc tdY6I6Z7qRVbYuPMhtUZGXpPOHyp3aIAq7BpoYnlan4q2uvqETwG+MxKSP6vsOYpVP 1tFqdJv5Csmod4F0LmuBeiembXgqgf96gNt05Aqdj7p+vleLgh3QPvbe3n6m8A3XSA DboCK/MQ3rpZJqDyMdKHlGlH/4wTgMrUa/tm947Ij/UYZo9lhu9IP3DRSTR0xPdmwm IIJ94dc5uh1uA== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 3D909678AB; Thu, 4 Sep 2025 07:05:32 -0600 (MDT) From: Simon Glass To: U-Boot Concept Date: Thu, 4 Sep 2025 07:04:39 -0600 Message-ID: <20250904130459.848794-7-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250904130459.848794-1-sjg@u-boot.org> References: <20250904130459.848794-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: FBO2VEYFO2QESGZTTBWKDEHX7LEPOOP4 X-Message-ID-Hash: FBO2VEYFO2QESGZTTBWKDEHX7LEPOOP4 X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 06/18] sandbox: Split main() into separate file List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Normally sandbox includes a main() function so that it can be started correctly. When fuzzing is enabled, main() is not required. When sandbox is built as a library, the main program will be somewhere else so must not be in the library. Split the main() function out into a new main.c file. Split the fuzzing code into a new fuzz.c file. Co-developed-by: Claude Signed-off-by: Simon Glass --- arch/sandbox/cpu/Makefile | 7 +- arch/sandbox/cpu/fuzz.c | 81 +++++++++++++++++++++++ arch/sandbox/cpu/main.c | 11 +++ arch/sandbox/cpu/os.c | 74 --------------------- arch/sandbox/cpu/start.c | 1 + arch/sandbox/include/asm/u-boot-sandbox.h | 5 +- 6 files changed, 102 insertions(+), 77 deletions(-) create mode 100644 arch/sandbox/cpu/fuzz.c create mode 100644 arch/sandbox/cpu/main.c diff --git a/arch/sandbox/cpu/Makefile b/arch/sandbox/cpu/Makefile index 03cdf2ae0f1..35f853776f7 100644 --- a/arch/sandbox/cpu/Makefile +++ b/arch/sandbox/cpu/Makefile @@ -6,13 +6,18 @@ # Wolfgang Denk, DENX Software Engineering, wd@denx.de. obj-y := cache.o cpu.o mem.o state.o os.o +ifdef CONFIG_FUZZ +obj-y += fuzz.o +else +obj-y += main.o +endif extra-y := start.o extra-$(CONFIG_SANDBOX_SDL) += sdl.o obj-$(CONFIG_XPL_BUILD) += spl.o obj-$(CONFIG_ETH_SANDBOX_RAW) += eth-raw-os.o # Compile these files with system headers -CFLAGS_USE_SYSHDRS := eth-raw-os.o os.o sdl.o +CFLAGS_USE_SYSHDRS := eth-raw-os.o fuzz.o main.o os.o sdl.o # sdl.c fails to build with -fshort-wchar using musl cmd_cc_sdl.o = $(CC) $(filter-out -nostdinc -fshort-wchar, \ diff --git a/arch/sandbox/cpu/fuzz.c b/arch/sandbox/cpu/fuzz.c new file mode 100644 index 00000000000..f017c3a33ad --- /dev/null +++ b/arch/sandbox/cpu/fuzz.c @@ -0,0 +1,81 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2022 Google, Inc. + * Written by Andrew Scull + */ + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +static void *fuzzer_thread(void *ptr) +{ + char cmd[64]; + char *argv[5] = {"./u-boot", "-T", "-c", cmd, NULL}; + const char *fuzz_test; + + /* Find which test to run from an environment variable. */ + fuzz_test = getenv("UBOOT_SB_FUZZ_TEST"); + if (!fuzz_test) + os_abort(); + + snprintf(cmd, sizeof(cmd), "fuzz %s", fuzz_test); + + sandbox_main(4, argv); + os_abort(); + return NULL; +} + +static bool fuzzer_initialized; +static pthread_mutex_t fuzzer_mutex = PTHREAD_MUTEX_INITIALIZER; +static pthread_cond_t fuzzer_cond = PTHREAD_COND_INITIALIZER; +static const uint8_t *fuzzer_data; +static size_t fuzzer_size; + +int sandbox_fuzzing_engine_get_input(const uint8_t **data, size_t *size) +{ + if (!fuzzer_initialized) + return -ENOSYS; + + /* Tell the main thread we need new inputs then wait for them. */ + pthread_mutex_lock(&fuzzer_mutex); + pthread_cond_signal(&fuzzer_cond); + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + *data = fuzzer_data; + *size = fuzzer_size; + pthread_mutex_unlock(&fuzzer_mutex); + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + static pthread_t tid; + + pthread_mutex_lock(&fuzzer_mutex); + + /* Initialize the sandbox on another thread. */ + if (!fuzzer_initialized) { + fuzzer_initialized = true; + if (pthread_create(&tid, NULL, fuzzer_thread, NULL)) + os_abort(); + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + } + + /* Hand over the input. */ + fuzzer_data = data; + fuzzer_size = size; + pthread_cond_signal(&fuzzer_cond); + + /* Wait for the inputs to be finished with. */ + pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); + pthread_mutex_unlock(&fuzzer_mutex); + + return 0; +} diff --git a/arch/sandbox/cpu/main.c b/arch/sandbox/cpu/main.c new file mode 100644 index 00000000000..617295d142c --- /dev/null +++ b/arch/sandbox/cpu/main.c @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Copyright (c) 2011 The Chromium OS Authors. + */ + +#include + +int main(int argc, char *argv[]) +{ + return sandbox_main(argc, argv); +} diff --git a/arch/sandbox/cpu/os.c b/arch/sandbox/cpu/os.c index d1632e6af69..1c4e23cb4eb 100644 --- a/arch/sandbox/cpu/os.c +++ b/arch/sandbox/cpu/os.c @@ -10,7 +10,6 @@ #include #include #include -#include #include #include #include @@ -28,7 +27,6 @@ #include #include -#include #include #include #include @@ -1151,75 +1149,3 @@ void os_relaunch(char *argv[]) execv(argv[0], argv); os_exit(1); } - -#ifdef CONFIG_FUZZ -static void *fuzzer_thread(void * ptr) -{ - char cmd[64]; - char *argv[5] = {"./u-boot", "-T", "-c", cmd, NULL}; - const char *fuzz_test; - - /* Find which test to run from an environment variable. */ - fuzz_test = getenv("UBOOT_SB_FUZZ_TEST"); - if (!fuzz_test) - os_abort(); - - snprintf(cmd, sizeof(cmd), "fuzz %s", fuzz_test); - - sandbox_main(4, argv); - os_abort(); - return NULL; -} - -static bool fuzzer_initialized = false; -static pthread_mutex_t fuzzer_mutex = PTHREAD_MUTEX_INITIALIZER; -static pthread_cond_t fuzzer_cond = PTHREAD_COND_INITIALIZER; -static const uint8_t *fuzzer_data; -static size_t fuzzer_size; - -int sandbox_fuzzing_engine_get_input(const uint8_t **data, size_t *size) -{ - if (!fuzzer_initialized) - return -ENOSYS; - - /* Tell the main thread we need new inputs then wait for them. */ - pthread_mutex_lock(&fuzzer_mutex); - pthread_cond_signal(&fuzzer_cond); - pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); - *data = fuzzer_data; - *size = fuzzer_size; - pthread_mutex_unlock(&fuzzer_mutex); - return 0; -} - -int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - static pthread_t tid; - - pthread_mutex_lock(&fuzzer_mutex); - - /* Initialize the sandbox on another thread. */ - if (!fuzzer_initialized) { - fuzzer_initialized = true; - if (pthread_create(&tid, NULL, fuzzer_thread, NULL)) - os_abort(); - pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); - } - - /* Hand over the input. */ - fuzzer_data = data; - fuzzer_size = size; - pthread_cond_signal(&fuzzer_cond); - - /* Wait for the inputs to be finished with. */ - pthread_cond_wait(&fuzzer_cond, &fuzzer_mutex); - pthread_mutex_unlock(&fuzzer_mutex); - - return 0; -} -#else -int main(int argc, char *argv[]) -{ - return sandbox_main(argc, argv); -} -#endif diff --git a/arch/sandbox/cpu/start.c b/arch/sandbox/cpu/start.c index 8ee12ed1500..40a3559d244 100644 --- a/arch/sandbox/cpu/start.c +++ b/arch/sandbox/cpu/start.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include diff --git a/arch/sandbox/include/asm/u-boot-sandbox.h b/arch/sandbox/include/asm/u-boot-sandbox.h index 54f0d9832b1..001b00fe41e 100644 --- a/arch/sandbox/include/asm/u-boot-sandbox.h +++ b/arch/sandbox/include/asm/u-boot-sandbox.h @@ -46,8 +46,9 @@ void __noreturn sandbox_exit(void); * * @argc: the number of arguments passed to the program * @argv: array of argc+1 pointers, of which the last one is null - - * This starts sandbox. It does not return unless something goes wrong. + * + * This calls sandbox_init(), then board_init_f/r(). It does not return unless + * something goes wrong. * * Return: 1 on error */