ish: Trim down the release branchstabilize-wristpin-14469.59.B-ishstabilize-voshyr-14637.B-ishstabilize-quickfix-14695.187.B-ishstabilize-quickfix-14695.124.B-ishstabilize-quickfix-14526.91.B-ishstabilize-14695.85.B-ishstabilize-14695.107.B-ishstabilize-14682.B-ishstabilize-14633.B-ishstabilize-14616.B-ishstabilize-14589.B-ishstabilize-14588.98.B-ishstabilize-14588.14.B-ishstabilize-14588.123.B-ishstabilize-14536.B-ishstabilize-14532.B-ishstabilize-14528.B-ishstabilize-14526.89.B-ishstabilize-14526.84.B-ishstabilize-14526.73.B-ishstabilize-14526.67.B-ishstabilize-14526.57.B-ishstabilize-14498.B-ishstabilize-14496.B-ishstabilize-14477.B-ishstabilize-14469.9.B-ishstabilize-14469.8.B-ishstabilize-14469.58.B-ishstabilize-14469.41.B-ishstabilize-14442.B-ishstabilize-14438.B-ishstabilize-14411.B-ishstabilize-14396.B-ishstabilize-14395.B-ishstabilize-14388.62.B-ishstabilize-14388.61.B-ishstabilize-14388.52.B-ishstabilize-14385.B-ishstabilize-14345.B-ishstabilize-14336.B-ishstabilize-14333.B-ishrelease-R99-14469.B-ishrelease-R98-14388.B-ishrelease-R102-14695.B-ishrelease-R101-14588.B-ishrelease-R100-14526.B-ishfirmware-cherry-14454.B-ishfirmware-brya-14505.B-ishfirmware-brya-14505.71.B-ishfactory-kukui-14374.B-ishfactory-guybrush-14600.B-ishfactory-cherry-14455.B-ishfactory-brya-14517.B-ish

In the interest of making long-term branch maintenance incur as little
technical debt on us as possible, we should not maintain any files on
the branch we are not actually using.

This has the added effect of making it extremely clear when merging CLs
from the main branch when changes have the possibility to affect us.

The follow-on CL adds a convenience script to actually pull updates from
the main branch and generate a CL for the update.

BUG=b:204206272
BRANCH=ish
TEST=make BOARD=arcada_ish && make BOARD=drallion_ish

Signed-off-by: Jack Rosenthal <jrosenth@chromium.org>
Change-Id: I17e4694c38219b5a0823e0a3e55a28d1348f4b18
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3262038
Reviewed-by: Jett Rink <jettrink@chromium.org>
Reviewed-by: Tom Hughes <tomhughes@chromium.org>

17 files changed, 0 insertions, 857 deletions

diff --git a/fuzz/build.mk b/fuzz/build.mk
deleted file mode 100644
index 3b5f117d20..0000000000
--- a/fuzz/build.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-# -*- makefile -*-
-# Copyright 2018 The Chromium OS Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style license that can be
-# found in the LICENSE file.
-#
-# fuzzer binaries
-#
-
-fuzz-test-list-host =
-# Fuzzers should only be built for architectures that support sanitizers.
-ifeq ($(ARCH),amd64)
-fuzz-test-list-host += host_command_fuzz usb_pd_fuzz usb_tcpm_v2_rev20_fuzz \
-	usb_tcpm_v2_rev30_fuzz pchg_fuzz
-endif
-
-# For fuzzing targets libec.a is built from the ro objects and hides functions
-# that collide with stdlib. The rw only objects are then linked against libec.a
-# with stdlib support. Therefore fuzzing targets that need to call this internal
-# functions should be marked "-y" or "-ro", and fuzzing targets that need stdlib
-# should be marked "-rw". In other words:
-#
-# Does your object file need to link against the Cr50 implementations of stdlib
-# functions?
-#   Yes -> use <obj_name>-y
-# Does your object file need to link against cstdlib?
-#   Yes -> use <obj_name>-rw
-# Otherwise use <obj_name>-y
-host_command_fuzz-y = host_command_fuzz.o
-usb_pd_fuzz-y = usb_pd_fuzz.o
-usb_tcpm_v2_rev30_fuzz-y = usb_pd_fuzz.o usb_tcpm_v2_rev30_fuzz.o \
-	../test/fake_battery.o
-usb_tcpm_v2_rev20_fuzz-y = usb_pd_fuzz.o usb_tcpm_v2_rev20_fuzz.o \
-	../test/fake_battery.o
-pchg_fuzz-y = pchg_fuzz.o
\ No newline at end of file
diff --git a/fuzz/fuzz_config.h b/fuzz/fuzz_config.h
deleted file mode 100644
index fb974ea727..0000000000
--- a/fuzz/fuzz_config.h
+++ /dev/null
@@ -1,100 +0,0 @@
-/* Copyright 2018 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/* Fuzzer target config flags */
-
-#ifndef __FUZZ_FUZZ_CONFIG_H
-#define __FUZZ_FUZZ_CONFIG_H
-#ifdef TEST_FUZZ
-
-/* Disable hibernate: We never want to exit while fuzzing. */
-#undef CONFIG_HIBERNATE
-
-#ifdef TEST_HOST_COMMAND_FUZZ
-#undef CONFIG_HOSTCMD_DEBUG_MODE
-
-/* Defining this makes fuzzing slower, but exercises additional code paths. */
-#define FUZZ_HOSTCMD_VERBOSE
-
-#ifdef FUZZ_HOSTCMD_VERBOSE
-#define CONFIG_HOSTCMD_DEBUG_MODE HCDEBUG_PARAMS
-#else
-#define CONFIG_HOSTCMD_DEBUG_MODE HCDEBUG_OFF
-#endif /* ! FUZZ_HOSTCMD_VERBOSE */
-
-/* The following are for fpsensor host commands. */
-#define CONFIG_AES
-#define CONFIG_AES_GCM
-#define CONFIG_ROLLBACK_SECRET_SIZE 32
-#define CONFIG_SHA256
-
-#endif /* TEST_HOST_COMMAND_FUZZ */
-
-#ifdef TEST_USB_PD_FUZZ
-#define CONFIG_USB_POWER_DELIVERY
-#define CONFIG_USB_PD_TCPMV1
-#define CONFIG_USB_PD_DUAL_ROLE
-#define CONFIG_USB_PD_PORT_MAX_COUNT 2
-#define CONFIG_SHA256
-#define CONFIG_SW_CRC
-#endif /* TEST_USB_PD_FUZZ */
-
-#ifdef TEST_USB_TCPM_V2_REV30_FUZZ
-#define CONFIG_USB_PD_DUAL_ROLE
-#define CONFIG_USB_PD_PORT_MAX_COUNT 2
-#define CONFIG_USB_PD_TCPC_LOW_POWER
-#define CONFIG_USB_PD_TRY_SRC
-#define CONFIG_USB_PID 0x5555
-#define CONFIG_USB_POWER_DELIVERY
-#define CONFIG_USB_PRL_SM
-#define CONFIG_USB_PD_REV30
-#define CONFIG_USB_PD_TCPMV2
-#define CONFIG_USB_PD_DECODE_SOP
-#define CONFIG_USB_DRP_ACC_TRYSRC
-#define CONFIG_USB_PD_ALT_MODE_DFP
-#define CONFIG_USBC_SS_MUX
-#define CONFIG_USBC_VCONN
-#define CONFIG_USBC_VCONN_SWAP
-#define CONFIG_USBC_VCONN_SWAP_DELAY_US 5000
-#define CONFIG_SHA256
-#define CONFIG_SW_CRC
-#define CONFIG_USB_PD_3A_PORTS 0 /* Host does not define a 3.0 A PDO */
-#endif /* TEST_USB_TCPM_V2_REV30_FUZZ */
-
-#ifdef TEST_USB_TCPM_V2_REV20_FUZZ
-#define CONFIG_USB_PD_DUAL_ROLE
-#define CONFIG_USB_PD_PORT_MAX_COUNT 2
-#define CONFIG_USB_PD_TCPC_LOW_POWER
-#define CONFIG_USB_PD_TRY_SRC
-#define CONFIG_USB_PID 0x5555
-#define CONFIG_USB_POWER_DELIVERY
-#define CONFIG_USB_PRL_SM
-#define CONFIG_USB_PD_TCPMV2
-#define CONFIG_USB_PD_DECODE_SOP
-#define CONFIG_USB_DRP_ACC_TRYSRC
-#define CONFIG_USB_PD_ALT_MODE_DFP
-#define CONFIG_USBC_SS_MUX
-#define CONFIG_USBC_VCONN
-#define CONFIG_USBC_VCONN_SWAP
-#define CONFIG_USBC_VCONN_SWAP_DELAY_US 5000
-#define CONFIG_SHA256
-#define CONFIG_SW_CRC
-#define CONFIG_USB_PD_3A_PORTS 0 /* Host does not define a 3.0 A PDO */
-#endif /* TEST_USB_TCPM_V2_REV20_FUZZ */
-
-#ifdef TEST_PCHG_FUZZ
-#define CONFIG_CTN730
-#define CONFIG_DEVICE_EVENT
-#define CONFIG_MKBP_EVENT
-#define CONFIG_MKBP_USE_GPIO
-#define CONFIG_PERIPHERAL_CHARGER
-#define I2C_PORT_WLC		0
-#define GPIO_WLC_IRQ_CONN	1
-#define GPIO_WLC_NRST_CONN	2
-#define GPIO_PCHG_P0 GPIO_WLC_IRQ_CONN
-#endif  /* TEST_PCHG_FUZZ */
-
-#endif  /* TEST_FUZZ */
-#endif  /* __FUZZ_FUZZ_CONFIG_H */
diff --git a/fuzz/host_command_fuzz.c b/fuzz/host_command_fuzz.c
deleted file mode 100644
index 4ca94ff616..0000000000
--- a/fuzz/host_command_fuzz.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* Copyright 2018 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Fuzz host command.
- */
-
-#include <pthread.h>
-#include <sys/time.h>
-
-#include "common.h"
-#include "console.h"
-#include "host_command.h"
-#include "host_test.h"
-#include "task.h"
-#include "test_util.h"
-#include "timer.h"
-#include "util.h"
-
-/* Only test requests with valid size and checksum (makes fuzzing faster) */
-#define VALID_REQUEST_ONLY
-
-#define TASK_EVENT_FUZZ TASK_EVENT_CUSTOM_BIT(0)
-#define TASK_EVENT_HOSTCMD_DONE TASK_EVENT_CUSTOM_BIT(1)
-
-/* Request/response buffer size (and maximum command length) */
-#define BUFFER_SIZE 128
-
-struct host_packet pkt;
-static uint8_t resp_buf[BUFFER_SIZE];
-struct ec_host_response *resp = (struct ec_host_response *)resp_buf;
-static uint8_t req_buf[BUFFER_SIZE];
-static struct ec_host_request *req = (struct ec_host_request *)req_buf;
-
-static void hostcmd_respond(struct host_packet *pkt)
-{
-	task_set_event(TASK_ID_TEST_RUNNER, TASK_EVENT_HOSTCMD_DONE);
-}
-
-static char calculate_checksum(const char *buf, int size)
-{
-	int c = 0;
-	int i;
-
-	for (i = 0; i < size; ++i)
-		c += buf[i];
-
-	return -c;
-}
-
-struct chunk {
-	int start;
-	int size;
-};
-
-static int hostcmd_fill(const uint8_t *data, size_t size)
-{
-	static int first = 1;
-
-#ifdef VALID_REQUEST_ONLY
-	const int checksum_offset = offsetof(struct ec_host_request, checksum);
-	const int checksum_size = sizeof(req->checksum);
-	const int data_len_offset = offsetof(struct ec_host_request, data_len);
-	const int data_len_size = sizeof(req->data_len);
-
-	struct chunk chunks[3];
-
-	chunks[0].start = 0;
-	chunks[0].size = checksum_offset;
-	chunks[1].start = chunks[0].start + chunks[0].size + checksum_size;
-	chunks[1].size = data_len_offset - chunks[1].start;
-	chunks[2].start = chunks[1].start + chunks[1].size + data_len_size;
-	chunks[2].size = sizeof(req_buf) - chunks[2].start;
-#else
-	struct chunk chunks[1] = { {0, sizeof(req_buf)} };
-#endif
-
-	int ipos = 0;
-	int i;
-	int req_size = 0;
-
-	/*
-	 * TODO(chromium:854975): We should probably malloc req_buf with the
-	 * correct size, to make we do not read uninitialized req_buf data.
-	 */
-	memset(req_buf, 0, sizeof(req_buf));
-
-	/*
-	 * Fill in req_buf, according to chunks defined above (i.e. skipping
-	 * over checksum and data_len.
-	 */
-	for (i = 0; i < ARRAY_SIZE(chunks) && ipos < size; i++) {
-		int cp_size = MIN(chunks[i].size, size-ipos);
-
-		memcpy(req_buf + chunks[i].start, data + ipos, cp_size);
-
-		ipos += cp_size;
-
-		req_size = chunks[i].start + cp_size;
-	}
-
-	/* Not enough space in req_buf. */
-	if (ipos != size)
-		return -1;
-
-	pkt.request_size = req_size;
-	req->data_len = req_size - sizeof(*req);
-	req->checksum = calculate_checksum(req_buf, req_size);
-
-	/*
-	 * Print the full request on the first fuzzing attempt: useful to
-	 * report bugs, and write up commit messages when reproducing
-	 * issues.
-	 */
-	if (first) {
-		ccprintf("Request: cmd=%04x data=%ph\n",
-			req->command, HEX_BUF(req_buf, req_size));
-		first = 0;
-	}
-
-	pkt.send_response = hostcmd_respond;
-	pkt.request = (const void *)req_buf;
-	pkt.request_max = BUFFER_SIZE;
-	pkt.response = (void *)resp_buf;
-	pkt.response_max = BUFFER_SIZE;
-	pkt.driver_result = 0;
-
-	return 0;
-}
-
-static pthread_cond_t done_cond;
-static pthread_mutex_t lock;
-
-void run_test(int argc, char **argv)
-{
-	ccprints("Fuzzing task started");
-	wait_for_task_started();
-
-	while (1) {
-		task_wait_event_mask(TASK_EVENT_FUZZ, -1);
-		/* Send the host command (pkt prepared by main thread). */
-		host_packet_receive(&pkt);
-		task_wait_event_mask(TASK_EVENT_HOSTCMD_DONE, -1);
-		pthread_cond_signal(&done_cond);
-	}
-}
-
-int test_fuzz_one_input(const uint8_t *data, unsigned int size)
-{
-	/* Fill in req_buf. */
-	if (hostcmd_fill(data, size) < 0)
-		return 0;
-
-	task_set_event(TASK_ID_TEST_RUNNER, TASK_EVENT_FUZZ);
-	pthread_cond_wait(&done_cond, &lock);
-
-#ifdef VALID_REQUEST_ONLY
-	/*
-	 * We carefully crafted all our requests to have a valid checksum, so
-	 * we should never receive an invalid checksum error. (but ignore
-	 * EC_CMD_TEST_PROTOCOL, as it can lead to arbitrary result values).
-	 */
-	ASSERT(req->command == EC_CMD_TEST_PROTOCOL ||
-	       resp->result != EC_RES_INVALID_CHECKSUM);
-#endif
-
-	return 0;
-}
-
diff --git a/fuzz/host_command_fuzz.mocklist b/fuzz/host_command_fuzz.mocklist
deleted file mode 100644
index 4ffc786b32..0000000000
--- a/fuzz/host_command_fuzz.mocklist
+++ /dev/null
@@ -1,10 +0,0 @@
-/* Copyright 2019 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
- #define CONFIG_TEST_MOCK_LIST \
-	MOCK(FP_SENSOR)        \
-	MOCK(FPSENSOR_DETECT)  \
-	MOCK(MKBP_EVENTS)      \
-	MOCK(ROLLBACK)
diff --git a/fuzz/host_command_fuzz.tasklist b/fuzz/host_command_fuzz.tasklist
deleted file mode 100644
index 2ff8a94d98..0000000000
--- a/fuzz/host_command_fuzz.tasklist
+++ /dev/null
@@ -1,10 +0,0 @@
-/* Copyright 2018 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/**
- * See CONFIG_TASK_LIST in config.h for details.
- */
-#define CONFIG_TEST_TASK_LIST \
-        TASK_TEST(FPSENSOR, fp_task, NULL, TASK_STACK_SIZE)
diff --git a/fuzz/pchg_fuzz.c b/fuzz/pchg_fuzz.c
deleted file mode 100644
index 97dbca74c4..0000000000
--- a/fuzz/pchg_fuzz.c
+++ /dev/null
@@ -1,125 +0,0 @@
-/* Copyright 2021 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Test peripheral device charger module.
- */
-
-#define HIDE_EC_STDLIB
-#include "common.h"
-#include "compile_time_macros.h"
-#include "driver/nfc/ctn730.h"
-#include "peripheral_charger.h"
-#include "task.h"
-#include "test_util.h"
-#include "timer.h"
-#include "util.h"
-
-#include <pthread.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define TASK_EVENT_FUZZ TASK_EVENT_CUSTOM_BIT(0)
-
-extern struct pchg_drv ctn730_drv;
-struct pchg pchgs[] = {
-	[0] = {
-		.cfg = &(const struct pchg_config) {
-			.drv = &ctn730_drv,
-			.i2c_port = I2C_PORT_WLC,
-			.irq_pin = GPIO_WLC_IRQ_CONN,
-			.full_percent = 96,
-			.block_size = 128,
-		},
-		.events = QUEUE_NULL(PCHG_EVENT_QUEUE_SIZE, enum pchg_event),
-	},
-};
-const int pchg_count = ARRAY_SIZE(pchgs);
-
-static pthread_cond_t done_cond;
-static pthread_mutex_t lock;
-
-#define MAX_MESSAGES 8
-#define MAX_MESSAGE_SIZE (sizeof(struct ctn730_msg) \
-			  + member_size(struct ctn730_msg, length) * 256)
-static uint8_t input[MAX_MESSAGE_SIZE * MAX_MESSAGES];
-static uint8_t *head, *tail;
-static bool data_available;
-
-int pchg_i2c_xfer(int port, uint16_t addr_flags,
-		  const uint8_t *out, int out_size,
-		  uint8_t *in, int in_size, int flags)
-{
-	if (port != I2C_PORT_WLC || addr_flags != CTN730_I2C_ADDR)
-		return EC_ERROR_INVAL;
-
-	if (in == NULL || in_size == 0)
-		return EC_SUCCESS;
-
-	if (head + in_size >= tail) {
-		data_available = false;
-		return EC_ERROR_OVERFLOW;
-	}
-
-	memcpy(in, head, in_size);
-	head += in_size;
-
-	return EC_SUCCESS;
-}
-DECLARE_TEST_I2C_XFER(pchg_i2c_xfer);
-
-/*
- * Task for generating IRQs. The task priority is lower than the PCHG task so
- * that it can yield the CPU to the PCHG task.
- */
-void irq_task(int argc, char **argv)
-{
-	ccprints("%s task started", __func__);
-	wait_for_task_started();
-
-	while (1) {
-		int i = 0;
-
-		task_wait_event_mask(TASK_EVENT_FUZZ, -1);
-		test_chipset_on();
-
-		while (data_available && i++ < MAX_MESSAGES)
-			pchg_irq(pchgs[0].cfg->irq_pin);
-
-		test_chipset_off();
-
-		pthread_mutex_lock(&lock);
-		pthread_cond_signal(&done_cond);
-		pthread_mutex_unlock(&lock);
-	}
-
-}
-
-void run_test(int argc, char **argv)
-{
-	ccprints("Fuzzing task started");
-	task_wait_event(-1);
-}
-
-int test_fuzz_one_input(const uint8_t *data, unsigned int size)
-{
-	/* We're not interested in too small or too large input. */
-	if (size < sizeof(struct ctn730_msg) || sizeof(input) < size)
-		return 0;
-
-	pthread_mutex_init(&lock, NULL);
-	pthread_cond_init(&done_cond, NULL);
-
-	head = input;
-	tail = input + size;
-	memcpy(input, data, size);
-	data_available = true;
-
-	task_set_event(TASK_ID_IRQ, TASK_EVENT_FUZZ);
-
-	pthread_mutex_lock(&lock);
-	pthread_cond_wait(&done_cond, &lock);
-	pthread_mutex_unlock(&lock);
-
-	return 0;
-}
diff --git a/fuzz/pchg_fuzz.corpus b/fuzz/pchg_fuzz.corpus
deleted file mode 100644
index 0b069baf4f..0000000000
--- a/fuzz/pchg_fuzz.corpus
+++ /dev/null
@@ -1,26 +0,0 @@
-"\xae\x01"
-"\x18\x01\x00\x00"
-"\xff~"
-"\x01u"
-"\x80\x00\x00\x00"
-"Q\x00"
-"5\x00"
-"\xb7\x01\x00\x00"
-"\x01\x00\x00\x00\x01\x00\x00\x00"
-"\x00\x00\x00\x00\x00\x00\x00\x00"
-"\xff\xff\xff\x00n_\x0b\xc0"
-"\x92\x00"
-"\xff\xdc"
-"\xa6\x01"
-"\x85f\xfc$\x00\x00\x00\x00"
-"\xff\xff\xff\xff\xff\xff\xff\xff"
-"\xff\xff\xff\xff\x00\x00\x00\x00"
-"\xfff"
-"\x01\xcb"
-"\x8f\x00\x00\x00"
-"\xff\xff\xff\x0d"
-"=\x00\x00\x00"
-"\xbc\x00"
-"\x02\x91"
-"\xff\xff\xff\x00\x00\x00\x00\x00"
-"\x00y"
diff --git a/fuzz/pchg_fuzz.tasklist b/fuzz/pchg_fuzz.tasklist
deleted file mode 100644
index 5b30e09245..0000000000
--- a/fuzz/pchg_fuzz.tasklist
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Copyright 2021 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/**
- * See CONFIG_TASK_LIST in config.h for details.
- */
-#define CONFIG_TEST_TASK_LIST \
-	TASK_TEST(IRQ, irq_task, NULL, TASK_STACK_SIZE) \
-	TASK_TEST(PCHG, pchg_task, NULL, LARGER_TASK_STACK_SIZE) \
-	TASK_TEST(CHIPSET, chipset_task, NULL, LARGER_TASK_STACK_SIZE)
diff --git a/fuzz/span.h b/fuzz/span.h
deleted file mode 100644
index 531df832a3..0000000000
--- a/fuzz/span.h
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright 2018 The Chromium OS Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef __FUZZ_SPAN_H
-#define __FUZZ_SPAN_H
-
-#include <unistd.h>
-
-#include <algorithm>
-
-namespace fuzz {
-
-template <typename T>
-class span {
- public:
-  typedef T value_type;
-
-  constexpr span() : span<T>(nullptr, nullptr) {}
-  constexpr span(T* begin, size_t size) : begin_(begin), end_(begin + size) {}
-  constexpr span(T* begin, T* end) : begin_(begin), end_(end) {}
-
-  template <class Container>
-  constexpr span(Container& container)
-      : begin_(container.begin()), end_(container.end()){};
-
-  constexpr T* begin() const { return begin_; }
-  constexpr T* end() const { return end_; }
-
-  constexpr T* data() const { return begin_; }
-
-  constexpr bool empty() const { return begin_ == end_; }
-  constexpr size_t size() const { return end_ - begin_; }
-
- private:
-  T* begin_;
-  T* end_;
-};
-
-template <typename Source, typename Destination>
-size_t CopyWithPadding(Source source,
-                       Destination destination,
-                       typename Destination::value_type fill_value) {
-  if (source.size() >= destination.size()) {
-    std::copy(source.begin(), source.begin() + destination.size(),
-              destination.begin());
-    return destination.size();
-  }
-  std::copy(source.begin(), source.end(), destination.begin());
-  std::fill(destination.begin() + source.size(), destination.end(), fill_value);
-  return source.size();
-}
-
-}  // namespace fuzz
-
-#endif  // __FUZZ_SPAN_H
diff --git a/fuzz/usb_pd_fuzz.c b/fuzz/usb_pd_fuzz.c
deleted file mode 100644
index 64eb0913a6..0000000000
--- a/fuzz/usb_pd_fuzz.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/* Copyright 2018 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Test USB PD module.
- */
-#define HIDE_EC_STDLIB
-#include "common.h"
-#include "task.h"
-#include "tcpm/tcpm.h"
-#include "test_util.h"
-#include "timer.h"
-#include "usb_pd.h"
-#include "usb_pd_tcpm.h"
-#include "util.h"
-
-#include <pthread.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define TASK_EVENT_FUZZ TASK_EVENT_CUSTOM_BIT(0)
-
-#define PORT0	0
-
-static int mock_tcpm_init(int port) { return EC_SUCCESS; }
-static int mock_tcpm_release(int port) { return EC_SUCCESS; }
-
-static int mock_tcpm_select_rp_value(int port, int rp)
-{
-	return EC_SUCCESS;
-}
-
-static int mock_tcpm_set_cc(int port, int pull) { return EC_SUCCESS; }
-static int mock_tcpm_set_polarity(int port, enum tcpc_cc_polarity polarity)
-{
-	return EC_SUCCESS;
-}
-
-static __maybe_unused int mock_tcpm_sop_prime_enable(int port, bool enable)
-{
-	return EC_SUCCESS;
-}
-
-static int mock_tcpm_set_vconn(int port, int enable) { return EC_SUCCESS; }
-static int mock_tcpm_set_msg_header(int port,
-			int power_role, int data_role) { return EC_SUCCESS; }
-static int mock_tcpm_set_rx_enable(int port, int enable) { return EC_SUCCESS; }
-static int mock_tcpm_transmit(int port, enum tcpci_msg_type type,
-		uint16_t header, const uint32_t *data)
-{ return EC_SUCCESS; }
-static void mock_tcpc_alert(int port) {}
-static int mock_tcpci_get_chip_info(int port, int live,
-		struct ec_response_pd_chip_info_v1 *info)
-{
-	return EC_ERROR_UNIMPLEMENTED;
-}
-
-static __maybe_unused int mock_enter_low_power_mode(int port)
-{
-	return EC_SUCCESS;
-}
-
-#define MAX_TCPC_PAYLOAD 28
-
-struct message {
-	uint8_t cnt;
-	uint16_t header;
-	uint8_t payload[MAX_TCPC_PAYLOAD];
-} __packed;
-
-struct tcpc_state {
-	enum tcpc_cc_voltage_status cc1, cc2;
-	struct message message;
-};
-
-static struct tcpc_state mock_tcpc_state[CONFIG_USB_PD_PORT_MAX_COUNT];
-
-static int mock_tcpm_get_cc(int port, enum tcpc_cc_voltage_status *cc1,
-	enum tcpc_cc_voltage_status *cc2)
-{
-	*cc1 = mock_tcpc_state[port].cc1;
-	*cc2 = mock_tcpc_state[port].cc2;
-
-	return EC_SUCCESS;
-}
-
-static int pending;
-
-int tcpm_has_pending_message(const int port)
-{
-	return pending;
-}
-
-int tcpm_dequeue_message(const int port, uint32_t *const payload,
-			 int *const header)
-{
-	struct message *m = &mock_tcpc_state[port].message;
-
-	ccprints("%s", __func__);
-
-	/* Force a segfault, if no message is actually pending. */
-	if (pending == 0)
-		m = NULL;
-
-	*header = m->header;
-
-	/*
-	 * This mirrors what tcpci.c:tcpm_dequeue_message does: always copy the
-	 * whole payload to destination.
-	 */
-	memcpy(payload, m->payload, sizeof(m->payload));
-
-	pending--;
-	return EC_SUCCESS;
-}
-
-/* Note this method can be called from an interrupt context. */
-int tcpm_enqueue_message(const int port)
-{
-	pending = 1;
-
-	/* Wake PD task up so it can process incoming RX messages */
-	task_set_event(PD_PORT_TO_TASK_ID(port), TASK_EVENT_WAKE);
-
-	return EC_SUCCESS;
-}
-
-void tcpm_clear_pending_messages(int port) {}
-
-static const struct tcpm_drv mock_tcpm_drv = {
-	.init                   = &mock_tcpm_init,
-	.release                = &mock_tcpm_release,
-	.get_cc                 = &mock_tcpm_get_cc,
-#ifdef CONFIG_USB_PD_VBUS_DETECT_TCPC
-	.check_vbus_level       = &mock_tcpm_check_vbus_level,
-#endif
-	.select_rp_value        = &mock_tcpm_select_rp_value,
-	.set_cc                 = &mock_tcpm_set_cc,
-	.set_polarity           = &mock_tcpm_set_polarity,
-#ifdef CONFIG_USB_PD_DECODE_SOP
-	.sop_prime_enable		= &mock_tcpm_sop_prime_enable,
-#endif
-	.set_vconn              = &mock_tcpm_set_vconn,
-	.set_msg_header         = &mock_tcpm_set_msg_header,
-	.set_rx_enable          = &mock_tcpm_set_rx_enable,
-	/* The core calls tcpm_dequeue_message. */
-	.get_message_raw        = NULL,
-	.transmit               = &mock_tcpm_transmit,
-	.tcpc_alert             = &mock_tcpc_alert,
-	.get_chip_info          = &mock_tcpci_get_chip_info,
-#ifdef CONFIG_USB_PD_TCPC_LOW_POWER
-	.enter_low_power_mode   = &mock_enter_low_power_mode,
-#endif
-};
-
-/* TCPC mux configuration */
-const struct tcpc_config_t tcpc_config[CONFIG_USB_PD_PORT_MAX_COUNT] = {
-	{
-		.drv = &mock_tcpm_drv,
-	},
-	{
-		.drv = &mock_tcpm_drv,
-	}
-};
-
-static pthread_cond_t done_cond;
-static pthread_mutex_t lock;
-
-enum tcpc_cc_voltage_status next_cc1, next_cc2;
-#define MAX_MESSAGES 8
-static struct message messages[MAX_MESSAGES];
-
-void run_test(int argc, char **argv)
-{
-	uint8_t port = PORT0;
-	int i;
-
-	ccprints("Fuzzing task started");
-	wait_for_task_started();
-
-	while (1) {
-		task_wait_event_mask(TASK_EVENT_FUZZ, -1);
-
-		memset(&mock_tcpc_state[port],
-			0, sizeof(mock_tcpc_state[port]));
-
-		task_set_event(PD_PORT_TO_TASK_ID(port), PD_EVENT_TCPC_RESET);
-		task_wait_event(250 * MSEC);
-
-		mock_tcpc_state[port].cc1 = next_cc1;
-		mock_tcpc_state[port].cc2 = next_cc2;
-
-		task_set_event(PD_PORT_TO_TASK_ID(port), PD_EVENT_CC);
-		task_wait_event(50 * MSEC);
-
-		/* Fake RX messages, one by one. */
-		for (i = 0; i < MAX_MESSAGES && messages[i].cnt; i++) {
-			memcpy(&mock_tcpc_state[port].message, &messages[i],
-				sizeof(messages[i]));
-
-			tcpm_enqueue_message(port);
-			task_wait_event(50 * MSEC);
-		}
-
-		pthread_cond_signal(&done_cond);
-	}
-}
-
-int board_vbus_source_enabled(int port)
-{
-	return 0;
-}
-
-int test_fuzz_one_input(const uint8_t *data, unsigned int size)
-{
-	int i;
-
-	if (size < 1)
-		return 0;
-
-	next_cc1 = data[0] & 0x0f;
-	next_cc2 = (data[0] & 0xf0) >> 4;
-	data++; size--;
-
-	memset(messages, 0, sizeof(messages));
-
-	for (i = 0; i < MAX_MESSAGES && size > 0; i++) {
-		int cnt = data[0];
-
-		if (cnt < 3 || cnt > MAX_TCPC_PAYLOAD+3 || cnt > size) {
-			/* Invalid count, or out of bounds. */
-			return 0;
-		}
-
-		memcpy(&messages[i], data, cnt);
-
-		data += cnt; size -= cnt;
-	}
-
-	if (size != 0) {
-		/* Useless extra data in buffer, skip. */
-		return 0;
-	}
-
-	task_set_event(TASK_ID_TEST_RUNNER, TASK_EVENT_FUZZ);
-	pthread_cond_wait(&done_cond, &lock);
-
-	return 0;
-}
diff --git a/fuzz/usb_pd_fuzz.tasklist b/fuzz/usb_pd_fuzz.tasklist
deleted file mode 100644
index 6edeac2f98..0000000000
--- a/fuzz/usb_pd_fuzz.tasklist
+++ /dev/null
@@ -1,11 +0,0 @@
-/* Copyright 2018 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/**
- * See CONFIG_TASK_LIST in config.h for details.
- */
-#define CONFIG_TEST_TASK_LIST \
-	TASK_TEST(PD_C0, pd_task, NULL, LARGER_TASK_STACK_SIZE) \
-	TASK_TEST(PD_C1, pd_task, NULL, LARGER_TASK_STACK_SIZE)
diff --git a/fuzz/usb_tcpm_v2_rev20_fuzz.c b/fuzz/usb_tcpm_v2_rev20_fuzz.c
deleted file mode 100644
index f5afb92ac1..0000000000
--- a/fuzz/usb_tcpm_v2_rev20_fuzz.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/* Copyright 2020 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Stubs needed for fuzz testing the USB TCPMv2 state machines.
- */
-
-#define HIDE_EC_STDLIB
-#include "charge_manager.h"
-#include "mock/usb_mux_mock.h"
-#include "usb_pd.h"
-
-const struct svdm_response svdm_rsp = {
-	.identity = NULL,
-	.svids = NULL,
-	.modes = NULL,
-};
-
-/* USB mux configuration */
-const struct usb_mux usb_muxes[CONFIG_USB_PD_PORT_MAX_COUNT] = {
-	{
-		.driver = &mock_usb_mux_driver,
-	},
-	{
-		.driver = &mock_usb_mux_driver,
-	}
-};
-
-int pd_check_vconn_swap(int port)
-{
-	return 1;
-}
-
diff --git a/fuzz/usb_tcpm_v2_rev20_fuzz.mocklist b/fuzz/usb_tcpm_v2_rev20_fuzz.mocklist
deleted file mode 100644
index 1b2c615371..0000000000
--- a/fuzz/usb_tcpm_v2_rev20_fuzz.mocklist
+++ /dev/null
@@ -1,7 +0,0 @@
-/* Copyright 2020 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
- #define CONFIG_TEST_MOCK_LIST \
-	MOCK(USB_MUX)
diff --git a/fuzz/usb_tcpm_v2_rev20_fuzz.tasklist b/fuzz/usb_tcpm_v2_rev20_fuzz.tasklist
deleted file mode 100644
index e3ad19e719..0000000000
--- a/fuzz/usb_tcpm_v2_rev20_fuzz.tasklist
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Copyright 2019 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- */
-
-/**
- * See CONFIG_TASK_LIST in config.h for details.
- */
-#define CONFIG_TEST_TASK_LIST \
-	TASK_TEST(PD_C0, pd_task, NULL, LARGER_TASK_STACK_SIZE) \
-	TASK_TEST(PD_C1, pd_task, NULL, LARGER_TASK_STACK_SIZE)
-
diff --git a/fuzz/usb_tcpm_v2_rev30_fuzz.c b/fuzz/usb_tcpm_v2_rev30_fuzz.c
deleted file mode 120000
index e62b1786fd..0000000000
--- a/fuzz/usb_tcpm_v2_rev30_fuzz.c
+++ /dev/null
@@ -1 +0,0 @@
-usb_tcpm_v2_rev20_fuzz.c
\ No newline at end of file
diff --git a/fuzz/usb_tcpm_v2_rev30_fuzz.mocklist b/fuzz/usb_tcpm_v2_rev30_fuzz.mocklist
deleted file mode 120000
index 061e1ef826..0000000000
--- a/fuzz/usb_tcpm_v2_rev30_fuzz.mocklist
+++ /dev/null
@@ -1 +0,0 @@
-usb_tcpm_v2_rev20_fuzz.mocklist
\ No newline at end of file
diff --git a/fuzz/usb_tcpm_v2_rev30_fuzz.tasklist b/fuzz/usb_tcpm_v2_rev30_fuzz.tasklist
deleted file mode 120000
index a01883297a..0000000000
--- a/fuzz/usb_tcpm_v2_rev30_fuzz.tasklist
+++ /dev/null
@@ -1 +0,0 @@
-usb_tcpm_v2_rev20_fuzz.tasklist
\ No newline at end of file