| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The declaration of nvmem_wipe_cache is now inside the extern "C"
section and a definition was added to cr50_fuzz.
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Ie7401d8880e7982c84fa6a5df5015cbd145fc6d1
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1370746
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This incorporates the fuzz targets into buildall and adds a quick
sanity check to each fuzz target to make sure it exits successfully for
an empty input.
This adds roughly 5.88 seconds to "make -j buildall" (This includes an
addtionally target that will be enabled in a later CL).
time make -j buildall # BEFORE
real 1m19.519s
user 23m9.220s
sys 5m1.690s
time make -j buildall # AFTER
real 1m25.399s
user 23m35.753s
sys 5m12.609s
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Ib77a57297ee896569c509d0c8c998552d2a3a76c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1370934
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I15ac87b14a0f28a62e257bb155f1862753053eb4
Reviewed-on: https://chromium-review.googlesource.com/c/1368010
Tested-by: Allen Webb <allenwebb@google.com>
Trybot-Ready: Allen Webb <allenwebb@google.com>
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is called from common/nvmem.c, it should be available
when compiling for tests, the stub could be filled up later when new
tests are added.
BRANCH=cr50, cr50-mp
BUG=b:119221935
TEST=make buildall -j still succeeds.
Change-Id: I082292818c7f2b10336c9a7c49e0a9195e25a12b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1363816
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setup CC lines, then send up to 8 PD messages, in an attempt to
cause errors while parsing PDO and other messages.
BRANCH=none
BUG=chromium:854975
TEST=make -j buildfuzztests && \
./build/host/usb_pd_fuzz/usb_pd_fuzz.exe > /dev/null
Change-Id: Ibb575ea8d464945390d1663dd6fff279bd9d77ea
Signed-off-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1116626
Reviewed-by: Jonathan Metzman <metzman@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'mem_hash_tree.h' was missing '#define HIDE_EC_STDLIB' before
'dcrypto.h'. This problem was only apparent when -O2 is set.
CQ-DEPEND=CL:1358746
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: I19d00c165764f80cfa385fb3bed64efc67bfc3f9
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1361680
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a dependency problem that was introduced in CL:1184107.
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: Ib4795d6a716fe3fcb7a88bf6a165f96ffe10640a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1358746
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=chromium:911310
TEST=USE="ubsan asan fuzzer" ./build_packages \
--board=amd64-generic --skip_chroot_upgrade chromeos-ec
Change-Id: Ib2ffc7035d0f6912834709bb8a5f6b3c11a2c67a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1359652
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an initialization step that sanity checks the fuzz target to
make sure the model is working as intended.
BRANCH=None
BUG=chromium:876582
TEST=sudo emerge libprotobuf-mutator &&
make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I3961a7ff05b4876992af447a2104bcfa0a496562
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1347012
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This uses protocol buffers to model what actions can be taken with
pinweaver at a higher level of abstraction than the raw requests to
greatly increase the coverage that can be achieved by fuzzing, while
still allowing for invalid inputs to be checked.
BRANCH=none
BUG=chromium:876582
TEST=sudo emerge libprotobuf-mutator &&
make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: Ie7ce569650ca06866f277f36eae61df2684de60c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1184107
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CONFIG_FLASH_NVMEM_VARS_USER_NUM constant was incorrectly defined,
so nvmem_vars was failing with EC_OVERFLOW.
BRANCH=None
BUG=None
TEST=make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I52facfd44423bb69284b54e6831e5e777cf35a05
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1344800
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Icf2cfb6a2657064c10721c0e527d24fbb3be6ab3
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1330102
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds mock implementation of get_current_pcr_digest() for the fuzz
target.
BRANCH=None
BUG=chromium:903487
TEST=make -j buildfuzztests
Change-Id: I55b7da813d4f17ef7f60e045423a3917a052e41c
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/1327128
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A change in a parent commit broke the build for this commit. Adding
an include for cstring and #define HIDE_EC_STDLIB resolves the header conflict.
BUG=chromium:883080
TEST=make -j buildfuzztests
Change-Id: Icf584a6050519c7a3b8f7defb7685c9c64f7a145
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1220390
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a rule for building c++ object files to make it possible
to use libprotobuf-mutator in fuzzing targets.
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztargets &&
./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I1355c313e47a1a83a599eb0f0b9142fefdf6de8b
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1183535
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a minimal pinweaver fuzzer as a foundation for further work.
It will not be able to achieve good coverage because it doesn't have a
proper description of the protocol, however it demonstrates that the
prerequisites to build against dcrypto, nvmem_vars, and nvcounter are
satisfied for the host board.
CQ-DEPEND=CL:1183532
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztests &&
./build/host/cr50_fuzz/cr50_fuzz.exe
Change-Id: I520d71c224d583c51dc3292dc051ee8de4a4116a
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1183534
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This creates a build target called libec.a by setting the visibility
of functions that conflict with cstdlib to hidden. It then links
those symbols locally into one large object file that makes up libec.a
Fuzzing targets are linked against libec.a so that they can invoke ec
functionality while depending on outside libraries that need cstdlib.
When linking a particular object against cstdlib, to avoid conflicting
function declarations put the following before any includes from the
ec codebase:
#define __stdlib_compat(...)
The fuzzing targets are now linked using clang++, so that c++ libraries
and objects can be used as part of the fuzzers.
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztests &&
./build/host/host_command_fuzz/host_command_fuzz.exe
Change-Id: Ifdfdc6a51c6ef23b4e192b013ca993bf48a4411b
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180401
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
BRANCH=none
CQ-DEPEND=CL:*664115
BUG=chromium:876582
TEST=make -j buildall && make -j buildfuzztests
Change-Id: Iade5e5138f495e6b3b99ec16f1a467861ade5537
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180179
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|