From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Subject: [PATCH 00/21] sandbox: add libfuzzer-based fuzzing
Date: Thu, 5 Jun 2025 13:35:09 +0200 [thread overview]
Message-ID: <20250605113530.2076990-1-a.fatoum@pengutronix.de> (raw)
We have a number of security-sensitive parsers in barebox that process
untrusted input, even in secure boot systems, e.g. the FIT parser, but
also the partition parser.
This series adds fuzzing tests for a number of these parsers based on
libfuzzer.
Ahmad Fatoum (21):
pbl: add provision for architectures without piggy loader
firmware: make Layerscape FMan firmware proper-only
mci: sdhci: support compiling common SDHCI code for sandbox PBL
kbuild: define and use more generic symlink command
kbuild: collect compatibility symlink creation in symlink-y
kbuild: allow customizing barebox proper binary
sandbox: make available all CONFIG_ symbols to OS glue code
sandbox: switch to using PBL
kbuild: populate non-host CXX variables
string: add fortify source support
sandbox: populate UNAME_M variable
Add fuzzing infrastructure
filetype: add fuzz target
block: mark underlying cdev with DEVFS_IS_BLOCK_DEV
block: add lightweight ramdisk support
fuzz: add support for passing fuzz data as r/o ramdisk
partitions: add partition table parser fuzz target
fdt: add fuzz test
fit: add fuzz test
Documentation: add LLVM libfuzzer documentation
sandbox: add support for coverage info generation
.gitignore | 6 +
Documentation/devel/devel.rst | 1 +
Documentation/devel/fuzzing.rst | 136 +++
Makefile | 72 +-
arch/Kconfig | 6 +
arch/sandbox/Kconfig | 10 +
arch/sandbox/Kconfig.debug | 7 +
arch/sandbox/Makefile | 91 +-
arch/sandbox/board/.gitignore | 3 -
arch/sandbox/board/Makefile | 2 -
arch/sandbox/include/asm/barebox-sandbox.h | 10 +
arch/sandbox/lib/.gitignore | 3 +
arch/sandbox/lib/Makefile | 2 +-
.../{board/barebox.lds.S => lib/pbl.lds.S} | 0
arch/sandbox/os/Makefile | 24 +-
arch/sandbox/os/common.c | 138 ++-
arch/sandbox/{lib => os}/unwind.c | 3 +-
arch/x86/um/Makefile | 4 +-
commands/Makefile | 1 +
commands/fuzz.c | 118 +++
commands/stacksmash.c | 6 +-
common/Kconfig | 7 +-
common/block.c | 9 +-
common/boards/configs/libfuzzer.config | 14 +
common/filetype.c | 12 +
common/image-fit.c | 76 +-
common/partitions.c | 56 ++
common/startup.c | 1 +
drivers/block/Kconfig | 6 +
drivers/block/Makefile | 1 +
drivers/block/ramdisk.c | 178 ++++
drivers/of/fdt.c | 39 +
firmware/Makefile | 3 +-
images/.gitignore | 2 +
images/Makefile | 26 +-
images/Makefile.sandbox | 33 +
include/asm-generic/barebox.lds.h | 13 +-
include/block.h | 13 +-
include/dma.h | 22 +-
include/driver.h | 1 +
include/filetype.h | 4 +-
include/fuzz.h | 87 ++
include/linux/compiler_types.h | 41 +
include/linux/fortify-string.h | 804 ++++++++++++++++++
include/linux/string.h | 17 +
include/mci.h | 9 +
include/ramdisk.h | 24 +
lib/Kconfig.hardening | 15 +
lib/Makefile | 3 +-
lib/fuzz.c | 79 ++
lib/string.c | 16 +-
lib/string_helpers.c | 30 +
lib/vsprintf.c | 15 +
pbl/Kconfig | 10 +-
pbl/string.c | 1 +
scripts/Kconfig.include | 1 +
scripts/Makefile.lib | 6 +-
scripts/clang-runtime-dir.sh | 19 +
scripts/subarch.include | 12 +-
test/Kconfig | 39 +
60 files changed, 2252 insertions(+), 135 deletions(-)
create mode 100644 Documentation/devel/fuzzing.rst
create mode 100644 arch/sandbox/include/asm/barebox-sandbox.h
create mode 100644 arch/sandbox/lib/.gitignore
rename arch/sandbox/{board/barebox.lds.S => lib/pbl.lds.S} (100%)
rename arch/sandbox/{lib => os}/unwind.c (88%)
create mode 100644 commands/fuzz.c
create mode 100644 common/boards/configs/libfuzzer.config
create mode 100644 drivers/block/ramdisk.c
create mode 100644 images/Makefile.sandbox
create mode 100644 include/fuzz.h
create mode 100644 include/linux/fortify-string.h
create mode 100644 include/ramdisk.h
create mode 100644 lib/fuzz.c
create mode 100644 lib/string_helpers.c
create mode 100755 scripts/clang-runtime-dir.sh
--
2.39.5
next reply other threads:[~2025-06-05 11:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-05 11:35 Ahmad Fatoum [this message]
2025-06-05 11:35 ` [PATCH 01/21] pbl: add provision for architectures without piggy loader Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 02/21] firmware: make Layerscape FMan firmware proper-only Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 03/21] mci: sdhci: support compiling common SDHCI code for sandbox PBL Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 04/21] kbuild: define and use more generic symlink command Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 05/21] kbuild: collect compatibility symlink creation in symlink-y Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 06/21] kbuild: allow customizing barebox proper binary Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 07/21] sandbox: make available all CONFIG_ symbols to OS glue code Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 08/21] sandbox: switch to using PBL Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 09/21] kbuild: populate non-host CXX variables Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 10/21] string: add fortify source support Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 11/21] sandbox: populate UNAME_M variable Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 12/21] Add fuzzing infrastructure Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 13/21] filetype: add fuzz target Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 14/21] block: mark underlying cdev with DEVFS_IS_BLOCK_DEV Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 15/21] block: add lightweight ramdisk support Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 16/21] fuzz: add support for passing fuzz data as r/o ramdisk Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 17/21] partitions: add partition table parser fuzz target Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 18/21] fdt: add fuzz test Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 19/21] fit: " Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 20/21] Documentation: add LLVM libfuzzer documentation Ahmad Fatoum
2025-06-05 11:35 ` [PATCH 21/21] sandbox: add support for coverage info generation Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250605113530.2076990-1-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox