From a330c531b0459a6c27c65fca7c4275836536b997 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Tue, 26 Jul 2022 16:30:56 +0100 Subject: [PATCH] fuzz: Add new fuzzer for emulated cmos device Signed-off-by: Rob Bradford --- fuzz/Cargo.toml | 7 ++++++ fuzz/fuzz_targets/cmos.rs | 48 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 fuzz/fuzz_targets/cmos.rs diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml index a502b8b75..bbf26de98 100644 --- a/fuzz/Cargo.toml +++ b/fuzz/Cargo.toml @@ -58,3 +58,10 @@ name = "serial" path = "fuzz_targets/serial.rs" test = false doc = false + + +[[bin]] +name = "cmos" +path = "fuzz_targets/cmos.rs" +test = false +doc = false diff --git a/fuzz/fuzz_targets/cmos.rs b/fuzz/fuzz_targets/cmos.rs new file mode 100644 index 000000000..5afcfa227 --- /dev/null +++ b/fuzz/fuzz_targets/cmos.rs @@ -0,0 +1,48 @@ +// Copyright © 2022 Intel Corporation +// +// SPDX-License-Identifier: Apache-2.0 + +#![no_main] +use devices::legacy::Cmos; +use libc::EFD_NONBLOCK; +use libfuzzer_sys::fuzz_target; +use vm_device::BusDevice; +use vmm_sys_util::eventfd::EventFd; + +fuzz_target!(|bytes| { + // Need at least 16 bytes for the test + if bytes.len() < 16 { + return; + } + + let mut below_4g = [0u8; 8]; + let mut above_4g = [0u8; 8]; + + below_4g.copy_from_slice(&bytes[0..8]); + above_4g.copy_from_slice(&bytes[8..16]); + + let mut cmos = Cmos::new( + u64::from_le_bytes(below_4g), + u64::from_le_bytes(above_4g), + EventFd::new(EFD_NONBLOCK).unwrap(), + ); + + let mut i = 16; + while i < bytes.len() { + let read = bytes.get(i).unwrap_or(&0) % 2 == 0; + i += 1; + + if read { + let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64; + i += 1; + let mut out_bytes = vec![0]; + cmos.read(0, offset, &mut out_bytes); + } else { + let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64; + i += 1; + let data = vec![*bytes.get(i).unwrap_or(&0)]; + i += 1; + cmos.write(0, offset, &data); + } + } +});