From 3f807c6b81219555ac964f2623cfcbd1103151fa Mon Sep 17 00:00:00 2001
From: Andrew Scull <ascull@google.com>
Date: Mon, 30 May 2022 10:00:08 +0000
Subject: [PATCH] fuzzing_engine: Add fuzzing engine uclass

This new class of device will provide fuzzing inputs from a fuzzing
engine.

Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 drivers/Kconfig                      |  2 ++
 drivers/Makefile                     |  1 +
 drivers/fuzz/Kconfig                 |  9 +++++++
 drivers/fuzz/Makefile                |  7 +++++
 drivers/fuzz/fuzzing_engine-uclass.c | 28 ++++++++++++++++++++
 include/dm/uclass-id.h               |  1 +
 include/fuzzing_engine.h             | 51 ++++++++++++++++++++++++++++++++++++
 7 files changed, 99 insertions(+)
 create mode 100644 drivers/fuzz/Kconfig
 create mode 100644 drivers/fuzz/Makefile
 create mode 100644 drivers/fuzz/fuzzing_engine-uclass.c
 create mode 100644 include/fuzzing_engine.h

diff --git a/drivers/Kconfig b/drivers/Kconfig
index b26ca8c..8b6fead 100644
--- a/drivers/Kconfig
+++ b/drivers/Kconfig
@@ -40,6 +40,8 @@ source "drivers/fastboot/Kconfig"
 
 source "drivers/firmware/Kconfig"
 
+source "drivers/fuzz/Kconfig"
+
 source "drivers/fpga/Kconfig"
 
 source "drivers/gpio/Kconfig"
diff --git a/drivers/Makefile b/drivers/Makefile
index 67c8af7..d63fd1c 100644
--- a/drivers/Makefile
+++ b/drivers/Makefile
@@ -115,6 +115,7 @@ obj-$(CONFIG_W1) += w1/
 obj-$(CONFIG_W1_EEPROM) += w1-eeprom/
 
 obj-$(CONFIG_MACH_PIC32) += ddr/microchip/
+obj-$(CONFIG_FUZZ) += fuzz/
 obj-$(CONFIG_DM_HWSPINLOCK) += hwspinlock/
 obj-$(CONFIG_DM_RNG) += rng/
 endif
diff --git a/drivers/fuzz/Kconfig b/drivers/fuzz/Kconfig
new file mode 100644
index 0000000..a03120f
--- /dev/null
+++ b/drivers/fuzz/Kconfig
@@ -0,0 +1,9 @@
+config DM_FUZZING_ENGINE
+	bool "Driver support for fuzzing engine devices"
+	depends on DM
+	help
+	  Enable driver model for fuzzing engine devices. This interface is
+	  used to get successive inputs from a fuzzing engine that aims to
+	  explore different code paths in a fuzz test. The fuzzing engine may
+	  be instrumenting the execution in order to more effectively generate
+	  inputs that explore different code paths.
diff --git a/drivers/fuzz/Makefile b/drivers/fuzz/Makefile
new file mode 100644
index 0000000..acd8949
--- /dev/null
+++ b/drivers/fuzz/Makefile
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (c) 2022 Google, Inc.
+# Written by Andrew Scull <ascull@google.com>
+#
+
+obj-$(CONFIG_DM_FUZZING_ENGINE) += fuzzing_engine-uclass.o
diff --git a/drivers/fuzz/fuzzing_engine-uclass.c b/drivers/fuzz/fuzzing_engine-uclass.c
new file mode 100644
index 0000000..b16f1c4
--- /dev/null
+++ b/drivers/fuzz/fuzzing_engine-uclass.c
@@ -0,0 +1,28 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#define LOG_CATEGORY UCLASS_FUZZING_ENGINE
+
+#include <common.h>
+#include <dm.h>
+#include <fuzzing_engine.h>
+
+int dm_fuzzing_engine_get_input(struct udevice *dev,
+				const uint8_t **data,
+				size_t *size)
+{
+	const struct dm_fuzzing_engine_ops *ops = device_get_ops(dev);
+
+	if (!ops->get_input)
+		return -ENOSYS;
+
+	return ops->get_input(dev, data, size);
+}
+
+UCLASS_DRIVER(fuzzing_engine) = {
+	.name = "fuzzing_engine",
+	.id = UCLASS_FUZZING_ENGINE,
+};
diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
index 3ba69ad..a432e43 100644
--- a/include/dm/uclass-id.h
+++ b/include/dm/uclass-id.h
@@ -56,6 +56,7 @@ enum uclass_id {
 	UCLASS_ETH,		/* Ethernet device */
 	UCLASS_ETH_PHY,		/* Ethernet PHY device */
 	UCLASS_FIRMWARE,	/* Firmware */
+	UCLASS_FUZZING_ENGINE,	/* Fuzzing engine */
 	UCLASS_FS_FIRMWARE_LOADER,		/* Generic loader */
 	UCLASS_GPIO,		/* Bank of general-purpose I/O pins */
 	UCLASS_HASH,		/* Hash device */
diff --git a/include/fuzzing_engine.h b/include/fuzzing_engine.h
new file mode 100644
index 0000000..357346e
--- /dev/null
+++ b/include/fuzzing_engine.h
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2022 Google, Inc.
+ * Written by Andrew Scull <ascull@google.com>
+ */
+
+#ifndef __FUZZING_ENGINE_H
+#define __FUZZING_ENGINE_H
+
+struct udevice;
+
+/**
+ * dm_fuzzing_engine_get_input() - get an input from the fuzzing engine device
+ *
+ * The function will return a pointer to the input data and the size of the
+ * data pointed to. The pointer will remain valid until the next invocation of
+ * this function.
+ *
+ * @dev:	fuzzing engine device
+ * @data:	output pointer to input data
+ * @size	output size of input data
+ * Return:	0 if OK, -ve on error
+ */
+int dm_fuzzing_engine_get_input(struct udevice *dev,
+				const uint8_t **data,
+				size_t *size);
+
+/**
+ * struct dm_fuzzing_engine_ops - operations for the fuzzing engine uclass
+ *
+ * This contains the functions implemented by a fuzzing engine device.
+ */
+struct dm_fuzzing_engine_ops {
+	/**
+	 * @get_input() - get an input
+	 *
+	 * The function will return a pointer to the input data and the size of
+	 * the data pointed to. The pointer will remain valid until the next
+	 * invocation of this function.
+	 *
+	 * @get_input.dev:	fuzzing engine device
+	 * @get_input.data:	output pointer to input data
+	 * @get_input.size	output size of input data
+	 * @get_input.Return:	0 if OK, -ve on error
+	 */
+	int (*get_input)(struct udevice *dev,
+			 const uint8_t **data,
+			 size_t *size);
+};
+
+#endif /* __FUZZING_ENGINE_H */
-- 
2.7.4