aboutsummaryrefslogtreecommitdiffstats
path: root/pkg/kfuzztest/testdata
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/kfuzztest/testdata')
-rw-r--r--pkg/kfuzztest/testdata/.gitignore1
-rw-r--r--pkg/kfuzztest/testdata/1/desc.txt7
-rw-r--r--pkg/kfuzztest/testdata/1/prog.c24
-rw-r--r--pkg/kfuzztest/testdata/2/desc.txt15
-rw-r--r--pkg/kfuzztest/testdata/2/prog.c39
-rw-r--r--pkg/kfuzztest/testdata/common.h81
-rw-r--r--pkg/kfuzztest/testdata/linker.ld39
7 files changed, 206 insertions, 0 deletions
diff --git a/pkg/kfuzztest/testdata/.gitignore b/pkg/kfuzztest/testdata/.gitignore
new file mode 100644
index 000000000..837170fcd
--- /dev/null
+++ b/pkg/kfuzztest/testdata/.gitignore
@@ -0,0 +1 @@
+*bin
diff --git a/pkg/kfuzztest/testdata/1/desc.txt b/pkg/kfuzztest/testdata/1/desc.txt
new file mode 100644
index 000000000..71c4acb39
--- /dev/null
+++ b/pkg/kfuzztest/testdata/1/desc.txt
@@ -0,0 +1,7 @@
+# This description was automatically generated with tools/kfuzztest-gen
+pkcs7_parse_message_arg {
+ data ptr[in, array[int8]]
+ datalen len[data, int64]
+}
+
+syz_kfuzztest_run$test_pkcs7_parse_message(name ptr[in, string["test_pkcs7_parse_message"]], data ptr[in, pkcs7_parse_message_arg], len bytesize[data]) (kfuzz_test)
diff --git a/pkg/kfuzztest/testdata/1/prog.c b/pkg/kfuzztest/testdata/1/prog.c
new file mode 100644
index 000000000..b1940ba1f
--- /dev/null
+++ b/pkg/kfuzztest/testdata/1/prog.c
@@ -0,0 +1,24 @@
+// Copyright 2025 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+#include "../common.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+struct pkcs7_parse_message_arg {
+ const void* data;
+ size_t datalen;
+};
+
+DEFINE_FUZZ_TARGET(test_pkcs7_parse_message, struct pkcs7_parse_message_arg);
+/* Expect data != NULL. */
+DEFINE_CONSTRAINT(pkcs7_parse_message_arg, data, NULL, NULL, EXPECT_NE);
+/* Expect datalen == len(data). */
+DEFINE_ANNOTATION(pkcs7_parse_message_arg, datalen, data, ATTRIBUTE_LEN);
+/* Annotate data as an array. */
+DEFINE_ANNOTATION(pkcs7_parse_message_arg, data, , ATTRIBUTE_ARRAY);
+
+/* Define a main function, otherwise the compiler complains. */
+int main(void)
+{
+}
diff --git a/pkg/kfuzztest/testdata/2/desc.txt b/pkg/kfuzztest/testdata/2/desc.txt
new file mode 100644
index 000000000..2705252dd
--- /dev/null
+++ b/pkg/kfuzztest/testdata/2/desc.txt
@@ -0,0 +1,15 @@
+# This description was automatically generated with tools/kfuzztest-gen
+bar {
+ a int32
+ b int32
+}
+
+foo {
+ b ptr[in, bar]
+ str ptr[in, string]
+ data ptr[in, array[int8]]
+ datalen len[data, int64]
+ numbers ptr[in, array[int64]]
+}
+
+syz_kfuzztest_run$some_target(name ptr[in, string["some_target"]], data ptr[in, foo], len bytesize[data]) (kfuzz_test)
diff --git a/pkg/kfuzztest/testdata/2/prog.c b/pkg/kfuzztest/testdata/2/prog.c
new file mode 100644
index 000000000..908ccd271
--- /dev/null
+++ b/pkg/kfuzztest/testdata/2/prog.c
@@ -0,0 +1,39 @@
+// Copyright 2025 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+#include "../common.h"
+
+#include <stdlib.h>
+
+struct bar {
+ int a;
+ int b;
+};
+
+struct foo {
+ struct bar* b;
+ const char* str;
+ const char* data;
+ size_t datalen;
+ uint64_t* numbers;
+};
+
+DEFINE_FUZZ_TARGET(some_target, struct foo);
+/* Expect foo.bar != NULL. */
+DEFINE_CONSTRAINT(foo, bar, NULL, NULL, EXPECT_NE);
+/* Expect foo.str != NULL. */
+DEFINE_CONSTRAINT(foo, str, NULL, NULL, EXPECT_NE);
+/* Annotate foo.str as a string. */
+DEFINE_ANNOTATION(foo, str, , ATTRIBUTE_STRING);
+/* Expect foo.data != NULL. */
+DEFINE_CONSTRAINT(foo, data, NULL, NULL, EXPECT_NE);
+/* Annotate foo.data as an array. */
+DEFINE_ANNOTATION(foo, data, , ATTRIBUTE_ARRAY);
+/* Annotate foo.datalen == len(foo.data). */
+DEFINE_ANNOTATION(foo, datalen, data, ATTRIBUTE_LEN);
+/* Annotate foo.numbers as an array. */
+DEFINE_ANNOTATION(foo, numbers, , ATTRIBUTE_ARRAY);
+
+/* Define a main function, otherwise the compiler complains. */
+int main(void)
+{
+}
diff --git a/pkg/kfuzztest/testdata/common.h b/pkg/kfuzztest/testdata/common.h
new file mode 100644
index 000000000..29e8b193e
--- /dev/null
+++ b/pkg/kfuzztest/testdata/common.h
@@ -0,0 +1,81 @@
+// Copyright 2025 syzkaller project authors. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+
+// Common struct definitions that ressemble those sound in the kernel source
+// under include/linux/kfuzztest.h. For testing purposes, it is only required
+// that these have the same sizes and emitted metadata as the kernel
+// definitions, and therefore there is no strict requirement that their fields
+// match one-to-one.
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <stdint.h>
+
+struct kfuzztest_target {
+ const char *name;
+ const char *arg_type_name;
+ uintptr_t write_input_cb;
+} __attribute__((aligned(32)));
+
+enum kfuzztest_constraint_type {
+ EXPECT_EQ,
+ EXPECT_NE,
+ EXPECT_LT,
+ EXPECT_LE,
+ EXPECT_GT,
+ EXPECT_GE,
+ EXPECT_IN_RANGE,
+};
+
+struct kfuzztest_constraint {
+ const char *input_type;
+ const char *field_name;
+ uintptr_t value1;
+ uintptr_t value2;
+ enum kfuzztest_constraint_type type;
+} __attribute__((aligned(64)));
+
+enum kfuzztest_annotation_attribute {
+ ATTRIBUTE_LEN,
+ ATTRIBUTE_STRING,
+ ATTRIBUTE_ARRAY,
+};
+
+struct kfuzztest_annotation {
+ const char *input_type;
+ const char *field_name;
+ const char *linked_field_name;
+ enum kfuzztest_annotation_attribute attrib;
+} __attribute__((aligned(32)));
+
+#define DEFINE_FUZZ_TARGET(test_name, test_arg_type) \
+ struct kfuzztest_target __fuzz_test__##test_name \
+ __attribute__((section(".kfuzztest_target"), __used__)) = { \
+ .name = #test_name, \
+ .arg_type_name = #test_arg_type, \
+ }; \
+ /* Avoid the compiler optimizing out the struct definition. */ \
+ static test_arg_type arg;
+
+#define DEFINE_CONSTRAINT(arg_type, field, val1, val2, tpe) \
+ static struct kfuzztest_constraint __constraint_##arg_type##_##field \
+ __attribute__((section(".kfuzztest_constraint"), \
+ __used__)) = { \
+ .input_type = "struct " #arg_type, \
+ .field_name = #field, \
+ .value1 = (uintptr_t)val1, \
+ .value2 = (uintptr_t)val2, \
+ .type = tpe, \
+ }
+
+#define DEFINE_ANNOTATION(arg_type, field, linked_field, attribute) \
+ static struct kfuzztest_annotation __annotation_##arg_type##_##field \
+ __attribute__((section(".kfuzztest_annotation"), \
+ __used__)) = { \
+ .input_type = "struct " #arg_type, \
+ .field_name = #field, \
+ .linked_field_name = #linked_field, \
+ .attrib = attribute, \
+ }
+
+#endif /* COMMON_H */
diff --git a/pkg/kfuzztest/testdata/linker.ld b/pkg/kfuzztest/testdata/linker.ld
new file mode 100644
index 000000000..345c02128
--- /dev/null
+++ b/pkg/kfuzztest/testdata/linker.ld
@@ -0,0 +1,39 @@
+/* Copyright 2025 syzkaller project authors. All rights reserved. */
+/* Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. */
+
+/* Defines a basic linkage script for building kernel-like KFuzzTest metadata into a binary. */
+PAGE_SIZE = 0x1000;
+
+PHDRS
+{
+ text PT_LOAD FLAGS(5); /* R, X */
+ data PT_LOAD FLAGS(6); /* R, W */
+}
+
+SECTIONS
+{
+ .text : { *(.text) } :text
+
+ .rodata : {
+ *(.rodata*)
+
+ . = ALIGN(PAGE_SIZE);
+ __kfuzztest_targets_start = .;
+ KEEP(*(.kfuzztest_target));
+ __kfuzztest_targets_end = .;
+
+ . = ALIGN(PAGE_SIZE);
+ __kfuzztest_constraints_start = .;
+ KEEP(*(.kfuzztest_constraint));
+ __kfuzztest_constraints_end = .;
+
+ . = ALIGN(PAGE_SIZE);
+ __kfuzztest_annotations_start = .;
+ KEEP(*(.kfuzztest_annotation));
+ __kfuzztest_annotations_end = .;
+
+ } :text
+
+ .data : { *(.data) } :data
+ .bss : { *(.bss) } :data
+}
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-12 06:17:33 +0000