From 4cb90db539a065dc3cc375c7d24c45018d9ef98b Mon Sep 17 00:00:00 2001 From: Edward Hill Date: Wed, 16 Oct 2019 12:55:16 -0600 Subject: fuzz: Add fuzz test for TCPMv2 Add usb_tcpm_v2_fuzz, a TCPMv2 version of usb_pd_fuzz. This gives some fuzz test coverage of: common/usbc/usb_pe_drp_sm.c common/usbc/usb_prl_sm.c common/usbc/usb_sm.c common/usbc/usb_tc_drp_acc_trysrc_sm.c common/usbc/usbc_task.c BRANCH=none BUG=none TEST=make run-usb_tcpm_v2_fuzz Change-Id: Ic129d9ebbe9bb37c2ca2674106e2a6652d08ee2a Signed-off-by: Edward Hill Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1865017 Reviewed-by: Denis Brockus Commit-Queue: Denis Brockus --- fuzz/build.mk | 4 ++-- fuzz/fuzz_config.h | 19 ++++++++++++++++++- fuzz/usb_tcpm_v2_fuzz.c | 25 +++++++++++++++++++++++++ fuzz/usb_tcpm_v2_fuzz.tasklist | 11 +++++++++++ 4 files changed, 56 insertions(+), 3 deletions(-) create mode 100644 fuzz/usb_tcpm_v2_fuzz.c create mode 100644 fuzz/usb_tcpm_v2_fuzz.tasklist diff --git a/fuzz/build.mk b/fuzz/build.mk index 76d7d13f5b..f2f23c9cf8 100644 --- a/fuzz/build.mk +++ b/fuzz/build.mk @@ -9,8 +9,7 @@ fuzz-test-list-host = # Fuzzers should only be built for architectures that support sanitizers. ifeq ($(ARCH),amd64) -# TODO(crbug.com/911310) Fix the chromeos-ec build before adding cr50_fuzz back. -fuzz-test-list-host += cr50_fuzz host_command_fuzz usb_pd_fuzz +fuzz-test-list-host += cr50_fuzz host_command_fuzz usb_pd_fuzz usb_tcpm_v2_fuzz endif # For fuzzing targets libec.a is built from the ro objects and hides functions @@ -28,6 +27,7 @@ endif cr50_fuzz-rw = cr50_fuzz.o pinweaver_model.o mem_hash_tree.o nvmem_tpm2_mock.o host_command_fuzz-y = host_command_fuzz.o usb_pd_fuzz-y = usb_pd_fuzz.o +usb_tcpm_v2_fuzz-y = usb_pd_fuzz.o usb_tcpm_v2_fuzz.o ../test/fake_battery.o CR50_PROTO_HEADERS := $(out)/gen/fuzz/cr50_fuzz.pb.h \ $(out)/gen/fuzz/pinweaver/pinweaver.pb.h diff --git a/fuzz/fuzz_config.h b/fuzz/fuzz_config.h index 49b5a192d3..f4c325bd99 100644 --- a/fuzz/fuzz_config.h +++ b/fuzz/fuzz_config.h @@ -106,7 +106,7 @@ enum nvmem_users { #endif /* TEST_HOST_COMMAND_FUZZ */ -#if defined(TEST_USB_PD_FUZZ) +#ifdef TEST_USB_PD_FUZZ #define CONFIG_USB_POWER_DELIVERY #define CONFIG_USB_PD_DUAL_ROLE #define CONFIG_USB_PD_PORT_COUNT 2 @@ -114,5 +114,22 @@ enum nvmem_users { #define CONFIG_SW_CRC #endif /* TEST_USB_PD_FUZZ */ +#ifdef TEST_USB_TCPM_V2_FUZZ +#define CONFIG_USB_PD_DUAL_ROLE +#define CONFIG_USB_PD_PORT_COUNT 2 +#define CONFIG_USB_PD_TCPC_LOW_POWER +#define CONFIG_USB_PD_TRY_SRC +#define CONFIG_USB_PID 0x5555 +#define CONFIG_USB_POWER_DELIVERY +#define CONFIG_USB_PRL_SM +#define CONFIG_USB_SM_FRAMEWORK +#define CONFIG_USB_TYPEC_DRP_ACC_TRYSRC +#define CONFIG_USBC_VCONN +#define CONFIG_USBC_VCONN_SWAP +#define PD_VCONN_SWAP_DELAY 5000 +#define CONFIG_SHA256 +#define CONFIG_SW_CRC +#endif /* TEST_USB_TCPM_V2_FUZZ */ + #endif /* TEST_FUZZ */ #endif /* __FUZZ_FUZZ_CONFIG_H */ diff --git a/fuzz/usb_tcpm_v2_fuzz.c b/fuzz/usb_tcpm_v2_fuzz.c new file mode 100644 index 0000000000..71ac1fe62b --- /dev/null +++ b/fuzz/usb_tcpm_v2_fuzz.c @@ -0,0 +1,25 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Stubs needed for fuzz testing the USB TCPMv2 state machines. + */ + +#define HIDE_EC_STDLIB +#include "usb_pd.h" +#include "charge_manager.h" + +const struct svdm_response svdm_rsp = { + .identity = NULL, + .svids = NULL, + .modes = NULL, +}; + +int pd_check_vconn_swap(int port) +{ + return 1; +} + +void charge_manager_set_ceil(int port, enum ceil_requestor requestor, int ceil) +{ +} diff --git a/fuzz/usb_tcpm_v2_fuzz.tasklist b/fuzz/usb_tcpm_v2_fuzz.tasklist new file mode 100644 index 0000000000..41f5791411 --- /dev/null +++ b/fuzz/usb_tcpm_v2_fuzz.tasklist @@ -0,0 +1,11 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/** + * See CONFIG_TASK_LIST in config.h for details. + */ +#define CONFIG_TEST_TASK_LIST \ + TASK_TEST(PD_C0, pd_task, NULL, LARGER_TASK_STACK_SIZE) \ + TASK_TEST(PD_C1, pd_task, NULL, LARGER_TASK_STACK_SIZE) -- cgit v1.2.1