From nobody Sun Dec 14 21:52:56 2025 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E70B34402D for ; Thu, 4 Dec 2025 14:13:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764857603; cv=none; b=naKOQUqez2zUucrVJN4BQM/ppY1DYSSFyskrE8t+b8JJQq0TmCmTstDnm4EGYtYH4lGGtaTpCQgyqvjsYe9y0OcyXHYvGlxJtTW8cWou81Bn971vHxYzyc11k2lLR+qgue70A23bNvxYTU9RUGZk/Bf14vSHWPDRjYmGTLEcCBI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764857603; c=relaxed/simple; bh=SLr8BO4ZGW22sZ7mEfPrF/suWJfHfY2rN3bWKeuDZ8k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=pAla2Ype2tkNsirkWwH8o/Lg+jBmpTrM9iH8wixwropy5RcLKKCvV5NgOeI85v1m6q9ZgnuetB7dlI3zmvXwlxwm+VbTIgb5RGfUI038NOGz0f75pgOT4+RZzb+4ig5uFs+dv6nf9uNb4rHoVDLQBL5jMJQtWIuEXz9NIbESw34= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bGzW71Bo; arc=none smtp.client-ip=209.85.128.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bGzW71Bo" Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-477a1c28778so13925225e9.3 for ; Thu, 04 Dec 2025 06:13:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764857597; x=1765462397; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ekn2DBIpCkQXanmNkedEYdcryjYDg+bStsY06P8Miig=; b=bGzW71BoNXtNjjbz1PyhU+5UP6+NttYR8U1PNX0svQjpXNwi/LqJPiQlqcT+JwX1af pa6mFPWQ7aIwqC0W5J98rdB8CktaRgqmLi/9a7mKOP7bIG8K/UPsC7Zx6Jr6BFcI8Ff8 QdVQ6vc74tVQhL7wQNoit7dR+DgQ4T4Wc2wCrw6O9Wo7zzCjOWRmPbA+54LI3lkiSDog TXuKmPaIe7UJ1ilcEGAQQKnoG4ykjs2r/gMDvrd2s2MBbNP2ImqS9NlW/CGo3+6H2UCp DhRpUSJEV3dVxubijbBPAHC5L8IGBMvMu40JwFMd9N5BR0wGOBAS5dpnuL45eVDQ7xZ5 HeHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764857597; x=1765462397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ekn2DBIpCkQXanmNkedEYdcryjYDg+bStsY06P8Miig=; b=foPAFyGysFbzQKcOlW78n8XJqxe5lFopDP0i2R3L1vCDv7FPDkv19Rhxb+yb0QWZ+o vrf+hKfXX/oQEPa7hlrV6LJccLHznIi3Ndb7mJ/4uXvyJ9YTIGzz1A/JLSbMtGy6wp7e jmJZo9+8sdwyGK+Z9jP0iuZW3DgWznXRrE+zY75JL3P3QeTcy9Wn808wA2CHlJV9cE0g tP1W5p1xVpZNUJmTKwpIYXbvWVzkvUqBlEtO+ezqqEk600jfZQTOL7jSB2Z/3IS/t8Ai UvVEQqQwvdCz6aocq5Kh/KUbROHjmAcVzLrlmJSxXz3thTR5PtlKLESLOZTZTHw1JdNh NNyQ== X-Forwarded-Encrypted: i=1; AJvYcCXwjPw5dWoXkMqfgVtn+WCXUtSIEMbZHxV9BXwykewKeCUxAiZTnxOPp7iAHoIi0cCOEUtKBAprdZ6vDz0=@vger.kernel.org X-Gm-Message-State: AOJu0YwadYGCAiw5CH5lD432+HCY6loCdIGu4Avyjq2FIxFQhJ2k2B0o fcUHqaw46J9m2Eq9+324cRZBvkKfR07GhnvSNuKZh53rB/6OJFqNrf5I X-Gm-Gg: ASbGncvN48Y1gjzGEx82mDINrWoBg5Ccea8agWwIp68bCGMuKLSEEGgwHrxPFI0A/pE Ycie+kOIEo26v7B/4CXDY4GXMgsGXjMTqnwphNtXGua0mAnpHTmQ8rJau/cNmB43P+7ozgnVDMB 34fNBKkq5ckGM0h4MmIiv55N6JIUBqSybSa4CeuvkY1s9ZBJVqhe4LeFk+1DeUazC3r7pTJ9qlO cughp1hKR4if6XhE4sM8xsnkLkhrxpWVTUoG5I4MG4H8npFlSVznzSvKAMSC9Zgmr3p/94pi3fR vCBCxi0iVTtEkVlOW3aXf6MVxGDZvWW/ees3pzEzmPDNAge24+7pEhpyRrkQu8Np9BsYDAOhl6B 93H0P/0LhCwUfsEqkpYrYWo6zzG4e9m+QaPIPcnCjwcORT3ImVcxDD7PWtQavlt+0wYj/Pfb5Bl RYUl/t4XwS7ZIZnyYeluvbe9SDWxg+BG9GvQY7udAVe1+BeQ5Ar7npp94xoX/D9TnuxA== X-Google-Smtp-Source: AGHT+IF0jf9L5DYl+1CaWZ41zHsxhPYhONOE+2bdn2S71mNR6t6KEufMrADSOSJwyHdeDKC7Wy8upA== X-Received: by 2002:a05:6000:144c:b0:3e8:b4cb:c3dc with SMTP id ffacd0b85a97d-42f79514872mr3363210f8f.3.1764857597333; Thu, 04 Dec 2025 06:13:17 -0800 (PST) Received: from ethan-tp.d.ethz.ch (2001-67c-10ec-5744-8000--626.net6.ethz.ch. [2001:67c:10ec:5744:8000::626]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42f7cbfeae9sm3605808f8f.13.2025.12.04.06.13.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Dec 2025 06:13:16 -0800 (PST) From: Ethan Graham To: ethan.w.s.graham@gmail.com, glider@google.com Cc: andreyknvl@gmail.com, andy@kernel.org, andy.shevchenko@gmail.com, brauner@kernel.org, brendan.higgins@linux.dev, davem@davemloft.net, davidgow@google.com, dhowells@redhat.com, dvyukov@google.com, elver@google.com, herbert@gondor.apana.org.au, ignat@cloudflare.com, jack@suse.cz, jannh@google.com, johannes@sipsolutions.net, kasan-dev@googlegroups.com, kees@kernel.org, kunit-dev@googlegroups.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, lukas@wunner.de, rmoar@google.com, shuah@kernel.org, sj@kernel.org, tarasmadan@google.com, Ethan Graham Subject: [PATCH 09/10] drivers/auxdisplay: add a KFuzzTest for parse_xy() Date: Thu, 4 Dec 2025 15:12:48 +0100 Message-ID: <20251204141250.21114-10-ethan.w.s.graham@gmail.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251204141250.21114-1-ethan.w.s.graham@gmail.com> References: <20251204141250.21114-1-ethan.w.s.graham@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ethan Graham Add a KFuzzTest fuzzer for the parse_xy() function, located in a new file under /drivers/auxdisplay/tests. To validate the correctness and effectiveness of this KFuzzTest target, a bug was injected into parse_xy() like so: drivers/auxdisplay/charlcd.c:179 - s =3D p; + s =3D p + 1; Although a simple off-by-one bug, it requires a specific input sequence in order to trigger it, thus demonstrating the power of pairing KFuzzTest with a coverage-guided fuzzer like syzkaller. Signed-off-by: Ethan Graham Signed-off-by: Ethan Graham Acked-by: Alexander Potapenko --- PR v3: - Remove conditional inclusion of charlcd_kfuzz.c from charlcd.c, as requested by Andy Shevchenko. - Update auxdisplay Makefile to conditionally build charlcd_kfuzz.c when CONFIG_KFUZZTEST=3Dy, as suggested by Lukas Wunner and Andy Shevchenko. - Foward declare parse_xy in charlcd_kfuzz.c. --- --- drivers/auxdisplay/Makefile | 3 +++ drivers/auxdisplay/tests/charlcd_kfuzz.c | 22 ++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 drivers/auxdisplay/tests/charlcd_kfuzz.c diff --git a/drivers/auxdisplay/Makefile b/drivers/auxdisplay/Makefile index f5c13ed1cd4f..af00b0a173de 100644 --- a/drivers/auxdisplay/Makefile +++ b/drivers/auxdisplay/Makefile @@ -6,6 +6,9 @@ obj-$(CONFIG_ARM_CHARLCD) +=3D arm-charlcd.o obj-$(CONFIG_CFAG12864B) +=3D cfag12864b.o cfag12864bfb.o obj-$(CONFIG_CHARLCD) +=3D charlcd.o +ifeq ($(CONFIG_KFUZZTEST),y) +CFLAGS_charlcd.o +=3D -include $(src)/tests/charlcd_kfuzz.c +endif obj-$(CONFIG_HD44780_COMMON) +=3D hd44780_common.o obj-$(CONFIG_HD44780) +=3D hd44780.o obj-$(CONFIG_HT16K33) +=3D ht16k33.o diff --git a/drivers/auxdisplay/tests/charlcd_kfuzz.c b/drivers/auxdisplay/= tests/charlcd_kfuzz.c new file mode 100644 index 000000000000..3adf510f4356 --- /dev/null +++ b/drivers/auxdisplay/tests/charlcd_kfuzz.c @@ -0,0 +1,22 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * charlcd KFuzzTest target + * + * Copyright 2025 Google LLC + */ +#include + +struct parse_xy_arg { + const char *s; +}; + +static bool parse_xy(const char *s, unsigned long *x, unsigned long *y); + +FUZZ_TEST(test_parse_xy, struct parse_xy_arg) +{ + unsigned long x, y; + + KFUZZTEST_EXPECT_NOT_NULL(parse_xy_arg, s); + KFUZZTEST_ANNOTATE_STRING(parse_xy_arg, s); + parse_xy(arg->s, &x, &y); +} --=20 2.51.0