test(fuzz) adding fuzzing for vendor-el3 smccc calls
Change-Id: I4fd64c0a4c02de6d67a372c9c4bf86bcb9e4d091
Signed-off-by: Alex Liang <alex.liang2@arm.com>
diff --git a/smc_fuzz/dts/sdei_and_vendor.dts b/smc_fuzz/dts/sdei_and_vendor.dts
new file mode 100644
index 0000000..d057cff
--- /dev/null
+++ b/smc_fuzz/dts/sdei_and_vendor.dts
@@ -0,0 +1,106 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+
+ vendor_el3 {
+ bias = <1>;
+ uid {
+ bias = <30>;
+ functionname = "ven_el3_svc_uuid_funcid";
+ };
+ count {
+ bias = <30>;
+ functionname = "ven_el3_svc_count_funcid";
+ };
+ version {
+ bias = <30>;
+ functionname = "ven_el3_svc_version_funcid";
+ };
+ };
+
+ sdei {
+ bias = <0>;
+ sdei_version {
+ bias = <30>;
+ functionname = "sdei_version_funcid";
+ };
+ sdei_pe_unmask {
+ bias = <30>;
+ functionname = "sdei_pe_unmask_funcid";
+ };
+ sdei_pe_mask {
+ bias = <30>;
+ functionname = "sdei_pe_mask_funcid";
+ };
+ sdei_event_status {
+ bias = <30>;
+ functionname = "sdei_event_status_funcid";
+ };
+ sdei_event_signal {
+ bias = <0>;
+ functionname = "sdei_event_signal_funcid";
+ };
+ sdei_private_reset {
+ bias = <30>;
+ functionname = "sdei_private_reset_funcid";
+ };
+ sdei_shared_reset {
+ bias = <30>;
+ functionname = "sdei_shared_reset_funcid";
+ };
+ sdei_interrupt_bind {
+ bias = <150>;
+ functionname = "sdei_interrupt_bind_funcid";
+ };
+ sdei_event_register {
+ bias = <30>;
+ functionname = "sdei_event_register_funcid";
+ };
+ sdei_event_enable {
+ bias = <30>;
+ functionname = "sdei_event_enable_funcid";
+ };
+ sdei_features {
+ bias = <30>;
+ functionname = "sdei_features_funcid";
+ };
+ sdei_event_disable {
+ bias = <30>;
+ functionname = "sdei_event_disable_funcid";
+ };
+ sdei_event_context {
+ bias = <30>;
+ functionname = "sdei_event_context_funcid";
+ };
+ sdei_event_complete {
+ bias = <30>;
+ functionname = "sdei_event_complete_funcid";
+ };
+ sdei_event_complete_and_resume {
+ bias = <30>;
+ functionname = "sdei_event_complete_and_resume_funcid";
+ };
+ sdei_event_unregister {
+ bias = <30>;
+ functionname = "sdei_event_unregister_funcid";
+ };
+ sdei_event_get_info {
+ bias = <30>;
+ functionname = "sdei_event_get_info_funcid";
+ };
+ sdei_event_routing_set {
+ bias = <30>;
+ functionname = "sdei_event_routing_set_funcid";
+ };
+ sdei_interrupt_release {
+ bias = <30>;
+ functionname = "sdei_interrupt_release_funcid";
+ };
+ };
+};
diff --git a/smc_fuzz/dts/vendor.dts b/smc_fuzz/dts/vendor.dts
new file mode 100644
index 0000000..5abf1bd
--- /dev/null
+++ b/smc_fuzz/dts/vendor.dts
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/dts-v1/;
+
+/ {
+ vendor_el3 {
+ bias = <1>;
+ uid {
+ bias = <30>;
+ functionname = "ven_el3_svc_uuid_funcid";
+ };
+ count {
+ bias = <30>;
+ functionname = "ven_el3_svc_count_funcid";
+ };
+ version {
+ bias = <30>;
+ functionname = "ven_el3_svc_version_funcid";
+ };
+ };
+};
diff --git a/smc_fuzz/include/sdei_fuzz_helper.h b/smc_fuzz/include/sdei_fuzz_helper.h
index 22c961d..b05cb91 100644
--- a/smc_fuzz/include/sdei_fuzz_helper.h
+++ b/smc_fuzz/include/sdei_fuzz_helper.h
@@ -4,6 +4,9 @@
* SPDX-License-Identifier: BSD-3-Clause
*/
+#include <stdlib.h>
+#include <time.h>
+
#include <fuzz_helper.h>
#include "smcmalloc.h"
diff --git a/smc_fuzz/include/vendor_fuzz_helper.h b/smc_fuzz/include/vendor_fuzz_helper.h
new file mode 100644
index 0000000..106df12
--- /dev/null
+++ b/smc_fuzz/include/vendor_fuzz_helper.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <time.h>
+
+#include <fuzz_helper.h>
+#include "smcmalloc.h"
+
+#include <power_management.h>
+#include <sdei.h>
+#include <test_helpers.h>
+#include <tftf_lib.h>
+#include <timer.h>
+
+#ifndef ven_el3_svc_uuid_funcid
+#define ven_el3_svc_uuid_funcid 0
+#endif
+#ifndef ven_el3_svc_count_funcid
+#define ven_el3_svc_count_funcid 0
+#endif
+#ifndef ven_el3_svc_version_funcid
+#define ven_el3_svc_version_funcid 0
+#endif
+
+void run_ven_el3_fuzz(int funcid, struct memmod *mmod);
diff --git a/smc_fuzz/combined_smc_calls.txt b/smc_fuzz/sdei_and_vendor_smc_calls.txt
similarity index 100%
rename from smc_fuzz/combined_smc_calls.txt
rename to smc_fuzz/sdei_and_vendor_smc_calls.txt
diff --git a/smc_fuzz/smc_calls.txt b/smc_fuzz/sdei_smc_calls.txt
similarity index 97%
rename from smc_fuzz/smc_calls.txt
rename to smc_fuzz/sdei_smc_calls.txt
index 263ad76..3017630 100644
--- a/smc_fuzz/smc_calls.txt
+++ b/smc_fuzz/sdei_smc_calls.txt
@@ -54,10 +54,10 @@
smc: SDEI_EVENT_ROUTING_SET_CALL
arg1:event
field:enum:[0,31] = 0
- arg4:routingmode
+ arg2:routingmode
field:routing:[0,0] = 0
field:constant:[1,63] = 0
- arg5:affinity
+ arg3:affinity
field:aff:[0,63] = 0
smc: SDEI_PE_MASK_CALL
arg1 = 0
diff --git a/smc_fuzz/src/runtestfunction_helpers.c b/smc_fuzz/src/runtestfunction_helpers.c
index 95dd30a..411949c 100644
--- a/smc_fuzz/src/runtestfunction_helpers.c
+++ b/smc_fuzz/src/runtestfunction_helpers.c
@@ -10,17 +10,19 @@
int cntid = 0;
+#include <vendor_fuzz_helper.h>
+
/*
* Invoke the SMC call based on the function name specified.
*/
void runtestfunction(int funcid, struct memmod *mmod)
{
-
bool inrange = (cntid >= SMC_FUZZ_CALL_START) && (cntid < SMC_FUZZ_CALL_END);
inrange = inrange && (funcid != EXCLUDE_FUNCID);
run_sdei_fuzz(funcid, mmod, inrange, cntid);
run_tsp_fuzz(funcid);
+ run_ven_el3_fuzz(funcid, mmod);
cntid++;
}
diff --git a/smc_fuzz/src/sdei_fuzz_helper.c b/smc_fuzz/src/sdei_fuzz_helper.c
index 591db0b..5a1d866 100644
--- a/smc_fuzz/src/sdei_fuzz_helper.c
+++ b/smc_fuzz/src/sdei_fuzz_helper.c
@@ -580,8 +580,8 @@
} else if (funcid == sdei_event_routing_set_funcid) {
uint64_t routing_modes[2] = {SDEI_REGF_RM_ANY, SDEI_REGF_RM_PE};
- setconstraint(FUZZER_CONSTRAINT_RANGE, routing_modes, 2, SDEI_EVENT_ROUTING_SET_CALL_ARG4_ROUTING, mmod, FUZZER_CONSTRAINT_ACCMODE);
- setconstraint(FUZZER_CONSTRAINT_SVALUE, PE_SVALUE, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG5_AFF, mmod, FUZZER_CONSTRAINT_ACCMODE);
+ setconstraint(FUZZER_CONSTRAINT_RANGE, routing_modes, 2, SDEI_EVENT_ROUTING_SET_CALL_ARG2_ROUTING, mmod, FUZZER_CONSTRAINT_ACCMODE);
+ setconstraint(FUZZER_CONSTRAINT_SVALUE, PE_SVALUE, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG3_AFF, mmod, FUZZER_CONSTRAINT_ACCMODE);
struct inputparameters inp;
if (CONSTRAIN_EVENTS) {
@@ -674,8 +674,8 @@
setconstraint(FUZZER_CONSTRAINT_SVALUE, evnum, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG1_ENUM, mmod, FUZZER_CONSTRAINT_EXCMODE);
- setconstraint(FUZZER_CONSTRAINT_SVALUE, ANY_ROUTING, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG4_ROUTING, mmod, FUZZER_CONSTRAINT_ACCMODE);
- setconstraint(FUZZER_CONSTRAINT_SVALUE, PE_SVALUE, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG5_AFF, mmod, FUZZER_CONSTRAINT_ACCMODE);
+ setconstraint(FUZZER_CONSTRAINT_SVALUE, ANY_ROUTING, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG2_ROUTING, mmod, FUZZER_CONSTRAINT_ACCMODE);
+ setconstraint(FUZZER_CONSTRAINT_SVALUE, PE_SVALUE, 1, SDEI_EVENT_ROUTING_SET_CALL_ARG3_AFF, mmod, FUZZER_CONSTRAINT_ACCMODE);
inp = generate_args(SDEI_EVENT_ROUTING_SET_CALL, SMC_FUZZ_SANITY_LEVEL);
ret = sdei_event_routing_set(inp.x1, inp.x2);
print_return("routing_set", ret);
diff --git a/smc_fuzz/src/vendor_fuzz_helper.c b/smc_fuzz/src/vendor_fuzz_helper.c
new file mode 100644
index 0000000..2de10b4
--- /dev/null
+++ b/smc_fuzz/src/vendor_fuzz_helper.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright (c) 2024, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arg_struct_def.h>
+#include "constraint.h"
+#include <fuzz_names.h>
+#include <vendor_fuzz_helper.h>
+
+#include <lib/tftf_lib.h>
+#include <runtime_services/ven_el3_svc.h>
+#include <smccc.h>
+#include <uuid_utils.h>
+
+/*
+ * Vendor-Specific EL3 UUID as returned by the implementation in the Trusted
+ * Firmware.
+ */
+static const uuid_t armtf_ven_el3_svc_uuid = {
+ {0xb6, 0x01, 0x1d, 0xca},
+ {0x57, 0xc4},
+ {0x40, 0x7e},
+ 0x83, 0xf0,
+ {0xa7, 0xed, 0xda, 0xf0, 0xdf, 0x6c}
+};
+
+void inputparameters_to_ven_el3_args(struct inputparameters inp, smc_args *args)
+{
+ args->arg1 = inp.x1;
+ args->arg2 = inp.x2;
+ args->arg3 = inp.x3;
+ args->arg4 = inp.x4;
+ args->arg5 = inp.x5;
+ args->arg6 = inp.x6;
+ args->arg7 = inp.x7;
+}
+
+void run_ven_el3_fuzz(int funcid, struct memmod *mmod)
+{
+ if (funcid == ven_el3_svc_uuid_funcid) {
+
+ smc_args ven_el3_svc_args;
+ smc_ret_values ret;
+ uuid_t ven_el3_svc_uuid;
+ char uuid_str[UUID_STR_SIZE];
+
+ /* Standard Service Call UID */
+ ven_el3_svc_args.fid = VEN_EL3_SVC_UID;
+ struct inputparameters inp = generate_args(VEN_EL3_SVC_UUID_CALL, SMC_FUZZ_SANITY_LEVEL);
+
+ inputparameters_to_ven_el3_args(inp, &ven_el3_svc_args);
+
+ ret = tftf_smc(&ven_el3_svc_args);
+
+ make_uuid_from_4words(&ven_el3_svc_uuid,
+ ret.ret0, ret.ret1, ret.ret2, ret.ret3);
+
+ if (!uuid_equal(&ven_el3_svc_uuid, &armtf_ven_el3_svc_uuid)) {
+ tftf_testcase_printf("Wrong UUID: expected %s,\n",
+ uuid_to_str(&armtf_ven_el3_svc_uuid, uuid_str));
+ tftf_testcase_printf(" got %s\n",
+ uuid_to_str(&ven_el3_svc_uuid, uuid_str));
+ } else {
+ #ifdef SMC_FUZZER_DEBUG
+ printf("Correct UUID: got %s,\n",
+ uuid_to_str(&ven_el3_svc_uuid, uuid_str));
+ #endif
+ }
+ } else if (funcid == ven_el3_svc_count_funcid) {
+ smc_args ven_el3_svc_args;
+ smc_ret_values ret;
+
+ ven_el3_svc_args.fid = VEN_EL3_SVC_UID + 1;
+ struct inputparameters inp = generate_args(VEN_EL3_SVC_COUNT_CALL, SMC_FUZZ_SANITY_LEVEL);
+
+ inputparameters_to_ven_el3_args(inp, &ven_el3_svc_args);
+
+ ret = tftf_smc(&ven_el3_svc_args);
+
+ if (ret.ret0 != SMC_UNKNOWN) {
+ tftf_testcase_printf("Querying Vendor-Specific el3 service call count"
+ " which is reserved failed\n");
+ } else {
+ #ifdef SMC_FUZZER_DEBUG
+ printf("Querying Vendor-Specific el3 service call count"
+ " got %ld\n", ret.ret0);
+ #endif
+ }
+ } else if (funcid == ven_el3_svc_version_funcid) {
+ smc_args ven_el3_svc_args;
+ smc_ret_values ret;
+
+ ven_el3_svc_args.fid = VEN_EL3_SVC_VERSION;
+ struct inputparameters inp = generate_args(VEN_EL3_SVC_UUID_CALL, SMC_FUZZ_SANITY_LEVEL);
+
+ inputparameters_to_ven_el3_args(inp, &ven_el3_svc_args);
+
+ ret = tftf_smc(&ven_el3_svc_args);
+
+ if ((ret.ret0 != VEN_EL3_SVC_VERSION_MAJOR) ||
+ (ret.ret1 != VEN_EL3_SVC_VERSION_MINOR)) {
+ tftf_testcase_printf(
+ "Vendor Specific El3 service reported wrong version: expected {%u.%u}, got {%llu.%llu}\n",
+ VEN_EL3_SVC_VERSION_MAJOR, VEN_EL3_SVC_VERSION_MINOR,
+ (unsigned long long)ret.ret0,
+ (unsigned long long)ret.ret1);
+ }
+ }
+}
diff --git a/smc_fuzz/vendor_smc_calls.txt b/smc_fuzz/vendor_smc_calls.txt
new file mode 100644
index 0000000..a5251ac
--- /dev/null
+++ b/smc_fuzz/vendor_smc_calls.txt
@@ -0,0 +1,12 @@
+#
+# Copyright (c) 2024 Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+smc: VEN_EL3_SVC_UUID_CALL
+ arg1=0
+smc: VEN_EL3_SVC_COUNT_CALL
+ arg1=0
+smc: VEN_EL3_SVC_VERSION_CALL
+ arg1=0
diff --git a/tftf/tests/tests-smcfuzzing.mk b/tftf/tests/tests-smcfuzzing.mk
index 05ea46b..9218da1 100644
--- a/tftf/tests/tests-smcfuzzing.mk
+++ b/tftf/tests/tests-smcfuzzing.mk
@@ -16,7 +16,7 @@
SMC_FUZZ_CALL_END ?= $(SMC_FUZZ_CALLS_PER_INSTANCE)
# ADDED: define whether events should specifically be constrained
EXCLUDE_FUNCID ?= 0
-CONSTRAIN_EVENTS ?= 1
+CONSTRAIN_EVENTS ?= 0
INTR_ASSERT ?= 0
# Validate SMC fuzzer parameters
@@ -89,4 +89,5 @@
tsp_fuzz_helper.c \
nfifo.c \
constraint.c \
+ vendor_fuzz_helper.c \
)