fuzz: Add virtio-fs server fuzzer

Add a fuzzer for the virtio-fs server, which is responsible for decoding
a byte stream into FUSE messages.

BUG=none
TEST=run it with cros_fuzz

Change-Id: Ic7695f2106d3f81e6cf09b98ffedc51831238f1e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1865272
Tested-by: Chirantan Ekbote <chirantan@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Commit-Queue: Chirantan Ekbote <chirantan@chromium.org>
Reviewed-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

2 files changed, 23 insertions, 0 deletions

diff --git a/devices/src/virtio/fs/fuzzing.rs b/devices/src/virtio/fs/fuzzing.rs
new file mode 100644
index 0000000..6bb4a8f
--- /dev/null
+++ b/devices/src/virtio/fs/fuzzing.rs
@@ -0,0 +1,21 @@
+// Copyright 2019 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+use crate::virtio::fs::filesystem::FileSystem;
+use crate::virtio::fs::server::Server;
+use crate::virtio::{Reader, Writer};
+
+// Use a file system that does nothing since we are fuzzing the server implementation.
+struct NullFs;
+impl FileSystem for NullFs {
+    type Inode = u64;
+    type Handle = u64;
+}
+
+/// Fuzz the server implementation.
+pub fn fuzz_server(r: Reader, w: Writer) {
+    let server = Server::new(NullFs);
+
+    let _ = server.handle_message(r, w);
+}
diff --git a/devices/src/virtio/fs/mod.rs b/devices/src/virtio/fs/mod.rs
index ff71dc1..5e8ac41 100644
--- a/devices/src/virtio/fs/mod.rs
+++ b/devices/src/virtio/fs/mod.rs
@@ -23,6 +23,8 @@ use crate::virtio::{
 mod filesystem;
 #[allow(dead_code)]
 mod fuse;
+#[cfg(fuzzing)]
+pub mod fuzzing;
 mod multikey;
 pub mod passthrough;
 mod server;