diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2020-06-19 19:10:56 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-19 19:10:56 +0200 |
| commit | 81abc33188b4caf19873b9676ab1d8dc0e3511ca (patch) | |
| tree | 3f04a1730ff8bb22a541a56926fc22a3056dfb49 /docs | |
| parent | 2c4fd27e5b61041d32be2ae3375b48e37e2e0378 (diff) | |
Update external_fuzzing_usb.md
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/linux/external_fuzzing_usb.md | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/docs/linux/external_fuzzing_usb.md b/docs/linux/external_fuzzing_usb.md index ad1771703..40c68a8da 100644 --- a/docs/linux/external_fuzzing_usb.md +++ b/docs/linux/external_fuzzing_usb.md @@ -48,16 +48,20 @@ syzkaller USB runtests are [here](/sys/linux/test/) and start with `vusb` prefix The core support for USB fuzzing is now in place, but there are still some things that could be done: -1. Add descriptions for more relevant USB classes and drivers. +1. Remove device from `usb_devices` on disconnect in executor. -2. Implement a proper way for extracting relevant USB ids from the kernel (a related [discussion](https://www.spinics.net/lists/linux-usb/msg187915.html)). +2. Add descriptions for more relevant USB classes and drivers. -3. Add a mode for standalone fuzzing of physical USB hosts (by using e.g. Raspberry Pi Zero, see below). +3. Look for TODOs in [sys/linux/vusb.txt](/sys/linux/vusb.txt). + +4. Implement a proper way for dynamically extracting relevant USB ids from the kernel (a related [discussion](https://www.spinics.net/lists/linux-usb/msg187915.html)). + +5. Add a mode for standalone fuzzing of physical USB hosts (by using e.g. Raspberry Pi Zero, see below). This includes at least: a. making sure that current USB emulation implementation works properly on different OSes (there are some [differences](https://github.com/RoganDawes/LOGITacker/blob/USB_host_enum/fingerprint_os.md#derive-the-os-from-the-fingerprint) in protocol implementation); b. using USB requests coming from the host as a signal (like coverage) to enable "signal-driven" fuzzing, c. making UDC driver name configurable for `syz-execprog` and `syz-prog2c`. -4. Generate syzkaller programs from usbmon trace that is produced by actual USB devices (this should make the fuzzer to go significantly deeper into the USB drivers code). +6. Generate syzkaller programs from usbmon trace that is produced by actual USB devices (this should make the fuzzer to go significantly deeper into the USB drivers code). ## Setting up |