diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2019-04-11 15:44:07 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-04-11 16:24:45 +0200 |
| commit | f4a3dc91283f5ab016f166ffec32f9c08e0ba174 (patch) | |
| tree | 322e6242062367a881530c527e84da5b4cc265e3 /executor/common.h | |
| parent | 10e721ba9292fd30750d4c38e11a15d2fbab8f23 (diff) | |
all: add basic USB fuzzing support
This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control,
syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB
packets through a custom GadgetFS-like interface (currently exposed at
/sys/kernel/debug/usb-fuzzer), which requires special kernel patches.
USB fuzzing support is quite basic, as it mostly covers only the USB device
enumeration process. Even though the syz_usb_ep_write syzcall does allow to
communicate with USB endpoints after the device has been enumerated, no
coverage is collected from that code yet.
Diffstat (limited to 'executor/common.h')
| -rw-r--r-- | executor/common.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/executor/common.h b/executor/common.h index 10e5b960b..27a7380f7 100644 --- a/executor/common.h +++ b/executor/common.h @@ -41,7 +41,7 @@ NORETURN void doexit(int status) #if SYZ_EXECUTOR || SYZ_PROCS || SYZ_REPEAT && SYZ_ENABLE_CGROUPS || \ SYZ_ENABLE_NETDEV || __NR_syz_mount_image || __NR_syz_read_part_table || \ - (GOOS_openbsd || GOOS_freebsd) && SYZ_TUN_ENABLE + __NR_syz_usb_connect || (GOOS_openbsd || GOOS_freebsd) && SYZ_TUN_ENABLE unsigned long long procid; #endif @@ -137,7 +137,8 @@ static void kill_and_wait(int pid, int* status) #endif #if !GOOS_windows -#if SYZ_EXECUTOR || SYZ_THREADED || SYZ_REPEAT && SYZ_EXECUTOR_USES_FORK_SERVER +#if SYZ_EXECUTOR || SYZ_THREADED || SYZ_REPEAT && SYZ_EXECUTOR_USES_FORK_SERVER || \ + __NR_syz_usb_connect static void sleep_ms(uint64 ms) { usleep(ms * 1000); |