diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2019-08-07 18:11:33 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-07 18:11:33 +0200 |
| commit | e6ebef88ac567c3be8461923ea4f0bc9b9d5ad08 (patch) | |
| tree | 1987c70938e8e6c8050dc14c45127f1bfd3ad673 /executor | |
| parent | cdde748628a830b9236db9890a9fea0764bde4fb (diff) | |
executor: add some USB realted TODOs (#1319)
Also simplify timeout related code a bit.
Diffstat (limited to 'executor')
| -rw-r--r-- | executor/common_usb.h | 2 | ||||
| -rw-r--r-- | executor/executor.cc | 21 |
2 files changed, 9 insertions, 14 deletions
diff --git a/executor/common_usb.h b/executor/common_usb.h index 11e92565c..94d270b4b 100644 --- a/executor/common_usb.h +++ b/executor/common_usb.h @@ -267,6 +267,8 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil } debug("syz_usb_connect: usb_fuzzer_open success\n"); + // TODO: consider creating two dummy_udc's per proc to increace the chance of + // triggering interaction between multiple USB devices within the same program. char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]); diff --git a/executor/executor.cc b/executor/executor.cc index e104fc897..34949a015 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -596,32 +596,25 @@ retry: if (call_num == instr_eof) break; bool call_extra_cover = false; + // call_extra_timeout must match timeout in pkg/csource/csource.go. int call_extra_timeout = 0; - if (strncmp(syscalls[call_num].name, "syz_usb", 7) == 0) { + // TODO: find a way to tune timeout values. + if (strncmp(syscalls[call_num].name, "syz_usb", strlen("syz_usb")) == 0) { prog_extra_cover = true; call_extra_cover = true; } if (strncmp(syscalls[call_num].name, "syz_usb_connect", strlen("syz_usb_connect")) == 0) { prog_extra_timeout = 2000; - // Must match timeout in pkg/csource/csource.go. call_extra_timeout = 2000; } - if (strncmp(syscalls[call_num].name, "syz_usb_control_io", strlen("syz_usb_control_io")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_control_io", strlen("syz_usb_control_io")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_ep_write", strlen("syz_usb_ep_write")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_ep_write", strlen("syz_usb_ep_write")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_ep_read", strlen("syz_usb_ep_read")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_ep_read", strlen("syz_usb_ep_read")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_disconnect", strlen("syz_usb_disconnect")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_disconnect", strlen("syz_usb_disconnect")) == 0) call_extra_timeout = 300; - } if (call_num == instr_copyin) { char* addr = (char*)read_input(&input_pos); uint64 typ = read_input(&input_pos); |