diff options
| author | Andrey Konovalov <andreyknvl@google.com> | 2019-04-11 15:44:07 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2019-04-11 16:24:45 +0200 |
| commit | f4a3dc91283f5ab016f166ffec32f9c08e0ba174 (patch) | |
| tree | 322e6242062367a881530c527e84da5b4cc265e3 /sys/linux/init.go | |
| parent | 10e721ba9292fd30750d4c38e11a15d2fbab8f23 (diff) | |
all: add basic USB fuzzing support
This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control,
syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB
packets through a custom GadgetFS-like interface (currently exposed at
/sys/kernel/debug/usb-fuzzer), which requires special kernel patches.
USB fuzzing support is quite basic, as it mostly covers only the USB device
enumeration process. Even though the syz_usb_ep_write syzcall does allow to
communicate with USB endpoints after the device has been enumerated, no
coverage is collected from that code yet.
Diffstat (limited to 'sys/linux/init.go')
| -rw-r--r-- | sys/linux/init.go | 23 |
1 files changed, 12 insertions, 11 deletions
diff --git a/sys/linux/init.go b/sys/linux/init.go index 0d4533686..e694cce09 100644 --- a/sys/linux/init.go +++ b/sys/linux/init.go @@ -50,17 +50,18 @@ func InitTarget(target *prog.Target) { target.SanitizeCall = arch.sanitizeCall target.SpecialTypes = map[string]func(g *prog.Gen, typ prog.Type, old prog.Arg) ( prog.Arg, []*prog.Call){ - "timespec": arch.generateTimespec, - "timeval": arch.generateTimespec, - "sockaddr_alg": arch.generateSockaddrAlg, - "alg_name": arch.generateAlgName, - "alg_aead_name": arch.generateAlgAeadName, - "alg_hash_name": arch.generateAlgHashName, - "alg_blkcipher_name": arch.generateAlgBlkcipherhName, - "ipt_replace": arch.generateIptables, - "ip6t_replace": arch.generateIptables, - "arpt_replace": arch.generateArptables, - "ebt_replace": arch.generateEbtables, + "timespec": arch.generateTimespec, + "timeval": arch.generateTimespec, + "sockaddr_alg": arch.generateSockaddrAlg, + "alg_name": arch.generateAlgName, + "alg_aead_name": arch.generateAlgAeadName, + "alg_hash_name": arch.generateAlgHashName, + "alg_blkcipher_name": arch.generateAlgBlkcipherhName, + "ipt_replace": arch.generateIptables, + "ip6t_replace": arch.generateIptables, + "arpt_replace": arch.generateArptables, + "ebt_replace": arch.generateEbtables, + "usb_device_descriptor": arch.generateUsbDeviceDescriptor, } // TODO(dvyukov): get rid of this, this must be in descriptions. target.StringDictionary = []string{ |