diff options
| -rw-r--r-- | executor/common_usb.h | 2 | ||||
| -rw-r--r-- | executor/executor.cc | 21 | ||||
| -rw-r--r-- | pkg/csource/generated.go | 1 |
3 files changed, 9 insertions, 15 deletions
diff --git a/executor/common_usb.h b/executor/common_usb.h index 11e92565c..94d270b4b 100644 --- a/executor/common_usb.h +++ b/executor/common_usb.h @@ -267,6 +267,8 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil } debug("syz_usb_connect: usb_fuzzer_open success\n"); + // TODO: consider creating two dummy_udc's per proc to increace the chance of + // triggering interaction between multiple USB devices within the same program. char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]); diff --git a/executor/executor.cc b/executor/executor.cc index e104fc897..34949a015 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -596,32 +596,25 @@ retry: if (call_num == instr_eof) break; bool call_extra_cover = false; + // call_extra_timeout must match timeout in pkg/csource/csource.go. int call_extra_timeout = 0; - if (strncmp(syscalls[call_num].name, "syz_usb", 7) == 0) { + // TODO: find a way to tune timeout values. + if (strncmp(syscalls[call_num].name, "syz_usb", strlen("syz_usb")) == 0) { prog_extra_cover = true; call_extra_cover = true; } if (strncmp(syscalls[call_num].name, "syz_usb_connect", strlen("syz_usb_connect")) == 0) { prog_extra_timeout = 2000; - // Must match timeout in pkg/csource/csource.go. call_extra_timeout = 2000; } - if (strncmp(syscalls[call_num].name, "syz_usb_control_io", strlen("syz_usb_control_io")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_control_io", strlen("syz_usb_control_io")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_ep_write", strlen("syz_usb_ep_write")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_ep_write", strlen("syz_usb_ep_write")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_ep_read", strlen("syz_usb_ep_read")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_ep_read", strlen("syz_usb_ep_read")) == 0) call_extra_timeout = 300; - } - if (strncmp(syscalls[call_num].name, "syz_usb_disconnect", strlen("syz_usb_disconnect")) == 0) { - // Must match timeout in pkg/csource/csource.go. + if (strncmp(syscalls[call_num].name, "syz_usb_disconnect", strlen("syz_usb_disconnect")) == 0) call_extra_timeout = 300; - } if (call_num == instr_copyin) { char* addr = (char*)read_input(&input_pos); uint64 typ = read_input(&input_pos); diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go index 58ccf11b0..6d77fc57c 100644 --- a/pkg/csource/generated.go +++ b/pkg/csource/generated.go @@ -2005,7 +2005,6 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil return fd; } debug("syz_usb_connect: usb_fuzzer_open success\n"); - char device[32]; sprintf(&device[0], "dummy_udc.%llu", procid); rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]); |