aboutsummaryrefslogtreecommitdiffstats
path: root/executor
diff options
context:
space:
mode:
Diffstat (limited to 'executor')
-rw-r--r--executor/common_usb.h175
1 files changed, 87 insertions, 88 deletions
diff --git a/executor/common_usb.h b/executor/common_usb.h
index 026b2be6f..7b16f9849 100644
--- a/executor/common_usb.h
+++ b/executor/common_usb.h
@@ -74,112 +74,111 @@ static bool parse_usb_descriptor(char* buffer, size_t length, struct usb_device_
return true;
}
-enum usb_fuzzer_event_type {
- USB_FUZZER_EVENT_INVALID,
- USB_FUZZER_EVENT_CONNECT,
- USB_FUZZER_EVENT_DISCONNECT,
- USB_FUZZER_EVENT_SUSPEND,
- USB_FUZZER_EVENT_RESUME,
- USB_FUZZER_EVENT_CONTROL,
+enum usb_raw_event_type {
+ USB_RAW_EVENT_INVALID,
+ USB_RAW_EVENT_CONNECT,
+ USB_RAW_EVENT_DISCONNECT,
+ USB_RAW_EVENT_SUSPEND,
+ USB_RAW_EVENT_CONTROL,
};
-struct usb_fuzzer_event {
+struct usb_raw_event {
uint32 type;
uint32 length;
char data[0];
};
-struct usb_fuzzer_init {
+struct usb_raw_init {
uint64 speed;
const char* driver_name;
const char* device_name;
};
-struct usb_fuzzer_ep_io {
+struct usb_raw_ep_io {
uint16 ep;
uint16 flags;
uint32 length;
char data[0];
};
-#define USB_FUZZER_IOCTL_INIT _IOW('U', 0, struct usb_fuzzer_init)
-#define USB_FUZZER_IOCTL_RUN _IO('U', 1)
-#define USB_FUZZER_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_fuzzer_event)
-#define USB_FUZZER_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_fuzzer_ep_io)
-#define USB_FUZZER_IOCTL_EP0_READ _IOWR('U', 4, struct usb_fuzzer_ep_io)
-#define USB_FUZZER_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor)
-#define USB_FUZZER_IOCTL_EP_DISABLE _IOW('U', 6, int)
-#define USB_FUZZER_IOCTL_EP_WRITE _IOW('U', 7, struct usb_fuzzer_ep_io)
-#define USB_FUZZER_IOCTL_EP_READ _IOWR('U', 8, struct usb_fuzzer_ep_io)
-#define USB_FUZZER_IOCTL_CONFIGURE _IO('U', 9)
-#define USB_FUZZER_IOCTL_VBUS_DRAW _IOW('U', 10, uint32)
-
-static int usb_fuzzer_open()
+#define USB_RAW_IOCTL_INIT _IOW('U', 0, struct usb_raw_init)
+#define USB_RAW_IOCTL_RUN _IO('U', 1)
+#define USB_RAW_IOCTL_EVENT_FETCH _IOR('U', 2, struct usb_raw_event)
+#define USB_RAW_IOCTL_EP0_WRITE _IOW('U', 3, struct usb_raw_ep_io)
+#define USB_RAW_IOCTL_EP0_READ _IOWR('U', 4, struct usb_raw_ep_io)
+#define USB_RAW_IOCTL_EP_ENABLE _IOW('U', 5, struct usb_endpoint_descriptor)
+#define USB_RAW_IOCTL_EP_DISABLE _IOW('U', 6, int)
+#define USB_RAW_IOCTL_EP_WRITE _IOW('U', 7, struct usb_raw_ep_io)
+#define USB_RAW_IOCTL_EP_READ _IOWR('U', 8, struct usb_raw_ep_io)
+#define USB_RAW_IOCTL_CONFIGURE _IO('U', 9)
+#define USB_RAW_IOCTL_VBUS_DRAW _IOW('U', 10, uint32)
+
+static int usb_raw_open()
{
- return open("/sys/kernel/debug/usb-fuzzer", O_RDWR);
+ return open("/sys/kernel/debug/usb/raw-gadget", O_RDWR);
}
-static int usb_fuzzer_init(int fd, uint32 speed, const char* driver, const char* device)
+static int usb_raw_init(int fd, uint32 speed, const char* driver, const char* device)
{
- struct usb_fuzzer_init arg;
+ struct usb_raw_init arg;
arg.speed = speed;
arg.driver_name = driver;
arg.device_name = device;
- return ioctl(fd, USB_FUZZER_IOCTL_INIT, &arg);
+ return ioctl(fd, USB_RAW_IOCTL_INIT, &arg);
}
-static int usb_fuzzer_run(int fd)
+static int usb_raw_run(int fd)
{
- return ioctl(fd, USB_FUZZER_IOCTL_RUN, 0);
+ return ioctl(fd, USB_RAW_IOCTL_RUN, 0);
}
-static int usb_fuzzer_event_fetch(int fd, struct usb_fuzzer_event* event)
+static int usb_raw_event_fetch(int fd, struct usb_raw_event* event)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EVENT_FETCH, event);
+ return ioctl(fd, USB_RAW_IOCTL_EVENT_FETCH, event);
}
-static int usb_fuzzer_ep0_write(int fd, struct usb_fuzzer_ep_io* io)
+static int usb_raw_ep0_write(int fd, struct usb_raw_ep_io* io)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP0_WRITE, io);
+ return ioctl(fd, USB_RAW_IOCTL_EP0_WRITE, io);
}
-static int usb_fuzzer_ep0_read(int fd, struct usb_fuzzer_ep_io* io)
+static int usb_raw_ep0_read(int fd, struct usb_raw_ep_io* io)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP0_READ, io);
+ return ioctl(fd, USB_RAW_IOCTL_EP0_READ, io);
}
#if SYZ_EXECUTOR || __NR_syz_usb_ep_write
-static int usb_fuzzer_ep_write(int fd, struct usb_fuzzer_ep_io* io)
+static int usb_raw_ep_write(int fd, struct usb_raw_ep_io* io)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP_WRITE, io);
+ return ioctl(fd, USB_RAW_IOCTL_EP_WRITE, io);
}
#endif
#if SYZ_EXECUTOR || __NR_syz_usb_ep_read
-static int usb_fuzzer_ep_read(int fd, struct usb_fuzzer_ep_io* io)
+static int usb_raw_ep_read(int fd, struct usb_raw_ep_io* io)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP_READ, io);
+ return ioctl(fd, USB_RAW_IOCTL_EP_READ, io);
}
#endif
-static int usb_fuzzer_ep_enable(int fd, struct usb_endpoint_descriptor* desc)
+static int usb_raw_ep_enable(int fd, struct usb_endpoint_descriptor* desc)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP_ENABLE, desc);
+ return ioctl(fd, USB_RAW_IOCTL_EP_ENABLE, desc);
}
-static int usb_fuzzer_ep_disable(int fd, int ep)
+static int usb_raw_ep_disable(int fd, int ep)
{
- return ioctl(fd, USB_FUZZER_IOCTL_EP_DISABLE, ep);
+ return ioctl(fd, USB_RAW_IOCTL_EP_DISABLE, ep);
}
-static int usb_fuzzer_configure(int fd)
+static int usb_raw_configure(int fd)
{
- return ioctl(fd, USB_FUZZER_IOCTL_CONFIGURE, 0);
+ return ioctl(fd, USB_RAW_IOCTL_CONFIGURE, 0);
}
-static int usb_fuzzer_vbus_draw(int fd, uint32 power)
+static int usb_raw_vbus_draw(int fd, uint32 power)
{
- return ioctl(fd, USB_FUZZER_IOCTL_VBUS_DRAW, power);
+ return ioctl(fd, USB_RAW_IOCTL_VBUS_DRAW, power);
}
#define MAX_USB_FDS 6
@@ -246,7 +245,7 @@ static void set_interface(int fd, int n)
if (index->iface_cur >= 0 && index->iface_cur < index->ifaces_num) {
for (ep = 0; ep < index->ifaces[index->iface_cur].eps_num; ep++) {
- int rv = usb_fuzzer_ep_disable(fd, ep);
+ int rv = usb_raw_ep_disable(fd, ep);
if (rv < 0) {
debug("set_interface: failed to disable endpoint %d\n", ep);
} else {
@@ -256,7 +255,7 @@ static void set_interface(int fd, int n)
}
if (n >= 0 && n < index->ifaces_num) {
for (ep = 0; ep < index->ifaces[n].eps_num; ep++) {
- int rv = usb_fuzzer_ep_enable(fd, &index->ifaces[n].eps[ep]);
+ int rv = usb_raw_ep_enable(fd, &index->ifaces[n].eps[ep]);
if (rv < 0) {
debug("set_interface: failed to enable endpoint %d\n", ep);
} else {
@@ -274,14 +273,14 @@ static int configure_device(int fd)
if (!index)
return -1;
- int rv = usb_fuzzer_vbus_draw(fd, index->bMaxPower);
+ int rv = usb_raw_vbus_draw(fd, index->bMaxPower);
if (rv < 0) {
- debug("configure_device: usb_fuzzer_vbus_draw failed with %d\n", rv);
+ debug("configure_device: usb_raw_vbus_draw failed with %d\n", rv);
return rv;
}
- rv = usb_fuzzer_configure(fd);
+ rv = usb_raw_configure(fd);
if (rv < 0) {
- debug("configure_device: usb_fuzzer_configure failed with %d\n", rv);
+ debug("configure_device: usb_raw_configure failed with %d\n", rv);
return rv;
}
set_interface(fd, 0);
@@ -290,14 +289,14 @@ static int configure_device(int fd)
#define USB_MAX_PACKET_SIZE 1024
-struct usb_fuzzer_control_event {
- struct usb_fuzzer_event inner;
+struct usb_raw_control_event {
+ struct usb_raw_event inner;
struct usb_ctrlrequest ctrl;
char data[USB_MAX_PACKET_SIZE];
};
-struct usb_fuzzer_ep_io_data {
- struct usb_fuzzer_ep_io inner;
+struct usb_raw_ep_io_data {
+ struct usb_raw_ep_io inner;
char data[USB_MAX_PACKET_SIZE];
};
@@ -420,9 +419,9 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
debug("syz_usb_connect: device data:\n");
debug_dump_data(dev, dev_len);
- int fd = usb_fuzzer_open();
+ int fd = usb_raw_open();
if (fd < 0) {
- debug("syz_usb_connect: usb_fuzzer_open failed with %d\n", fd);
+ debug("syz_usb_connect: usb_raw_open failed with %d\n", fd);
return fd;
}
if (fd >= MAX_FDS) {
@@ -430,7 +429,7 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
debug("syz_usb_connect: too many open fds\n");
return -1;
}
- debug("syz_usb_connect: usb_fuzzer_open success\n");
+ debug("syz_usb_connect: usb_raw_open success\n");
struct usb_device_index* index = add_usb_index(fd, dev, dev_len);
if (!index) {
@@ -443,31 +442,31 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
// triggering interaction between multiple USB devices within the same program.
char device[32];
sprintf(&device[0], "dummy_udc.%llu", procid);
- int rv = usb_fuzzer_init(fd, speed, "dummy_udc", &device[0]);
+ int rv = usb_raw_init(fd, speed, "dummy_udc", &device[0]);
if (rv < 0) {
- debug("syz_usb_connect: usb_fuzzer_init failed with %d\n", rv);
+ debug("syz_usb_connect: usb_raw_init failed with %d\n", rv);
return rv;
}
- debug("syz_usb_connect: usb_fuzzer_init success\n");
+ debug("syz_usb_connect: usb_raw_init success\n");
- rv = usb_fuzzer_run(fd);
+ rv = usb_raw_run(fd);
if (rv < 0) {
- debug("syz_usb_connect: usb_fuzzer_run failed with %d\n", rv);
+ debug("syz_usb_connect: usb_raw_run failed with %d\n", rv);
return rv;
}
- debug("syz_usb_connect: usb_fuzzer_run success\n");
+ debug("syz_usb_connect: usb_raw_run success\n");
bool done = false;
while (!done) {
- struct usb_fuzzer_control_event event;
+ struct usb_raw_control_event event;
event.inner.type = 0;
event.inner.length = sizeof(event.ctrl);
- rv = usb_fuzzer_event_fetch(fd, (struct usb_fuzzer_event*)&event);
+ rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event);
if (rv < 0) {
- debug("syz_usb_connect: usb_fuzzer_event_fetch failed with %d\n", rv);
+ debug("syz_usb_connect: usb_raw_event_fetch failed with %d\n", rv);
return rv;
}
- if (event.inner.type != USB_FUZZER_EVENT_CONTROL)
+ if (event.inner.type != USB_RAW_EVENT_CONTROL)
continue;
debug("syz_usb_connect: bReqType: 0x%x (%s), bReq: 0x%x, wVal: 0x%x, wIdx: 0x%x, wLen: %d\n",
@@ -501,7 +500,7 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
}
}
- struct usb_fuzzer_ep_io_data response;
+ struct usb_raw_ep_io_data response;
response.inner.ep = 0;
response.inner.flags = 0;
if (response_length > sizeof(response.data))
@@ -516,14 +515,14 @@ static volatile long syz_usb_connect(volatile long a0, volatile long a1, volatil
if (event.ctrl.bRequestType & USB_DIR_IN) {
debug("syz_usb_connect: writing %d bytes\n", response.inner.length);
- rv = usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response);
+ rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response);
} else {
- rv = usb_fuzzer_ep0_read(fd, (struct usb_fuzzer_ep_io*)&response);
+ rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response);
debug("syz_usb_connect: read %d bytes\n", response.inner.length);
debug_dump_data(&event.data[0], response.inner.length);
}
if (rv < 0) {
- debug("syz_usb_connect: usb_fuzzer_ep0_read/write failed with %d\n", rv);
+ debug("syz_usb_connect: usb_raw_ep0_read/write failed with %d\n", rv);
return rv;
}
}
@@ -670,15 +669,15 @@ static volatile long syz_usb_control_io(volatile long a0, volatile long a1, vola
struct vusb_descriptors* descs = (struct vusb_descriptors*)a1;
struct vusb_responses* resps = (struct vusb_responses*)a2;
- struct usb_fuzzer_control_event event;
+ struct usb_raw_control_event event;
event.inner.type = 0;
event.inner.length = USB_MAX_PACKET_SIZE;
- int rv = usb_fuzzer_event_fetch(fd, (struct usb_fuzzer_event*)&event);
+ int rv = usb_raw_event_fetch(fd, (struct usb_raw_event*)&event);
if (rv < 0) {
- debug("syz_usb_control_io: usb_fuzzer_ep0_read failed with %d\n", rv);
+ debug("syz_usb_control_io: usb_raw_ep0_read failed with %d\n", rv);
return rv;
}
- if (event.inner.type != USB_FUZZER_EVENT_CONTROL) {
+ if (event.inner.type != USB_RAW_EVENT_CONTROL) {
debug("syz_usb_control_io: wrong event type: %d\n", (int)event.inner.type);
return -1;
}
@@ -718,7 +717,7 @@ static volatile long syz_usb_control_io(volatile long a0, volatile long a1, vola
response_length = event.ctrl.wLength;
}
- struct usb_fuzzer_ep_io_data response;
+ struct usb_raw_ep_io_data response;
response.inner.ep = 0;
response.inner.flags = 0;
if (response_length > sizeof(response.data))
@@ -738,14 +737,14 @@ static volatile long syz_usb_control_io(volatile long a0, volatile long a1, vola
if ((event.ctrl.bRequestType & USB_DIR_IN) && event.ctrl.wLength) {
debug("syz_usb_control_io: writing %d bytes\n", response.inner.length);
debug_dump_data(&response.data[0], response.inner.length);
- rv = usb_fuzzer_ep0_write(fd, (struct usb_fuzzer_ep_io*)&response);
+ rv = usb_raw_ep0_write(fd, (struct usb_raw_ep_io*)&response);
} else {
- rv = usb_fuzzer_ep0_read(fd, (struct usb_fuzzer_ep_io*)&response);
+ rv = usb_raw_ep0_read(fd, (struct usb_raw_ep_io*)&response);
debug("syz_usb_control_io: read %d bytes\n", response.inner.length);
debug_dump_data(&response.data[0], response.inner.length);
}
if (rv < 0) {
- debug("syz_usb_control_io: usb_fuzzer_ep0_read/write failed with %d\n", rv);
+ debug("syz_usb_control_io: usb_raw_ep0_read/write failed with %d\n", rv);
return rv;
}
@@ -763,7 +762,7 @@ static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volati
uint32 len = a2;
char* data = (char*)a3;
- struct usb_fuzzer_ep_io_data io_data;
+ struct usb_raw_ep_io_data io_data;
io_data.inner.ep = ep;
io_data.inner.flags = 0;
if (len > sizeof(io_data.data))
@@ -771,9 +770,9 @@ static volatile long syz_usb_ep_write(volatile long a0, volatile long a1, volati
io_data.inner.length = len;
NONFAILING(memcpy(&io_data.data[0], data, len));
- int rv = usb_fuzzer_ep_write(fd, (struct usb_fuzzer_ep_io*)&io_data);
+ int rv = usb_raw_ep_write(fd, (struct usb_raw_ep_io*)&io_data);
if (rv < 0) {
- debug("syz_usb_ep_write: usb_fuzzer_ep_write failed with %d\n", rv);
+ debug("syz_usb_ep_write: usb_raw_ep_write failed with %d\n", rv);
return rv;
}
@@ -791,16 +790,16 @@ static volatile long syz_usb_ep_read(volatile long a0, volatile long a1, volatil
uint32 len = a2;
char* data = (char*)a3;
- struct usb_fuzzer_ep_io_data io_data;
+ struct usb_raw_ep_io_data io_data;
io_data.inner.ep = ep;
io_data.inner.flags = 0;
if (len > sizeof(io_data.data))
len = sizeof(io_data.data);
io_data.inner.length = len;
- int rv = usb_fuzzer_ep_read(fd, (struct usb_fuzzer_ep_io*)&io_data);
+ int rv = usb_raw_ep_read(fd, (struct usb_raw_ep_io*)&io_data);
if (rv < 0) {
- debug("syz_usb_ep_read: usb_fuzzer_ep_read failed with %d\n", rv);
+ debug("syz_usb_ep_read: usb_raw_ep_read failed with %d\n", rv);
return rv;
}
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 21:51:28 +0000