|
|
Currently, only usb COMEDI drivers are covered thanks to external usb
fuzzing approach. However, that still leaves /dev/comedi# devices
untested, thus this change.
There are 2 ways to make kernel spawn comedi devices. First, it seems
that one is created once driver identifies available hardware. Second,
provided a kernel paramater comedi.comedi_num_legacy_minors=N is set,
the same number of manually configurable devices are created,
allowing for configuration using one of the IOCTLs. Both scenarios do
not allow for particularly deep fuzzing as lack of necessary hardware
will inevitably stop any exploration short. Still, it is a start.
What is added:
- Descriptions for all COMEDI-related IOCTLs and structures.
Some arbitrary limits were set on array and list sizes, otherwise
numerous, overly greedy kmallocs slow down fuzzing with constant
warnings.
- List COMEDI devices to open.
A hardcoded list of device names is the best we can do at this point.
First few devs are for manual configuration (see
comedi_num_legacy_minors=N), others - for dynamic ones (N+1, N+2 etc).
- List manually configurable drivers.
COMEDI_DEVCONFIG ioctl takes a driver name from a list of those that
supposedly can be set up that way. No reason to try others.
Tested on a local x86_64 syzkaller instance with enabled_syscalls[].
|
