From f4a3dc91283f5ab016f166ffec32f9c08e0ba174 Mon Sep 17 00:00:00 2001
From: Andrey Konovalov <andreyknvl@google.com>
Date: Thu, 11 Apr 2019 15:44:07 +0200
Subject: all: add basic USB fuzzing support

This commits implements 4 syzcalls: syz_usb_connect, syz_usb_io_control,
syz_usb_ep_write and syz_usb_disconnect. Those syzcalls are used to emit USB
packets through a custom GadgetFS-like interface (currently exposed at
/sys/kernel/debug/usb-fuzzer), which requires special kernel patches.

USB fuzzing support is quite basic, as it mostly covers only the USB device
enumeration process. Even though the syz_usb_ep_write syzcall does allow to
communicate with USB endpoints after the device has been enumerated, no
coverage is collected from that code yet.
---
 executor/common_linux.h | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'executor/common_linux.h')

diff --git a/executor/common_linux.h b/executor/common_linux.h
index 0fd7a1582..2d1460ee6 100644
--- a/executor/common_linux.h
+++ b/executor/common_linux.h
@@ -798,6 +798,21 @@ static long syz_extract_tcp_res(volatile long a0, volatile long a1, volatile lon
 }
 #endif
 
+#if SYZ_EXECUTOR || __NR_syz_usb_connect
+#include <errno.h>
+#include <fcntl.h>
+#include <linux/usb/ch9.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include "common_usb.h"
+#endif
+
 #if SYZ_EXECUTOR || __NR_syz_open_dev
 #include <fcntl.h>
 #include <string.h>
-- 
cgit mrf-deployment