From 09ff5abc02a0e38bb275a91380fc03d6cd0d47a5 Mon Sep 17 00:00:00 2001 From: Andrey Konovalov Date: Wed, 1 Apr 2020 19:37:07 +0200 Subject: csource, executor: add usb emulation feature The feature gets enabled when /dev/raw-gadget is present and accessible. With this feature enabled, executor will do chmod 0666 /dev/raw-gadget on startup, which makes it possible to do USB fuzzing in setuid and namespace sandboxes. There should be no backwards compatibility issues with syz reproducers that don't explicitly enable this feature, as they currently only work in none sandbox. --- pkg/host/features.go | 5 +++++ pkg/host/features_linux.go | 3 ++- pkg/host/syscalls_linux.go | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'pkg/host') diff --git a/pkg/host/features.go b/pkg/host/features.go index 3bc0127b6..707757755 100644 --- a/pkg/host/features.go +++ b/pkg/host/features.go @@ -25,6 +25,7 @@ const ( FeatureNetDevices FeatureKCSAN FeatureDevlinkPCI + FeatureUSBEmulation numFeatures ) @@ -62,6 +63,7 @@ func Check(target *prog.Target) (*Features, error) { FeatureNetDevices: {Name: "net device setup", Reason: unsupported}, FeatureKCSAN: {Name: "concurrency sanitizer", Reason: unsupported}, FeatureDevlinkPCI: {Name: "devlink PCI setup", Reason: unsupported}, + FeatureUSBEmulation: {Name: "USB emulation", Reason: unsupported}, } if targets.Get(target.OS, target.Arch).HostFuzzer { return res, nil @@ -99,6 +101,9 @@ func Setup(target *prog.Target, features *Features, featureFlags csource.Feature if features[FeatureKCSAN].Enabled { args = append(args, "kcsan") } + if features[FeatureUSBEmulation].Enabled { + args = append(args, "usb") + } _, err := osutil.RunCmd(time.Minute, "", executor, args...) return err } diff --git a/pkg/host/features_linux.go b/pkg/host/features_linux.go index 7b4b7b243..8c6f63004 100644 --- a/pkg/host/features_linux.go +++ b/pkg/host/features_linux.go @@ -27,6 +27,7 @@ func init() { checkFeature[FeatureNetDevices] = unconditionallyEnabled checkFeature[FeatureKCSAN] = checkKCSAN checkFeature[FeatureDevlinkPCI] = checkDevlinkPCI + checkFeature[FeatureUSBEmulation] = checkUSBEmulation } func checkCoverage() string { @@ -183,7 +184,7 @@ func checkNetInjection() string { return "" } -func checkUSBInjection() string { +func checkUSBEmulation() string { if err := osutil.IsAccessible("/dev/raw-gadget"); err != nil { return err.Error() } diff --git a/pkg/host/syscalls_linux.go b/pkg/host/syscalls_linux.go index 693ec3f3e..dd89733c0 100644 --- a/pkg/host/syscalls_linux.go +++ b/pkg/host/syscalls_linux.go @@ -177,7 +177,7 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) { if !strings.Contains(fname, "#") { panic(fmt.Sprintf("%v does not contain # in the file name (should be openat)", c.Name)) } - if checkUSBInjection() == "" { + if checkUSBEmulation() == "" { // These entries might not be available at boot time, // but will be created by connected USB devices. USBDevicePrefixes := []string{ @@ -215,7 +215,7 @@ func isSupportedSyzkall(sandbox string, c *prog.Syscall) (bool, string) { return reason == "", reason case "syz_usb_connect", "syz_usb_connect_ath9k", "syz_usb_disconnect", "syz_usb_control_io", "syz_usb_ep_write", "syz_usb_ep_read": - reason := checkUSBInjection() + reason := checkUSBEmulation() return reason == "", reason case "syz_kvm_setup_cpu": switch c.Name { -- cgit mrf-deployment