From 6901a56e001db2bd9705f69cc3f5649134b145ea Mon Sep 17 00:00:00 2001
From: Andrey Konovalov <andreyknvl@google.com>
Date: Wed, 16 Oct 2019 18:02:31 +0200
Subject: executor/usb: enable endpoints on SET_INTERFACE

This commit changes syz_usb_control_io to enable the relevant endpoints
for the interface being set via a SET_INTERFACE request.
---
 sys/linux/test/vusb_cdc_ecm | 3 ++-
 sys/linux/test/vusb_cdc_ncm | 3 ++-
 sys/linux/vusb.txt          | 4 ----
 3 files changed, 4 insertions(+), 6 deletions(-)

(limited to 'sys/linux')

diff --git a/sys/linux/test/vusb_cdc_ecm b/sys/linux/test/vusb_cdc_ecm
index 63c19fa62..a17ce3dd5 100644
--- a/sys/linux/test/vusb_cdc_ecm
+++ b/sys/linux/test/vusb_cdc_ecm
@@ -1,6 +1,7 @@
 # requires: -sandbox=setuid -sandbox=namespace -repeat
 
-r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5, 0x24, 0x6, 0x0, 0x0, ""}, {0x5, 0x24, 0x0, 0x0}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0}, []}, {[], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x0, 0x0, ""}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, ""}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, []})
+r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5, 0x24, 0x6, 0x0, 0x0, ""}, {0x5, 0x24, 0x0, 0x0}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0}, []}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x0, 0x0, ""}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x0, 0x0, ""}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, []})
 syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
 syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
 syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a, 0x3, {0x3400320034003200, 0x3400320034003200, 0x3400320034003200}}}}, 0x0)
+syz_usb_ep_write(r0, 0x0, 0x5, &(0x7f0000002340)='hello')
diff --git a/sys/linux/test/vusb_cdc_ncm b/sys/linux/test/vusb_cdc_ncm
index 85319850c..889ba5e38 100644
--- a/sys/linux/test/vusb_cdc_ncm
+++ b/sys/linux/test/vusb_cdc_ncm
@@ -1,8 +1,9 @@
 # requires: -sandbox=setuid -sandbox=namespace -repeat
 
-r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5, 0x24, 0x6, 0x0, 0x1, ""}, {0x5, 0x24, 0x0, 0x0}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0}, {0x6, 0x24, 0x1a, 0x0, 0x0}, []}, {{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x0, ""}}}, {0x9, 0x4, 0x1, 0x0, 0x0, 0x2, 0xd, 0x0, 0x0, "", ""}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x0, 0x0, ""}}, {{0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, ""}}}}}}}]}}, 0x0)
+r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5, 0x24, 0x6, 0x0, 0x1, ""}, {0x5, 0x24, 0x0, 0x0}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x0}, {0x6, 0x24, 0x1a, 0x0, 0x0}, []}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x0, ""}}}, {0x9, 0x4, 0x1, 0x0, 0x0, 0x2, 0xd, 0x0, 0x0, "", ""}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x0, 0x0, ""}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x0, 0x0, ""}}}}}}}]}}, 0x0)
 syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
 syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
 syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
 syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
 syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a, 0x3, {0x3400320034003200, 0x3400320034003200, 0x3400320034003200}}}}, 0x0)
+syz_usb_ep_write(r0, 0x0, 0x5, &(0x7f0000002340)='hello')
diff --git a/sys/linux/vusb.txt b/sys/linux/vusb.txt
index 8c39c2ec5..f9c87e159 100644
--- a/sys/linux/vusb.txt
+++ b/sys/linux/vusb.txt
@@ -710,8 +710,6 @@ usb_printer_get_id_response {
 # Connected CDC ECM devices are known to create usbN network interfaces.
 # TODO: enable fuzzing of those.
 
-# TODO: currently the only endpoint which is being successfully enabled is the notification endpoint #1.
-
 usb_device_descriptor_cdc_ecm {
 	inner	usb_device_descriptor_t[USB_CLASS_COMM, 0, 0, 0x525, 0xa4a1, 64, array[usb_config_descriptor_cdc_ecm, 1]]
 } [packed]
@@ -954,8 +952,6 @@ vusb_responses_cdc_ecm {
 # https://elixir.bootlin.com/linux/latest/source/drivers/usb/gadget/legacy/ncm.c
 # https://elixir.bootlin.com/linux/latest/source/drivers/usb/gadget/function/f_ncm.c
 
-# TODO: currently the only endpoint which is being successfully enabled is the notification endpoint #1.
-
 usb_device_descriptor_cdc_ncm {
 	inner	usb_device_descriptor_t[USB_CLASS_COMM, 0, 0, 0x525, 0xa4a1, 64, array[usb_config_descriptor_cdc_ncm, 1]]
 } [packed]
-- 
cgit mrf-deployment