Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sys/linux: extract USB HID ids #1294

Merged
merged 2 commits into from Jul 22, 2019

Conversation

@xairy
Copy link
Collaborator

commented Jul 19, 2019

As it turns out the HID kernel subsystem registers only one USB driver that
checks that the interface of the connected device has HID class and then looks
up its own list of vendor/device ids to find a matching driver. This means
that we currently don't generate proper vendor/device ids for USB HID devices.

This patch updates the syz-usbgen tool to also extract USB HID vendor/device
ids from a running kernel and makes the generated descriptions for HID devices
to be patched using the extracted ids.

This patch also contains some minor improvements to USB descriptions
(better HID descriptions and more replies for some USB classes/drivers).

@dvyukov

This comment has been minimized.

Copy link
Collaborator

commented Jul 20, 2019

LGTM but something of CI has failed

Wonder what should we do with vusb_responses long-term... if I understand what happens correctly, soon we may have hundreds of entries there and fuzzer will need to generate all of them for every call and mutations will almost always mutate something unused...

xairy added 2 commits Jul 19, 2019
As it turns out the HID kernel subsystem registers only one USB driver that
checks that the interface of the connected device has HID class and then looks
up its own list of vendor/device ids to find a matching driver. This means
that we currently don't generate proper vendor/device ids for USB HID devices.

This patch updates the syz-usbgen tool to also extract USB HID vendor/device
ids from a running kernel and makes the generated descriptions for HID devices
to be patched using the extracted ids.

This patch also contains some minor improvements to USB descriptions
(better HID descriptions and more replies for some USB classes/drivers).
@xairy xairy force-pushed the xairy:up-usb-hid-ids branch from 2bf7b4a to e5f6c2a Jul 22, 2019
@xairy

This comment has been minimized.

Copy link
Collaborator Author

commented Jul 22, 2019

Re vusb_responses - it's a good question. I think I'll start with splitting it into multiple structs, one per USB class.

@xairy xairy merged commit 55e0c07 into google:master Jul 22, 2019
2 checks passed
2 checks passed
cla/google All necessary CLAs are signed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@xairy xairy deleted the xairy:up-usb-hid-ids branch Jul 22, 2019
@codecov-io

This comment has been minimized.

Copy link

commented Jul 22, 2019

Codecov Report

Merging #1294 into master will increase coverage by 0.02%.
The diff coverage is 40.62%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1294      +/-   ##
==========================================
+ Coverage   57.74%   57.76%   +0.02%     
==========================================
  Files         131      131              
  Lines       24611    24631      +20     
==========================================
+ Hits        14211    14229      +18     
- Misses       9724     9727       +3     
+ Partials      676      675       -1
Impacted Files Coverage Δ
sys/linux/init_vusb.go 0% <0%> (ø) ⬆️
sys/linux/init.go 63.1% <100%> (+0.19%) ⬆️
prog/mutation.go 93.89% <0%> (+1.58%) ⬆️
prog/target.go 61.87% <0%> (+7.19%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6a786da...e5f6c2a. Read the comment docs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.