| Message ID | cover.1582560596.git.andreyknvl@google.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | usb: gadget: add raw-gadget interface | expand |
On Mon, Feb 24, 2020 at 5:13 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > This patchset (currently a single patch) adds a new userspace interface > for the USB Gadget subsystem called USB Raw Gadget. This is what is > currently being used to enable coverage-guided USB fuzzing with syzkaller: > > https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md > > Initially I was using GadgetFS (together with the Dummy HCD/UDC module) > to perform emulation of USB devices for fuzzing, but later switched to a > custom written interface. The incentive to implement a different interface > was to provide a somewhat raw and direct access to the USB Gadget layer > for the userspace, where every USB request is passed to the userspace to > get a response. See documentation for the list of differences between > Raw Gadget and GadgetFS. > > Currently Raw Gadget only supports blocking I/O mode, that synchronously > waits for the result of each operation to allow collecting coverage per > operation. > > This patchset has been pushed to the public Linux kernel Gerrit instance: > > https://linux-review.googlesource.com/c/linux/kernel/git/torvalds/linux/+/2144 > > Changes v5 -> v6: > - Prevent raw_process_ep_io() racing with raw_ioctl_ep_disable() by > checking urb_queued flag in the latter. > - Use GFP_KERNEL instead of GFP_ATOMIC where possible. > - Reject opening raw-gadget with O_NONBLOCK to allow future extensions to > support nonblocking IO. > - Reduce RAW_EVENT_QUEUE_SIZE to 16. Hi Felipe! I'm still hoping for a review :) (Forgot to add a link to the example that emulates a USB keyboard via Raw Gadget into the cover letter: https://github.com/xairy/raw-gadget/blob/master/examples/keyboard.c) > > Changes v4 -> v5: > - Specified explicit usb_raw_event_type enum values for all entries. > - Dropped pointless locking in gadget_unbind(). > > Changes v3 -> v4: > - Print debug message when maxpacket check fails. > - Use module_misc_device() instead of module_init/exit(). > - Reuse DRIVER_NAME macro in raw_device struct definition. > - Don't print WARNING in raw_release(). > - Add comment that explains locking into raw_event_queue_fetch(). > - Print a WARNING when event queue size is exceeded. > - Rename raw.c to raw_gadget.c. > - Mention module name in Kconfig. > - Reworked logging to use dev_err/dbg() instead of pr_err/debug(). > > Changes v2 -> v3: > - Updated device path in documentation. > - Changed usb_raw_init struct layout to make it the same for 32 bit compat > mode. > - Added compat_ioctl to raw_fops. > - Changed raw_ioctl_init() to return EINVAL for invalid USB speeds, except > for USB_SPEED_UNKNOWN, which defaults to USB_SPEED_HIGH. > - Reject endpoints with maxpacket = 0 in raw_ioctl_ep_enable(). > > Changes v1 -> v2: > - Moved raw.c to legacy/. > - Changed uapi header to use __u* types. > - Switched from debugfs entry to a misc device. > - Changed raw_dev from refcount to kref. > - Moved UDC_NAME_LENGTH_MAX to uapi headers. > - Used usb_endpoint_type() and usb_endpoint_dir_in/out() functions instead > of open coding them. > - Added "WITH Linux-syscall-note" to SPDX id in the uapi header. > - Removed pr_err() if case dev_new() fails. > - Reduced the number of debugging messages. > > Andrey Konovalov (1): > usb: gadget: add raw-gadget interface > > Documentation/usb/index.rst | 1 + > Documentation/usb/raw-gadget.rst | 61 ++ > drivers/usb/gadget/legacy/Kconfig | 11 + > drivers/usb/gadget/legacy/Makefile | 1 + > drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++ > include/uapi/linux/usb/raw_gadget.h | 167 ++++ > 6 files changed, 1319 insertions(+) > create mode 100644 Documentation/usb/raw-gadget.rst > create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c > create mode 100644 include/uapi/linux/usb/raw_gadget.h > > -- > 2.25.0.265.gbab2e86ba0-goog >
On Mon, Feb 24, 2020 at 5:17 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > On Mon, Feb 24, 2020 at 5:13 PM Andrey Konovalov <andreyknvl@google.com> wrote: > > > > This patchset (currently a single patch) adds a new userspace interface > > for the USB Gadget subsystem called USB Raw Gadget. This is what is > > currently being used to enable coverage-guided USB fuzzing with syzkaller: > > > > https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md > > > > Initially I was using GadgetFS (together with the Dummy HCD/UDC module) > > to perform emulation of USB devices for fuzzing, but later switched to a > > custom written interface. The incentive to implement a different interface > > was to provide a somewhat raw and direct access to the USB Gadget layer > > for the userspace, where every USB request is passed to the userspace to > > get a response. See documentation for the list of differences between > > Raw Gadget and GadgetFS. > > > > Currently Raw Gadget only supports blocking I/O mode, that synchronously > > waits for the result of each operation to allow collecting coverage per > > operation. > > > > This patchset has been pushed to the public Linux kernel Gerrit instance: > > > > https://linux-review.googlesource.com/c/linux/kernel/git/torvalds/linux/+/2144 > > > > Changes v5 -> v6: > > - Prevent raw_process_ep_io() racing with raw_ioctl_ep_disable() by > > checking urb_queued flag in the latter. > > - Use GFP_KERNEL instead of GFP_ATOMIC where possible. > > - Reject opening raw-gadget with O_NONBLOCK to allow future extensions to > > support nonblocking IO. > > - Reduce RAW_EVENT_QUEUE_SIZE to 16. > > Hi Felipe! I'm still hoping for a review :) > > (Forgot to add a link to the example that emulates a USB keyboard via > Raw Gadget into the cover letter: > > https://github.com/xairy/raw-gadget/blob/master/examples/keyboard.c) Hi Greg, Felipe, and Alan, I was wondering if there's a way to move forward with this patch? Alan, since you have a very good knowledge of the USB subsystem, could I ask you to take a look at the patch, while Felipe is busy? Thanks! > > > > > Changes v4 -> v5: > > - Specified explicit usb_raw_event_type enum values for all entries. > > - Dropped pointless locking in gadget_unbind(). > > > > Changes v3 -> v4: > > - Print debug message when maxpacket check fails. > > - Use module_misc_device() instead of module_init/exit(). > > - Reuse DRIVER_NAME macro in raw_device struct definition. > > - Don't print WARNING in raw_release(). > > - Add comment that explains locking into raw_event_queue_fetch(). > > - Print a WARNING when event queue size is exceeded. > > - Rename raw.c to raw_gadget.c. > > - Mention module name in Kconfig. > > - Reworked logging to use dev_err/dbg() instead of pr_err/debug(). > > > > Changes v2 -> v3: > > - Updated device path in documentation. > > - Changed usb_raw_init struct layout to make it the same for 32 bit compat > > mode. > > - Added compat_ioctl to raw_fops. > > - Changed raw_ioctl_init() to return EINVAL for invalid USB speeds, except > > for USB_SPEED_UNKNOWN, which defaults to USB_SPEED_HIGH. > > - Reject endpoints with maxpacket = 0 in raw_ioctl_ep_enable(). > > > > Changes v1 -> v2: > > - Moved raw.c to legacy/. > > - Changed uapi header to use __u* types. > > - Switched from debugfs entry to a misc device. > > - Changed raw_dev from refcount to kref. > > - Moved UDC_NAME_LENGTH_MAX to uapi headers. > > - Used usb_endpoint_type() and usb_endpoint_dir_in/out() functions instead > > of open coding them. > > - Added "WITH Linux-syscall-note" to SPDX id in the uapi header. > > - Removed pr_err() if case dev_new() fails. > > - Reduced the number of debugging messages. > > > > Andrey Konovalov (1): > > usb: gadget: add raw-gadget interface > > > > Documentation/usb/index.rst | 1 + > > Documentation/usb/raw-gadget.rst | 61 ++ > > drivers/usb/gadget/legacy/Kconfig | 11 + > > drivers/usb/gadget/legacy/Makefile | 1 + > > drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++ > > include/uapi/linux/usb/raw_gadget.h | 167 ++++ > > 6 files changed, 1319 insertions(+) > > create mode 100644 Documentation/usb/raw-gadget.rst > > create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c > > create mode 100644 include/uapi/linux/usb/raw_gadget.h > > > > -- > > 2.25.0.265.gbab2e86ba0-goog > >
On Mon, 9 Mar 2020, Andrey Konovalov wrote: > Hi Greg, Felipe, and Alan, > > I was wondering if there's a way to move forward with this patch? > > Alan, since you have a very good knowledge of the USB subsystem, could > I ask you to take a look at the patch, while Felipe is busy? I'll look through the driver when I get a chance. That might not be for a while, though... Alan Stern