Hi, Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> writes: >> I'm using GadgetFs for USB host fuzzing (using umap2), >> and part of the fuzzing session is to send invalid descriptors at >> various stages. >> >> However, some requests are not delegated to user-land (see gadgetfs_setup() >> in gadget/legacy/inode.c), >> Specifically - GET_DESCRIPTOR (device/configuration) and SET_CONFIGURATION. that's because they don't have to be. Kernel caches the descriptors you write during gadgetfs initialization and just returns that. >> Does a patch to switch the gadgetfs module to "delegate all" sounds reasonable? >> If so - what's the preferred way to do it? I have a few options in mind: > > Why do you need to delegate Get-Descriptor? The contents of the > response are entirely dictated by the descriptors provided by the user > program in the first place. > > Set-Configuration _is_ delegated to the user program, although the > program is not allowed to fail the request. Is that what you want to > do? > >> - module parameter >> - write some command to the ep0 file >> - send an ioctl to the ep0 file >> >> Any other suggestion? > > I suspect this sort of thing would not be accepted. If Felipe agrees, > you might as well just keep your changes out-of-tree. This will just open up a can of worms, I'm afraid. What we have today can even pass all USBCV tests, we're not breaking that, sorry. -- balbi
Attachment:
signature.asc
Description: PGP signature