On Fri, Nov 15, 2019 at 03:25:38PM +0100, Andrey Konovalov wrote: > Hi Greg and Alan, > > For USB fuzzing it would be nice to be able to export usb_device_id > structs from the kernel to facilitate the fuzzer with generating USB > descriptors that match to actual drivers. The same is required for > hid_device_id structs, since those are matched separately by the > usbhid driver (are there other cases like this?). > > Currently I have a hacky patch [1] that walks all drivers for USB and > HID buses and then prints all device ids for those drivers into the > kernel log. Those are manually parsed and built into the fuzzer [2] > and then used to generate USB descriptors [3]. The kernel will spit out all device ids of all USB devices when found if you have CONFIG_USB_ANNOUNCE_NEW_DEVICES enabled, if you want to parse the log. Otherwise, just walk usbfs or sysfs and get the ids there. If you use libusb you can do this with just a few lines of code, or worst case, just implement the same thing on your own (like lsusb used to do). Heck, just copy what lsusb does, or again worst case, parse the output of it. There's also 'lsusb.py' as part of usbutils that shows how to do this from within python in userspace, and if you really want it, we also export the whole raw usb descriptor is in sysfs as well, if you want to not trust how the kernel parses it. hope this helps, greg k-h
