On Fri, Nov 15, 2019 at 4:44 PM Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote: > > On Fri, 15 Nov 2019, Andrey Konovalov wrote: > > > Hi Greg and Alan, > > > > For USB fuzzing it would be nice to be able to export usb_device_id > > structs from the kernel to facilitate the fuzzer with generating USB > > descriptors that match to actual drivers. The same is required for > > hid_device_id structs, since those are matched separately by the > > usbhid driver (are there other cases like this?). > > > > Currently I have a hacky patch [1] that walks all drivers for USB and > > HID buses and then prints all device ids for those drivers into the > > kernel log. Those are manually parsed and built into the fuzzer [2] > > and then used to generate USB descriptors [3]. > > There are so many different flags for those id structures, parsing and > understanding them must be quite difficult. > > > I'm thinking of making a proper patch that will add a debugfs entry > > like usb/drivers (and usb/hid_drivers?), that can be read to get > > USB/HID device ids for all loaded drivers. Would that be acceptable? > > Or should I use some other interface to do that? > > I can't think of a better way to get the information from a running > kernel. > > There is another possibility, though. If the drivers are built as > modules, the information is already available to userspace tools via > depmod. You could get it from the modules.dep.bin file. This has the > advantage that it will work even for drivers that aren't currently > loaded. This is the same thing Greg mentions above, right? Would this work for drivers that are built into the kernel (as =y)?
