On Thu, Jun 18, 2020 at 10:40 AM Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > On Tue, Jun 16, 2020 at 04:28:22PM +0200, Andrey Konovalov wrote: > > Hi, > > > > As of now all kernel changes required for USB fuzzing have been merged > > into the mainline (the last one during the 5.8-rc1 merge window) > > (woohoo! thanks for everyone's help :), so the USB fuzzing instance > > [1] has been switched to target the Greg's usb-testing tree. As a > > result, testing kernel patches on the USB fuzzing instance now follows > > the same principle as on the mainline instances, with a few caveats > > [2]: > > > > 1. You may specify any kernel tree for `syz test` as long as it > > includes all mainline patches up to 5.8-rc1 (technically all dummy-hcd > > and raw-gadget patches up to 5.8-rc1). (Specifying commit ids from the > > usb-fuzzer branch still works too, for now.) > > > > 2. Some of the bugs have reproducers generated on kernel versions with > > an old custom kernel (when fuzzing was performed with in-development > > kernel patches), and therefore those reproducers might not work with > > the mainline kernel. The recommended workflow is to: first, execute a > > `syz test` command on a target tree to make sure that the bug > > reproduces, and then execute a `syz test` command with a fix/debug > > patch. > > > > On top of that, the USB fuzzing instance now has bisection enabled, > > but it will only work for newly introduced bugs (as the old ones will > > just bisect to raw-gadget patches). > > > > In time, as we get fresh bugs and reproducers, these issues should go away. > > > > At this point I think we can consider USB fuzzing support for > > syzkaller completed. There are always some things to be improved of > > course [3], but all the major parts are now in place. > > Very nice work, thanks for doing this! Thank you, Greg! :)
