Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2610553ybv;
        Mon, 24 Feb 2020 08:19:56 -0800 (PST)
X-Google-Smtp-Source: APXvYqy7dTtOEbs0EdHH1CFeWEJhtwR7fgQQg7bOEjK4ZW7ndolM4UOGmCruR2FlQedAjGKX0pLf
X-Received: by 2002:a9d:5d07:: with SMTP id b7mr42133636oti.209.1582561196835;
        Mon, 24 Feb 2020 08:19:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582561196; cv=none;
        d=google.com; s=arc-20160816;
        b=elb7TFIP9l3I/AhHp3blvaign8KhV/PR8p4OmkpdC9rAr2YM7gJKkSpj92Pg8ITCCo
         oa5o6b44tseNNFS7pjgnpp9jhpuVAIlAAVjrW8eSqU9jBr3d2Q/nk0gLI2ft5fFK7Fa4
         S0uG+PWdv6fHnfrEWJJLcflrbKN9sHT2a8vK7wa9iW+SpAoqrXvd+BSOCRKoWLtX4lMx
         UqoSmSLL0iZgGEOiUGU4KAKbM5aGbwuivfuJyls1rqfikytT0i1e/Mp1NMTBhUIdg6QK
         kSb/bxeqcQcP1XkhpjCz3jTmNOP1iGlcTj2JOPqbvBZrN2LZ/UdQnDJ2F8UhIfjLHqyO
         /cmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=gsYjXT5y25umLgajERgJkh5L1V1CQFDUxeGT2hMU0Ag=;
        b=G8tyXOWa8XBE1u18FCg2GXJfMEAXqL3idzKFHgumiMuV/m34T9TxE9gbWeaxmt7f0V
         RpnEv3A88uwG2Dc1hzk36sToPOc9Ifpt8aL0CAjJdl1V2yfN9QsRNLCpezZKJ5frP2BI
         ur/hk1y/CBMp/d4IKiTTYCIJLRmQ+UsmEoIucMW2yfhNDGzn4Xyk7fcXfaeNgKSrAOyC
         dMPzi/8RsSxp67z8RSPRe4KgWUUsnDCEHI9YqPpQKfWHPn/IbzPL8gfjeLeIE0SLclH3
         wWybJuWhjEBgJX5/6o9E0/zzx4mKvaAA2MnBHzA/Dgav2BxEWfnSn0KHG2MvqqZKm6jM
         uNJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=acqvOVae;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r21si6260991ota.204.2020.02.24.08.19.44;
        Mon, 24 Feb 2020 08:19:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=acqvOVae;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727851AbgBXQSL (ORCPT <rfc822;zhangckid@gmail.com> + 99 others);
        Mon, 24 Feb 2020 11:18:11 -0500
Received: from mail-pj1-f67.google.com ([209.85.216.67]:34535 "EHLO
        mail-pj1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727090AbgBXQSK (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 24 Feb 2020 11:18:10 -0500
Received: by mail-pj1-f67.google.com with SMTP id f2so83454pjq.1
        for <linux-kernel@vger.kernel.org>; Mon, 24 Feb 2020 08:18:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=gsYjXT5y25umLgajERgJkh5L1V1CQFDUxeGT2hMU0Ag=;
        b=acqvOVaeFEL79wYat2Tu3xMbROsub914649oLTiIJFKmM6hLpIwCk81mP38kiSLcG7
         hpW8G8cTnyB7C2ICizsNPFnKw5yk46IsPsiViE1aaPyKts/TRsCu8ZkCRQaAKZ8Zf3kr
         JxJuk5BXNUySbjUF6LqA79YyCYOLsiIVFRRPIwhUOyplAIgTR7wmWPsaBM4mLr0CWM8q
         3YOABfY9X004jaZotMkXA0kEpXibJ6hwd83/sr7aCJWt/tHYOMmc1QUYlXjNmc295M++
         dWdwI/yfuchvWch1On+7IfjfuhRgXjVLzq8RdNfqV+9Za2yQvGv9rlrSIX6qHol4jMPf
         L7tg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=gsYjXT5y25umLgajERgJkh5L1V1CQFDUxeGT2hMU0Ag=;
        b=EI8dku5F3ffmsEuSSRro9jQswfwdKlk6JeSFukM1MhAB5bUEVZTJh+MiPk7cOu8UwJ
         b+lofjov1kL83Q/sfZJz+Ecunw8ETUneuEUot94ovvARJDGbGM5IZeEFO9rmeNDfDnqx
         dmY15Pfhy/BCCdPfyOU7FrUB8PYslv/HqBvGvZWlq29UaZYf9FxuElMLohqPSGoG1VmO
         ym+eKgvrtZPeyUHJkv7LBJ6PN20PXuXFnGx23xZ9pWmT3PSgyMAn3WPsq4rz5hUiA3pi
         SfYGXwSuFLR3J2cj4pn8u8j5crrYyN9Pqk/5q99/Q91XzFqpkN8zRpHgtaWIuT0JqF3s
         8wKw==
X-Gm-Message-State: APjAAAWWcDu9BmwBnDBR1/dO4+k1ERh5zVrH6HoYQwBH4VBZLYFsdlQf
        acpErz1U9xTWIKqHEZR1MZul+kOu5dTOtit5IBMTeA==
X-Received: by 2002:a17:902:9889:: with SMTP id s9mr46549947plp.252.1582561089283;
 Mon, 24 Feb 2020 08:18:09 -0800 (PST)
MIME-Version: 1.0
References: <cover.1582560596.git.andreyknvl@google.com>
In-Reply-To: <cover.1582560596.git.andreyknvl@google.com>
From:   Andrey Konovalov <andreyknvl@google.com>
Date:   Mon, 24 Feb 2020 17:17:58 +0100
Message-ID: <CAAeHK+y7yKwQP-prUv17gFXKnKtBdfz7fQ8Gc5vwL49R4yCHuA@mail.gmail.com>
Subject: Re: [PATCH v6 0/1] usb: gadget: add raw-gadget interface
To:     Felipe Balbi <balbi@kernel.org>
Cc:     Jonathan Corbet <corbet@lwn.net>,
        Alan Stern <stern@rowland.harvard.edu>,
        Dmitry Vyukov <dvyukov@google.com>,
        Alexander Potapenko <glider@google.com>,
        Marco Elver <elver@google.com>,
        USB list <linux-usb@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Feb 24, 2020 at 5:13 PM Andrey Konovalov <andreyknvl@google.com> wrote:
>
> This patchset (currently a single patch) adds a new userspace interface
> for the USB Gadget subsystem called USB Raw Gadget. This is what is
> currently being used to enable coverage-guided USB fuzzing with syzkaller:
>
> https://github.com/google/syzkaller/blob/master/docs/linux/external_fuzzing_usb.md
>
> Initially I was using GadgetFS (together with the Dummy HCD/UDC module)
> to perform emulation of USB devices for fuzzing, but later switched to a
> custom written interface. The incentive to implement a different interface
> was to provide a somewhat raw and direct access to the USB Gadget layer
> for the userspace, where every USB request is passed to the userspace to
> get a response. See documentation for the list of differences between
> Raw Gadget and GadgetFS.
>
> Currently Raw Gadget only supports blocking I/O mode, that synchronously
> waits for the result of each operation to allow collecting coverage per
> operation.
>
> This patchset has been pushed to the public Linux kernel Gerrit instance:
>
> https://linux-review.googlesource.com/c/linux/kernel/git/torvalds/linux/+/2144
>
> Changes v5 -> v6:
> - Prevent raw_process_ep_io() racing with raw_ioctl_ep_disable() by
>   checking urb_queued flag in the latter.
> - Use GFP_KERNEL instead of GFP_ATOMIC where possible.
> - Reject opening raw-gadget with O_NONBLOCK to allow future extensions to
>   support nonblocking IO.
> - Reduce RAW_EVENT_QUEUE_SIZE to 16.

Hi Felipe! I'm still hoping for a review :)

(Forgot to add a link to the example that emulates a USB keyboard via
Raw Gadget into the cover letter:

https://github.com/xairy/raw-gadget/blob/master/examples/keyboard.c)

>
> Changes v4 -> v5:
> - Specified explicit usb_raw_event_type enum values for all entries.
> - Dropped pointless locking in gadget_unbind().
>
> Changes v3 -> v4:
> - Print debug message when maxpacket check fails.
> - Use module_misc_device() instead of module_init/exit().
> - Reuse DRIVER_NAME macro in raw_device struct definition.
> - Don't print WARNING in raw_release().
> - Add comment that explains locking into raw_event_queue_fetch().
> - Print a WARNING when event queue size is exceeded.
> - Rename raw.c to raw_gadget.c.
> - Mention module name in Kconfig.
> - Reworked logging to use dev_err/dbg() instead of pr_err/debug().
>
> Changes v2 -> v3:
> - Updated device path in documentation.
> - Changed usb_raw_init struct layout to make it the same for 32 bit compat
>   mode.
> - Added compat_ioctl to raw_fops.
> - Changed raw_ioctl_init() to return EINVAL for invalid USB speeds, except
>   for USB_SPEED_UNKNOWN, which defaults to USB_SPEED_HIGH.
> - Reject endpoints with maxpacket = 0 in raw_ioctl_ep_enable().
>
> Changes v1 -> v2:
> - Moved raw.c to legacy/.
> - Changed uapi header to use __u* types.
> - Switched from debugfs entry to a misc device.
> - Changed raw_dev from refcount to kref.
> - Moved UDC_NAME_LENGTH_MAX to uapi headers.
> - Used usb_endpoint_type() and usb_endpoint_dir_in/out() functions instead
>   of open coding them.
> - Added "WITH Linux-syscall-note" to SPDX id in the uapi header.
> - Removed pr_err() if case dev_new() fails.
> - Reduced the number of debugging messages.
>
> Andrey Konovalov (1):
>   usb: gadget: add raw-gadget interface
>
>  Documentation/usb/index.rst            |    1 +
>  Documentation/usb/raw-gadget.rst       |   61 ++
>  drivers/usb/gadget/legacy/Kconfig      |   11 +
>  drivers/usb/gadget/legacy/Makefile     |    1 +
>  drivers/usb/gadget/legacy/raw_gadget.c | 1078 ++++++++++++++++++++++++
>  include/uapi/linux/usb/raw_gadget.h    |  167 ++++
>  6 files changed, 1319 insertions(+)
>  create mode 100644 Documentation/usb/raw-gadget.rst
>  create mode 100644 drivers/usb/gadget/legacy/raw_gadget.c
>  create mode 100644 include/uapi/linux/usb/raw_gadget.h
>
> --
> 2.25.0.265.gbab2e86ba0-goog
>