Enabling DSA subsystem and mock-up driver
154 views
Skip to first unread message
Florian Fainelli
May 23, 2018, 7:26:41 PM5/23/18
to syzk...@googlegroups.com, ebig...@gmail.com, dvy...@google.com
Hi,
We would very much like to see syzbot report possible issues with the
networking stack's DSA subsystem. We have a mock-up driver available
which could be used towards that goal. You would have to turn on the
following configuration options in your kernel configuration:
CONFIG_NET_DSA
CONFIG_NET_DSA_LOOP
CONFIG_MDIO_DEVICE
CONFIG_FIXED_PHY
and load the modules in that order:
modprobe dsa-loop-bdinfo
modprobe dsa-loop
or build them in the kernel.
Thank you!
--
Florian
We would very much like to see syzbot report possible issues with the
networking stack's DSA subsystem. We have a mock-up driver available
which could be used towards that goal. You would have to turn on the
following configuration options in your kernel configuration:
CONFIG_NET_DSA
CONFIG_NET_DSA_LOOP
CONFIG_MDIO_DEVICE
CONFIG_FIXED_PHY
and load the modules in that order:
modprobe dsa-loop-bdinfo
modprobe dsa-loop
or build them in the kernel.
Thank you!
--
Florian
Andrey Konovalov
May 25, 2018, 10:54:59 AM5/25/18
to Florian Fainelli, syzkaller, Eric Biggers, Dmitry Vyukov
Usually just enabling some configs isn't enough for syzkaller to start
fuzzing a particular subsystem. It also needs descriptions of the
interface that subsystem provides to the userspace (here's an example
for TCP sockets:
https://github.com/google/syzkaller/blob/master/sys/linux/socket_inet_tcp.txt).
Does DSA provide some kind of interface to the userspace? Or is it
driven by some other kind of external (to the kernel) inputs?
Thanks!
Florian Fainelli
May 25, 2018, 11:29:34 AM5/25/18
to Andrey Konovalov, syzkaller, Eric Biggers, Dmitry Vyukov
Hi Andrey,
Hi Andrey,
The ports layout of an Ethernet switch which DSA supports is configured
through Device Tree or platform data, that part would be interesting to
fuzz, in fact fuzzing Device Tree in general would be a fun exercise but
it is indeed out of the scope of syzbot.
Once the network devices are created, they just becomes a seemingly
normal stacked network device setup, so I am wondering if that part
could be fuzzed, like performing random configurations on them and
seeing where things start to break?
--
Florian
The ports layout of an Ethernet switch which DSA supports is configured
through Device Tree or platform data, that part would be interesting to
fuzz, in fact fuzzing Device Tree in general would be a fun exercise but
it is indeed out of the scope of syzbot.
Once the network devices are created, they just becomes a seemingly
normal stacked network device setup, so I am wondering if that part
could be fuzzed, like performing random configurations on them and
seeing where things start to break?
--
Florian
Andrey Konovalov
May 25, 2018, 1:10:21 PM5/25/18
to Florian Fainelli, syzkaller, Eric Biggers, Dmitry Vyukov
On Fri, May 25, 2018 at 5:29 PM, Florian Fainelli <f.fai...@gmail.com> wrote:
> The ports layout of an Ethernet switch which DSA supports is configured
> through Device Tree or platform data, that part would be interesting to
> fuzz, in fact fuzzing Device Tree in general would be a fun exercise but
> it is indeed out of the scope of syzbot.
>
> Once the network devices are created, they just becomes a seemingly
> normal stacked network device setup, so I am wondering if that part
> could be fuzzed, like performing random configurations on them and
> seeing where things start to break?
I've never heard of DSA before and I'm not sure what a "normal stacked
> The ports layout of an Ethernet switch which DSA supports is configured
> through Device Tree or platform data, that part would be interesting to
> fuzz, in fact fuzzing Device Tree in general would be a fun exercise but
> it is indeed out of the scope of syzbot.
>
> Once the network devices are created, they just becomes a seemingly
> normal stacked network device setup, so I am wondering if that part
> could be fuzzed, like performing random configurations on them and
> seeing where things start to break?
network device" is :)
Do I understand correctly that a DSA device is visible as a network
interface, which you can configure with ifconfig (or using some custom
ioctls or through netlink)?
If so, what probably needs to be done is:
1. Teach syzkaller to initialize the interface to some meaningful
state. Take a look how it's done for some of the interfaces in
initialize_netdevices() in executor/common_linux.h:
https://github.com/google/syzkaller/blob/master/executor/common_linux.h#L409
2. Add descriptions for DSA specific ioctls, so syzkaller would start
to fuzz this interface.
Thanks!
Reply all
Reply to author
Forward
0 new messages