This talk is about fuzzing Linux kernel USB drivers via Raw Gadget — a new interface for the Linux USB Gadget subsystem. Compared to other interfaces like GadgetFS, Raw Gadget provides more control over USB communication allowing the fuzzer to explore unusual paths within USB drivers.
The talk briefly covers the Linux kernel USB subsystem architecture, explains how Raw Gadget is integrated into the subsystem, and shows how Raw Gadget is used to fuzz USB drivers with the help of syzkaller — a production-grade kernel fuzzer.
Andrey Konovalov is a security researcher focusing on the Linux kernel. Andrey is a contributor to several security-related Linux kernel subsystems and tools: KASAN — a bug detector and a security mitigation, KCOV — a coverage collection subsystem, and syzkaller — a production-grade kernel fuzzer. Andrey also found and exploited a number of vulnerabilities in the Linux kernel.