summaryrefslogtreecommitdiff
path: root/fuzz
Commit message (Collapse)AuthorAgeFilesLines
* fuzz_host_cmd: Add fuzzing for fpsensor host cmdsCraig Hesling2019-09-033-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the host commands declared in fpsensor_state.c to the fuzzing mix. They are the following: EC_CMD_FP_SEED 0x0408 EC_CMD_FP_ENC_STATUS 0x0409 EC_CMD_FP_MODE 0x0402 EC_CMD_FP_CONTEXT 0x0406 This is not the complete fpsensor host command interface. More host commands will be added in followup CLs. BRANCH=none BUG=b:116065496 TEST=# Pull in TEST_COVERAGE fix git fetch "https://chromium.googlesource.com/chromiumos/platform/ec" \ refs/changes/86/1725186/1 && git cherry-pick FETCH_HEAD make host-host_command_fuzz TEST_COVERAGE=1 timeout 5m ./build/host/host_command_fuzz/host_command_fuzz.exe llvm-profdata merge -sparse default.profraw -o default.profdata llvm-cov show build/host/host_command_fuzz/host_command_fuzz.exe \ --instr-profile=default.profdata --format=html --output-dir=cov # Inspect cov/.../common/fpsensor/fpsensor_state.c.html to verify TEST=make buildall -j Change-Id: I69e9833463944a0dfba49e5671987b7fec565bf4 Signed-off-by: Craig Hesling <hesling@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1661122
* cr50: Delete non-volatile counter APILouis Collard2019-08-231-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | This counter was only used by the legacy U2F implementation, which is no longer required. This change deletes the code for the counter, but does not update the flash config to make use of the pages previously occupied by the counter. Since this code is already unused, and therefore already dropped from built firmware images, this change does not have any impact on image size. A follow up change can alter the flash config to reclaim and repurpose the 2KB per partition previously used by the counter. BRANCH=none BUG=b:138459918 TEST=make buildall -j Signed-off-by: Louis Collard <louiscollard@chromium.org> Change-Id: I18892e1eb0224b96caa531293403b0b02f28a32b Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1748848 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* usb: convert cc1 from int to enumJett Rink2019-08-091-1/+2
| | | | | | | | | | | | | | Refactor code to use proper type for cc1 and cc2 lines. BRANCH=none BUG=none TEST=builds. No functional change. Change-Id: Id292db8480920e2b191bac9d9ecc2685f61e4ea9 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1744654 Tested-by: Jett Rink <jettrink@chromium.org> Reviewed-by: Denis Brockus <dbrockus@chromium.org> Commit-Queue: Jett Rink <jettrink@chromium.org>
* ec_commands: Rename 'renew' to 'live' in EC_CMD_USB_PD_CHIP_INFOKarthikeyan Ramasubramanian2019-07-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | Semantics of renew field in EC_CMD_USB_PD_CHIP_INFO is changing as follows: 0 -> Return hard-coded info for Vendor ID/Product ID and cached info for the Firmware Version 1 -> Return the live chip info for Vendor ID/Product ID/Firmware Version Also rename the 'renew' field to 'live' to match the new semantics. BUG=b:128820536,b:119046668 BRANCH=None TEST=make -j buildall; Boot to ChromeOS. Change-Id: Ie3dd022336b0be5c9728bb0ebabef32b7a6b5d57 Signed-off-by: Karthikeyan Ramasubramanian <kramasub@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1617893 Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Diana Z <dzigterman@chromium.org> Commit-Queue: Karthikeyan Ramasubramanian <kramasub@chromium.org> Auto-Submit: Karthikeyan Ramasubramanian <kramasub@chromium.org>
* fuzz: Cleanup test_config.h and fuzz_config.hCraig Hesling2019-06-151-1/+1
| | | | | | | | | | | | | | | | | This removes the remaining fuzz config that was left in test_config.h. This section had already been duplicated in fuzz_config.h, without being removed from test_config.h. See the original migration CL crrev.com/c/1180179 for more info. BRANCH=none BUG=none TEST=make runtests V=1 -j Change-Id: Icd7158417ac184d7723828e62b968f7f0aa4bfbc Signed-off-by: Craig Hesling <hesling@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1660126 Reviewed-by: Allen Webb <allenwebb@google.com>
* tcpci/usb_pd_fuzz: Avoid using unitialized data in payloadNicolas Boichat2019-05-161-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | Found with MSAN fuzzer: usb_pd_protocol.c may use payload data that is not initialized. Fix the test by copying over the whole payload, which is what tcpci.c's version does. Also, in tcpci.c, clear cached_messages head before using get_message_raw to fill it up, to make sure that we do not accidentally use older data in the queue. BRANCH=none BUG=chromium:963076 TEST=make TEST_MSAN=y host-usb_pd_fuzz -j MSAN_OPTIONS=log_path=stderr:exitcode=0 \ build/host/usb_pd_fuzz/usb_pd_fuzz.exe \ clusterfuzz-testcase-minimized-ec_usb_pd_fuzzer-5716775969357824 Change-Id: I74c38538440cb5a01d1714657b9e2d63e5b80cea Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1610163 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Aaron Durbin <adurbin@chromium.org>
* tasks: convert TASK_EVENT_CUSTOM macro to bitJett Rink2019-04-242-3/+3
| | | | | | | | | | | | | | | | | | | | | We should ensure that all custom task definition are non-zero and fit with the globally defined events. Add compile time check and change semantics to specify bit number (instead of making all callers use the BIT macro). This also fixes an error with TASK_EVENT_PHY_TX_DONE for ITE being 0. The bug that made that happen hasn't landed on any firmware branches that use it though. BRANCH=none BUG=none TEST=builds Cq-Depend:chrome-internal:1178968,chrome-internal:1178952 Change-Id: I5e1d1312382d200280c548e9128e53f4eddd3e61 Signed-off-by: Jett Rink <jettrink@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1570607 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
* fuzz: Define HIDE_EC_STDLIB in nvmem_tpm2_mock.Allen Webb2019-04-191-0/+1
| | | | | | | | | | | | | | | Since nvmem_tpm2_mock is linked outside of libec.a it needs to use the cstdlib version of memcpy so HIDE_EC_STDLIB needs to be defined prior to including any of the EC headers. BRANCH=none BUG=chromium:950310 TEST=TEST_UBSAN=y make -j host-cr50_fuzz Change-Id: I2d303ab1e8f493b4d4715c36f6e81592eeca246d Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1566654 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* ec.tasklist: Consolidate duplicate commentsDaisuke Nojiri2019-04-083-27/+3
| | | | | | | | | | | | | | | | | | | | | | | It's simply a bad idea to describe a macro in multiple locations. It'll make it hard to change. It'll be difficult to keep all locations in sync. This patch replaces the comment duplicated in all ec.tasklist with a pointer to the CONFIG_TASK_LIST definition. The macro will be described in a single place (just like all/most other macros). Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> BUG=none BRANCH=none TEST=buildall Change-Id: Id658b9d68e742e4334c692b804d9c98c8de21313 Reviewed-on: https://chromium-review.googlesource.com/1551579 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Jett Rink <jettrink@chromium.org>
* nvmem: test modifications to support the new schemeVadim Bendebury2019-04-054-6/+251
| | | | | | | | | | | | | | | | | | | | | This patch includes changes to support testing of the new nvmem implementation. Making fizz compatible required duplicating a lot of functionality available in the test/ directory (fuzz/nvmem_tpm2_mock.c is very similar to test/nvmem_tpm2_mock.c), but I could not find an easy way to avoid it. BRANCH=cr50, cr50-mp BUG=b:69907320, b:129710256 CQ-DEPEND=CL:1496607 TEST=with the rest of the patches applied 'make buildall -j' succeeds, which confirms both test and fuzz success. Change-Id: Ife999b04d22f8ddbe9ea5d35f4c3e21f57592754 Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1450278 Reviewed-by: Andrey Pronin <apronin@chromium.org>
* cr50_fuzz: Add owners files for fuzz target.Allen Webb2019-01-081-0/+5
| | | | | | | | | | | | | | | This adds owners files for the fuzz target so that bugs are correctly assigned. BRANCH=None BUG=None TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: I53867fcb09bdf306a2a01e50a4c2faa647e2efe8 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1361980 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* stdlib cleanup.Allen Webb2019-01-031-0/+2
| | | | | | | | | | | | | | | | This cleanups some header includes to avoid conflicts between the ec headers and the standard c headers. BRANCH=None BUG=None TEST=make -j buildall && ./build_packages --board=veyron_minnie \ chromeos-ec && FEATURES=test emerge-veyron_minnie chromeos-ec Change-Id: Icf9022d688fd9c749f7a5f8673755188741b40e1 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1378906 Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
* cr50_fuzz: Re-enable this fuzz target now that chromeos-ec is fixed.Allen Webb2019-01-021-1/+1
| | | | | | | | | | | | | | | | A new symbol was added to third_party/tpm2 that needed a mock implementation in cr50_fuzz to fix compilation. CQ-DEPEND=CL:1370404,CL:1377383 BRANCH=None BUG=chromium:911310 TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: I3e2546829646e89361bfa2a8b4084c95b346f78f Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1370747 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50_fuzz: Fix build errors related to nvmem_wipe_cache.Allen Webb2018-12-201-4/+8
| | | | | | | | | | | | | | | | The declaration of nvmem_wipe_cache is now inside the extern "C" section and a definition was added to cr50_fuzz. BRANCH=None BUG=None TEST=make -j buildall Change-Id: Ie7401d8880e7982c84fa6a5df5015cbd145fc6d1 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1370746 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Reviewed-by: Manoj Gupta <manojgupta@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* Makefile.rules: Add buildfuzztests to buildall.Allen Webb2018-12-191-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This incorporates the fuzz targets into buildall and adds a quick sanity check to each fuzz target to make sure it exits successfully for an empty input. This adds roughly 5.88 seconds to "make -j buildall" (This includes an addtionally target that will be enabled in a later CL). time make -j buildall # BEFORE real 1m19.519s user 23m9.220s sys 5m1.690s time make -j buildall # AFTER real 1m25.399s user 23m35.753s sys 5m12.609s BRANCH=None BUG=None TEST=make -j buildall Change-Id: Ib77a57297ee896569c509d0c8c998552d2a3a76c Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1370934 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
* cr50_fuzz: Disable this target. It is breaking the chromeos-ec build.Allen Webb2018-12-071-1/+2
| | | | | | | | | | | | | BRANCH=None BUG=chromium:911310 TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: I15ac87b14a0f28a62e257bb155f1862753053eb4 Reviewed-on: https://chromium-review.googlesource.com/c/1368010 Tested-by: Allen Webb <allenwebb@google.com> Trybot-Ready: Allen Webb <allenwebb@google.com> Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50: provide DCRYPTO_ladder_is_enabled() for test and fuzz buildsVadim Bendebury2018-12-061-0/+4
| | | | | | | | | | | | | | | This function is called from common/nvmem.c, it should be available when compiling for tests, the stub could be filled up later when new tests are added. BRANCH=cr50, cr50-mp BUG=b:119221935 TEST=make buildall -j still succeeds. Change-Id: I082292818c7f2b10336c9a7c49e0a9195e25a12b Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1363816 Reviewed-by: Allen Webb <allenwebb@google.com>
* test/usb_pd_fuzz: Fuzzing of USB PD dataNicolas Boichat2018-12-054-1/+246
| | | | | | | | | | | | | | | Setup CC lines, then send up to 8 PD messages, in an attempt to cause errors while parsing PDO and other messages. BRANCH=none BUG=chromium:854975 TEST=make -j buildfuzztests && \ ./build/host/usb_pd_fuzz/usb_pd_fuzz.exe > /dev/null Change-Id: Ibb575ea8d464945390d1663dd6fff279bd9d77ea Signed-off-by: Nicolas Boichat <drinkcat@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1116626 Reviewed-by: Jonathan Metzman <metzman@chromium.org>
* cr50_fuzz: Re-enable this fuzz target now that chromeos-ec is fixed.Allen Webb2018-12-042-2/+2
| | | | | | | | | | | | | | | | 'mem_hash_tree.h' was missing '#define HIDE_EC_STDLIB' before 'dcrypto.h'. This problem was only apparent when -O2 is set. CQ-DEPEND=CL:1358746 BRANCH=None BUG=chromium:911310 TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: I19d00c165764f80cfa385fb3bed64efc67bfc3f9 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1361680 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50_fuzz: Fix missing dependencies.Allen Webb2018-12-041-1/+4
| | | | | | | | | | | | | | This fixes a dependency problem that was introduced in CL:1184107. BRANCH=None BUG=chromium:911310 TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: Ib4795d6a716fe3fcb7a88bf6a165f96ffe10640a Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1358746 Reviewed-by: Mattias Nissler <mnissler@chromium.org>
* cr50_fuzz: Disable this fuzz target until chromeos-ec is fixed.Allen Webb2018-12-041-1/+2
| | | | | | | | | | | | BRANCH=None BUG=chromium:911310 TEST=USE="ubsan asan fuzzer" ./build_packages \ --board=amd64-generic --skip_chroot_upgrade chromeos-ec Change-Id: Ib2ffc7035d0f6912834709bb8a5f6b3c11a2c67a Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1359652 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50_fuzz: Add self test.Allen Webb2018-12-031-0/+44
| | | | | | | | | | | | | | | This adds an initialization step that sanity checks the fuzz target to make sure the model is working as intended. BRANCH=None BUG=chromium:876582 TEST=sudo emerge libprotobuf-mutator && make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe Change-Id: I3961a7ff05b4876992af447a2104bcfa0a496562 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1347012 Reviewed-by: Mattias Nissler <mnissler@chromium.org>
* cr50_fuzz: Add libprotobuf-mutator support.Allen Webb2018-12-0310-61/+1025
| | | | | | | | | | | | | | | | | | This uses protocol buffers to model what actions can be taken with pinweaver at a higher level of abstraction than the raw requests to greatly increase the coverage that can be achieved by fuzzing, while still allowing for invalid inputs to be checked. BRANCH=none BUG=chromium:876582 TEST=sudo emerge libprotobuf-mutator && make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe Change-Id: Ie7ce569650ca06866f277f36eae61df2684de60c Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1184107 Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
* cr50_fuzz: fix nvmem_vars user number.Allen Webb2018-11-211-1/+1
| | | | | | | | | | | | | | The CONFIG_FLASH_NVMEM_VARS_USER_NUM constant was incorrectly defined, so nvmem_vars was failing with EC_OVERFLOW. BRANCH=None BUG=None TEST=make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe Change-Id: I52facfd44423bb69284b54e6831e5e777cf35a05 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1344800 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50: Add extern "C" to headers used by future fuzzing target.Allen Webb2018-11-151-2/+0
| | | | | | | | | | | BRANCH=None BUG=None TEST=make -j buildall Change-Id: Icf2cfb6a2657064c10721c0e527d24fbb3be6ab3 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1330102 Reviewed-by: Mike Frysinger <vapier@chromium.org>
* cr50_fuzz: Fix broken compilationAllen Webb2018-11-091-0/+7
| | | | | | | | | | | | | | Adds mock implementation of get_current_pcr_digest() for the fuzz target. BRANCH=None BUG=chromium:903487 TEST=make -j buildfuzztests Change-Id: I55b7da813d4f17ef7f60e045423a3917a052e41c Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/1327128 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* cr50_fuzz: Add missing include and define.Allen Webb2018-09-121-0/+2
| | | | | | | | | | | | | A change in a parent commit broke the build for this commit. Adding an include for cstring and #define HIDE_EC_STDLIB resolves the header conflict. BUG=chromium:883080 TEST=make -j buildfuzztests Change-Id: Icf584a6050519c7a3b8f7defb7685c9c64f7a145 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1220390 Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
* makefule.rules: Add cxx_to_o rule for building c++ files.Allen Webb2018-09-071-7/+10
| | | | | | | | | | | | | | | This adds a rule for building c++ object files to make it possible to use libprotobuf-mutator in fuzzing targets. BRANCH=none BUG=chromium:876582 TEST=make -j buildfuzztargets && ./build/host/cr50_fuzz/cr50_fuzz.exe Change-Id: I1355c313e47a1a83a599eb0f0b9142fefdf6de8b Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1183535 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* cr50_fuzz: Add minimal fuzzer for pinweaver.Allen Webb2018-09-074-2/+147
| | | | | | | | | | | | | | | | | | | This adds a minimal pinweaver fuzzer as a foundation for further work. It will not be able to achieve good coverage because it doesn't have a proper description of the protocol, however it demonstrates that the prerequisites to build against dcrypto, nvmem_vars, and nvcounter are satisfied for the host board. CQ-DEPEND=CL:1183532 BRANCH=none BUG=chromium:876582 TEST=make -j buildfuzztests && ./build/host/cr50_fuzz/cr50_fuzz.exe Change-Id: I520d71c224d583c51dc3292dc051ee8de4a4116a Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1183534 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* fuzz: Hide conflicts with cstdlib and use clang++ for linking.Allen Webb2018-09-071-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | This creates a build target called libec.a by setting the visibility of functions that conflict with cstdlib to hidden. It then links those symbols locally into one large object file that makes up libec.a Fuzzing targets are linked against libec.a so that they can invoke ec functionality while depending on outside libraries that need cstdlib. When linking a particular object against cstdlib, to avoid conflicting function declarations put the following before any includes from the ec codebase: #define __stdlib_compat(...) The fuzzing targets are now linked using clang++, so that c++ libraries and objects can be used as part of the fuzzers. BRANCH=none BUG=chromium:876582 TEST=make -j buildfuzztests && ./build/host/host_command_fuzz/host_command_fuzz.exe Change-Id: Ifdfdc6a51c6ef23b4e192b013ca993bf48a4411b Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1180401 Reviewed-by: Randall Spangler <rspangler@chromium.org>
* Move fuzzing tests into a fuzz subfolder.Allen Webb2018-08-224-0/+226
BRANCH=none CQ-DEPEND=CL:*664115 BUG=chromium:876582 TEST=make -j buildall && make -j buildfuzztests Change-Id: Iade5e5138f495e6b3b99ec16f1a467861ade5537 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1180179 Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
View Lorry Controller Status