diff options
| author | Victor Chibotaru <tchibo@google.com> | 2017-11-17 18:30:46 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-11-17 19:10:04 -0500 |
| commit | ded97d2c2b2c5f1dcced0bc57133f7753b037dfc (patch) | |
| tree | 2929f22e810fcd3573892b8124735a3afb6c3058 /include/linux/kcov.h | |
| parent | fcf4edac049a8bca41658970292e2dfdbc9d5f62 (diff) | |
kcov: support comparison operands collection
Enables kcov to collect comparison operands from instrumented code.
This is done by using Clang's -fsanitize=trace-cmp instrumentation
(currently not available for GCC).
The comparison operands help a lot in fuzz testing. E.g. they are used
in Syzkaller to cover the interiors of conditional statements with way
less attempts and thus make previously unreachable code reachable.
To allow separate collection of coverage and comparison operands two
different work modes are implemented. Mode selection is now done via a
KCOV_ENABLE ioctl call with corresponding argument value.
Link: http://lkml.kernel.org/r/20171011095459.70721-1-glider@google.com
Signed-off-by: Victor Chibotaru <tchibo@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Alexander Popov <alex.popov@linux.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Cc: <syzkaller@googlegroups.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux/kcov.h')
| -rw-r--r-- | include/linux/kcov.h | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/include/linux/kcov.h b/include/linux/kcov.h index f5d8ce4f4f86..3ecf6f5e3a5f 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h | |||
| @@ -8,19 +8,23 @@ struct task_struct; | |||
| 8 | 8 | ||
| 9 | #ifdef CONFIG_KCOV | 9 | #ifdef CONFIG_KCOV |
| 10 | 10 | ||
| 11 | void kcov_task_init(struct task_struct *t); | ||
| 12 | void kcov_task_exit(struct task_struct *t); | ||
| 13 | |||
| 14 | enum kcov_mode { | 11 | enum kcov_mode { |
| 15 | /* Coverage collection is not enabled yet. */ | 12 | /* Coverage collection is not enabled yet. */ |
| 16 | KCOV_MODE_DISABLED = 0, | 13 | KCOV_MODE_DISABLED = 0, |
| 14 | /* KCOV was initialized, but tracing mode hasn't been chosen yet. */ | ||
| 15 | KCOV_MODE_INIT = 1, | ||
| 17 | /* | 16 | /* |
| 18 | * Tracing coverage collection mode. | 17 | * Tracing coverage collection mode. |
| 19 | * Covered PCs are collected in a per-task buffer. | 18 | * Covered PCs are collected in a per-task buffer. |
| 20 | */ | 19 | */ |
| 21 | KCOV_MODE_TRACE = 1, | 20 | KCOV_MODE_TRACE_PC = 2, |
| 21 | /* Collecting comparison operands mode. */ | ||
| 22 | KCOV_MODE_TRACE_CMP = 3, | ||
| 22 | }; | 23 | }; |
| 23 | 24 | ||
| 25 | void kcov_task_init(struct task_struct *t); | ||
| 26 | void kcov_task_exit(struct task_struct *t); | ||
| 27 | |||
| 24 | #else | 28 | #else |
| 25 | 29 | ||
| 26 | static inline void kcov_task_init(struct task_struct *t) {} | 30 | static inline void kcov_task_init(struct task_struct *t) {} |