kcov: allow more fine-grained coverage instrumentation

For more targeted fuzzing, it's better to disable kernel-wide
instrumentation and instead enable it on a per-subsystem basis.  This
follows the pattern of UBSAN and allows you to compile in the kcov
driver without instrumenting the whole kernel.

To instrument a part of the kernel, you can use either

    # for a single file in the current directory
    KCOV_INSTRUMENT_filename.o := y

or

    # for all the files in the current directory (excluding subdirectories)
    KCOV_INSTRUMENT := y

or

    # (same as above)
    ccflags-y += $(CFLAGS_KCOV)

or

    # for all the files in the current directory (including subdirectories)
    subdir-ccflags-y += $(CFLAGS_KCOV)

Link: http://lkml.kernel.org/r/1464008380-11405-1-git-send-email-vegard.nossum@oracle.com
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 11 insertions, 0 deletions

diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index f07842e2d69f..cc02f282d05b 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -719,6 +719,17 @@ config KCOV
 
           For more details, see Documentation/kcov.txt.
 
+config KCOV_INSTRUMENT_ALL
+        bool "Instrument all code by default"
+        depends on KCOV
+        default y if KCOV
+        help
+          If you are doing generic system call fuzzing (like e.g. syzkaller),
+          then you will want to instrument the whole kernel and you should
+          say y here. If you are doing more targeted fuzzing (like e.g.
+          filesystem fuzzing with AFL) then you will want to enable coverage
+          for more specific subsets of files, and should say n here.
+
 config DEBUG_SHIRQ
         bool "Debug shared IRQ handlers"
         depends on DEBUG_KERNEL