[OpenWrt-Devel,3/4] build: Add KCOV kernel code coverage for fuzzing
diff mbox series

Message ID 20200212104902.7779-3-hauke.mehrtens@intel.com
State Accepted
Delegated to: Hauke Mehrtens
Headers show
Series
  • [OpenWrt-Devel,1/4] build: Add option KERNEL_UBSAN
Related show

Commit Message

Hauke Mehrtens Feb. 12, 2020, 10:49 a.m. UTC
The adds an option to activate KCOV (Code coverage for fuzzing).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
---
 config/Config-kernel.in | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

Comments

Alexandru Ardelean Feb. 13, 2020, 9:30 a.m. UTC | #1
On Wed, Feb 12, 2020 at 12:50 PM Hauke Mehrtens
<hauke.mehrtens@intel.com> wrote:
>
> The adds an option to activate KCOV (Code coverage for fuzzing).
>

Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>

> Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
> ---
>  config/Config-kernel.in | 33 +++++++++++++++++++++++++++++++++
>  1 file changed, 33 insertions(+)
>
> diff --git a/config/Config-kernel.in b/config/Config-kernel.in
> index 3059a45f48..8e9e3518bf 100644
> --- a/config/Config-kernel.in
> +++ b/config/Config-kernel.in
> @@ -172,6 +172,39 @@ config KERNEL_KASAN_INLINE
>
>  endchoice
>
> +config KERNEL_KCOV
> +       bool "Compile the kernel with code coverage for fuzzing"
> +       select KERNEL_DEBUG_FS
> +       help
> +         KCOV exposes kernel code coverage information in a form suitable
> +         for coverage-guided fuzzing (randomized testing).
> +
> +         If RANDOMIZE_BASE is enabled, PC values will not be stable across
> +         different machines and across reboots. If you need stable PC values,
> +         disable RANDOMIZE_BASE.
> +
> +         For more details, see Documentation/kcov.txt.
> +
> +config KERNEL_KCOV_ENABLE_COMPARISONS
> +       bool "Enable comparison operands collection by KCOV"
> +       depends on KERNEL_KCOV
> +       help
> +         KCOV also exposes operands of every comparison in the instrumented
> +         code along with operand sizes and PCs of the comparison instructions.
> +         These operands can be used by fuzzing engines to improve the quality
> +         of fuzzing coverage.
> +
> +config KERNEL_KCOV_INSTRUMENT_ALL
> +       bool "Instrument all code by default"
> +       depends on KERNEL_KCOV
> +       default y if KERNEL_KCOV
> +       help
> +         If you are doing generic system call fuzzing (like e.g. syzkaller),
> +         then you will want to instrument the whole kernel and you should
> +         say y here. If you are doing more targeted fuzzing (like e.g.
> +         filesystem fuzzing with AFL) then you will want to enable coverage
> +         for more specific subsets of files, and should say n here.
> +
>  config KERNEL_TASKSTATS
>         bool "Compile the kernel with task resource/io statistics and accounting"
>         default n
> --
> 2.17.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Patch
diff mbox series

diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 3059a45f48..8e9e3518bf 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -172,6 +172,39 @@  config KERNEL_KASAN_INLINE
 
 endchoice
 
+config KERNEL_KCOV
+	bool "Compile the kernel with code coverage for fuzzing"
+	select KERNEL_DEBUG_FS
+	help
+	  KCOV exposes kernel code coverage information in a form suitable
+	  for coverage-guided fuzzing (randomized testing).
+
+	  If RANDOMIZE_BASE is enabled, PC values will not be stable across
+	  different machines and across reboots. If you need stable PC values,
+	  disable RANDOMIZE_BASE.
+
+	  For more details, see Documentation/kcov.txt.
+
+config KERNEL_KCOV_ENABLE_COMPARISONS
+	bool "Enable comparison operands collection by KCOV"
+	depends on KERNEL_KCOV
+	help
+	  KCOV also exposes operands of every comparison in the instrumented
+	  code along with operand sizes and PCs of the comparison instructions.
+	  These operands can be used by fuzzing engines to improve the quality
+	  of fuzzing coverage.
+
+config KERNEL_KCOV_INSTRUMENT_ALL
+	bool "Instrument all code by default"
+	depends on KERNEL_KCOV
+	default y if KERNEL_KCOV
+	help
+	  If you are doing generic system call fuzzing (like e.g. syzkaller),
+	  then you will want to instrument the whole kernel and you should
+	  say y here. If you are doing more targeted fuzzing (like e.g.
+	  filesystem fuzzing with AFL) then you will want to enable coverage
+	  for more specific subsets of files, and should say n here.
+
 config KERNEL_TASKSTATS
 	bool "Compile the kernel with task resource/io statistics and accounting"
 	default n