[PATCH] arm: port KCOV to arm
Mark Rutland
mark.rutland at arm.com
Thu Apr 26 06:40:58 PDT 2018
Hi Dmitry,
On Thu, Apr 26, 2018 at 03:08:46PM +0200, Dmitry Vyukov wrote:
> KCOV is code coverage collection facility used, in particular, by syzkaller
> system call fuzzer. There is some interest in using syzkaller on arm devices.
> So port KCOV to arm.
>
> On implementation level this merely declares that KCOV is supported and
> disables instrumentation of 3 special cases. Reasons for disabling are
> commented in code.
>
> Tested with qemu-system-arm/vexpress-a15.
>
> Signed-off-by: Dmitry Vyukov <dvyukov at google.com>
> Cc: Russell King <linux at armlinux.org.uk>
> Cc: Mark Rutland <mark.rutland at arm.com>
> Cc: Abbott Liu <liuwenliang at huawei.com>
> Cc: Catalin Marinas <catalin.marinas at arm.com>
> Cc: Koguchi Takuo <takuo.koguchi.sw at hitachi.com>
> Cc: Atul Prakash <atulp at google.com>
> Cc: linux at armlinux.org.uk
> Cc: linux-arm-kernel at lists.infradead.org
> Cc: syzkaller at googlegroups.com
> ---
> arch/arm/Kconfig | 1 +
> arch/arm/boot/compressed/Makefile | 3 +++
> arch/arm/mm/Makefile | 4 ++++
> arch/arm/vdso/Makefile | 3 +++
> 4 files changed, 11 insertions(+)
The hyp code will also need to opt-out of KCOV instrumentation.
i.e. arch/arm/kvm/hyp/Makefile will need:
KCOV_INSTRUMENT := n
... and we should probably pick up the other bits from the arm64 hyp
Makefile, i.e. all of:
# KVM code is run at a different exception code with a different map, so
# compiler instrumentation that inserts callbacks or checks into the code may
# cause crashes. Just disable it.
GCOV_PROFILE := n
KASAN_SANITIZE := n
UBSAN_SANITIZE := n
KCOV_INSTRUMENT := n
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index a7f8e7f4b88f..60558a6bb744 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -105,6 +105,7 @@ config ARM
> select REFCOUNT_FULL
> select RTC_LIB
> select SYS_SUPPORTS_APM_EMULATION
> + select ARCH_HAS_KCOV
> # Above selects are sorted alphabetically; please add new ones
> # according to that. Thanks.
> help
> diff --git a/arch/arm/boot/compressed/Makefile b/arch/arm/boot/compressed/Makefile
> index 45a6b9b7af2a..5219700e9161 100644
> --- a/arch/arm/boot/compressed/Makefile
> +++ b/arch/arm/boot/compressed/Makefile
> @@ -25,6 +25,9 @@ endif
>
> GCOV_PROFILE := n
>
> +# Prevents link failures: __sanitizer_cov_trace_pc() is not linked in.
> +KCOV_INSTRUMENT := n
> +
> #
> # Architecture dependencies
> #
> diff --git a/arch/arm/mm/Makefile b/arch/arm/mm/Makefile
> index 9dbb84923e12..e8be5d904ac7 100644
> --- a/arch/arm/mm/Makefile
> +++ b/arch/arm/mm/Makefile
> @@ -8,6 +8,10 @@ obj-y += dma-mapping$(MMUEXT).o
> obj-$(CONFIG_MMU) += fault-armv.o flush.o idmap.o ioremap.o \
> mmap.o pgd.o mmu.o pageattr.o
>
> +# Instrumenting fault.c causes infinite recursion between:
> +# __dabt_svc -> do_DataAbort -> __sanitizer_cov_trace_pc -> __dabt_svc
> +KCOV_INSTRUMENT_fault.o := n
Why does __sanitizer_cov_trace_pc() cause a data abort?
We don't seem to have this issue on arm64, where our fault handling is
instrumented, so this seems suspect.
Thanks,
Mark.
More information about the linux-arm-kernel
mailing list