[OpenWrt-Devel] [PATCH 3/4] build: Add KCOV kernel code coverage for fuzzing

Alexandru Ardelean ardeleanalex at gmail.com
Thu Feb 13 04:30:10 EST 2020 

On Wed, Feb 12, 2020 at 12:50 PM Hauke Mehrtens
<hauke.mehrtens at intel.com> wrote:
>
> The adds an option to activate KCOV (Code coverage for fuzzing).
>

Reviewed-by: Alexandru Ardelean <ardeleanalex at gmail.com>

> Signed-off-by: Hauke Mehrtens <hauke.mehrtens at intel.com>
> ---
>  config/Config-kernel.in | 33 +++++++++++++++++++++++++++++++++
>  1 file changed, 33 insertions(+)
>
> diff --git a/config/Config-kernel.in b/config/Config-kernel.in
> index 3059a45f48..8e9e3518bf 100644
> --- a/config/Config-kernel.in
> +++ b/config/Config-kernel.in
> @@ -172,6 +172,39 @@ config KERNEL_KASAN_INLINE
>
>  endchoice
>
> +config KERNEL_KCOV
> +       bool "Compile the kernel with code coverage for fuzzing"
> +       select KERNEL_DEBUG_FS
> +       help
> +         KCOV exposes kernel code coverage information in a form suitable
> +         for coverage-guided fuzzing (randomized testing).
> +
> +         If RANDOMIZE_BASE is enabled, PC values will not be stable across
> +         different machines and across reboots. If you need stable PC values,
> +         disable RANDOMIZE_BASE.
> +
> +         For more details, see Documentation/kcov.txt.
> +
> +config KERNEL_KCOV_ENABLE_COMPARISONS
> +       bool "Enable comparison operands collection by KCOV"
> +       depends on KERNEL_KCOV
> +       help
> +         KCOV also exposes operands of every comparison in the instrumented
> +         code along with operand sizes and PCs of the comparison instructions.
> +         These operands can be used by fuzzing engines to improve the quality
> +         of fuzzing coverage.
> +
> +config KERNEL_KCOV_INSTRUMENT_ALL
> +       bool "Instrument all code by default"
> +       depends on KERNEL_KCOV
> +       default y if KERNEL_KCOV
> +       help
> +         If you are doing generic system call fuzzing (like e.g. syzkaller),
> +         then you will want to instrument the whole kernel and you should
> +         say y here. If you are doing more targeted fuzzing (like e.g.
> +         filesystem fuzzing with AFL) then you will want to enable coverage
> +         for more specific subsets of files, and should say n here.
> +
>  config KERNEL_TASKSTATS
>         bool "Compile the kernel with task resource/io statistics and accounting"
>         default n
> --
> 2.17.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list