| #
a8fe8db4 |
| 25-Feb-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r344178 through r344512.
|
| #
bdffe3b5 |
| 21-Feb-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Allow the kcov buffer to be mmaped multiple times.
After r344391 this restriction is no longer needed.
Sponsored by: DARPA, AFRL
|
| #
01ffedf5 |
| 20-Feb-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Unwire the kcov buffer when freeing the info struct.
Without this the physical memory will not be returned to the kernel.
While here call vm_object_reference on the object when mmapping the buffer.
Unwire the kcov buffer when freeing the info struct.
Without this the physical memory will not be returned to the kernel.
While here call vm_object_reference on the object when mmapping the buffer.
This removed the need for buggy tracking of if it has been mapped or not.
This fixes issues where kcov could use all the system memory.
Reported by: tuexen
Reviewed by: kib
Sponsored by: DARPA, AFTL
Differential Revision: https://reviews.freebsd.org/D19252
show more ...
|
| #
a759a0a0 |
| 20-Feb-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Call pmap_qenter for each page when creating the kcov buffer.
This removes the need to allocate a buffer to hold the vm_page_t objects
at the cost of extra IPIs on some architectures.
Reviewed by:
Call pmap_qenter for each page when creating the kcov buffer.
This removes the need to allocate a buffer to hold the vm_page_t objects
at the cost of extra IPIs on some architectures.
Reviewed by: kib
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D19252
show more ...
|
| #
72b66398 |
| 19-Feb-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Create a common function to handle freeing the kcov info struct.
Both places that may free the kcov info struct are identical. Create a new
common function to hold the code.
Sponsored by: DARPA, AF
Create a common function to handle freeing the kcov info struct.
Both places that may free the kcov info struct are identical. Create a new
common function to hold the code.
Sponsored by: DARPA, AFRL
show more ...
|
| #
9e43c218 |
| 10-Feb-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r343807 through r343955.
|
| #
c50c26aa |
| 08-Feb-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Fix the spelling of cov_unregister_pc.
When unregistering kcov from the coverage interface we should use the
unregister function, not the register function.
Sponsored by: DARPA, AFRL
|
| #
7e565c55 |
| 30-Jan-2019 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r343320 through r343570.
|
| #
524553f5 |
| 29-Jan-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Extract the coverage sanitizer KPI to a new file.
This will allow multiple consumers of the coverage data to be compiled
into the kernel together. The only requirement is only one can be
registered
Extract the coverage sanitizer KPI to a new file.
This will allow multiple consumers of the coverage data to be compiled
into the kernel together. The only requirement is only one can be
registered at a given point in time, however it is expected they will
only register when the coverage data is needed.
A new kernel conflig option COVERAGE is added. This will allow kcov to
become a module that can be loaded as needed, or compiled into the
kernel.
While here clean up the #include style a little.
Reviewed by: kib
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D18955
show more ...
|
| #
b3c0d957 |
| 12-Jan-2019 |
Andrew Turner <andrew@FreeBSD.org> |
Add support for the Clang Coverage Sanitizer in the kernel (KCOV).
When building with KCOV enabled the compiler will insert function calls
to probes allowing us to trace the execution of the kernel
Add support for the Clang Coverage Sanitizer in the kernel (KCOV).
When building with KCOV enabled the compiler will insert function calls
to probes allowing us to trace the execution of the kernel from userspace.
These probes are on function entry (trace-pc) and on comparison operations
(trace-cmp).
Userspace can enable the use of these probes on a single kernel thread with
an ioctl interface. It can allocate space for the probe with KIOSETBUFSIZE,
then mmap the allocated buffer and enable tracing with KIOENABLE, with the
trace mode being passed in as the int argument. When complete KIODISABLE
is used to disable tracing.
The first item in the buffer is the number of trace event that have
happened. Userspace can write 0 to this to reset the tracing, and is
expected to do so on first use.
The format of the buffer depends on the trace mode. When in PC tracing just
the return address of the probe is stored. Under comparison tracing the
comparison type, the two arguments, and the return address are traced. The
former method uses on entry per trace event, while the later uses 4. As
such they are incompatible so only a single mode may be enabled.
KCOV is expected to help fuzzing the kernel, and while in development has
already found a number of issues. It is required for the syzkaller system
call fuzzer [1]. Other kernel fuzzers could also make use of it, either
with the current interface, or by extending it with new modes.
A man page is currently being worked on and is expected to be committed
soon, however having the code in the kernel now is useful for other
developers to use.
[1] https://github.com/google/syzkaller
Submitted by: Mitchell Horne <mhorne063@gmail.com> (Earlier version)
Reviewed by: kib
Testing by: tuexen
Sponsored by: DARPA, AFRL
Sponsored by: The FreeBSD Foundation (Mitchell Horne)
Differential Revision: https://reviews.freebsd.org/D14599
show more ...
|