mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 02:27:43 +00:00
Kernel: Add option to build with coverage instrumentation and KCOV
GCC and Clang allow us to inject a call to a function named __sanitizer_cov_trace_pc on every edge. This function has to be defined by us. By noting down the caller in that function we can trace the code we have encountered during execution. Such information is used by coverage guided fuzzers like AFL and LibFuzzer to determine if a new input resulted in a new code path. This makes fuzzing much more effective. Additionally this adds a basic KCOV implementation. KCOV is an API that allows user space to request the kernel to start collecting coverage information for a given user space thread. Furthermore KCOV then exposes the collected program counters to user space via a BlockDevice which can be mmaped from user space. This work is required to add effective support for fuzzing SerenityOS to the Syzkaller syscall fuzzer. :^) :^)
This commit is contained in:
parent
67b3255fe8
commit
83f88df757
15 changed files with 478 additions and 0 deletions
46
Kernel/Devices/KCOVDevice.h
Normal file
46
Kernel/Devices/KCOVDevice.h
Normal file
|
@ -0,0 +1,46 @@
|
|||
/*
|
||||
* Copyright (c) 2021, Patrick Meyer <git@the-space.agency>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include <Kernel/Devices/BlockDevice.h>
|
||||
#include <Kernel/Devices/KCOVInstance.h>
|
||||
|
||||
namespace Kernel {
|
||||
class KCOVDevice final : public BlockDevice {
|
||||
AK_MAKE_ETERNAL
|
||||
|
||||
public:
|
||||
static HashMap<ProcessID, KCOVInstance*>* proc_instance;
|
||||
static HashMap<ThreadID, KCOVInstance*>* thread_instance;
|
||||
|
||||
static NonnullRefPtr<KCOVDevice> must_create();
|
||||
static void free_thread();
|
||||
static void free_process();
|
||||
|
||||
// ^File
|
||||
KResultOr<Region*> mmap(Process&, FileDescription&, const Range&, u64 offset, int prot, bool shared) override;
|
||||
KResultOr<NonnullRefPtr<FileDescription>> open(int options) override;
|
||||
|
||||
// ^Device
|
||||
virtual mode_t required_mode() const override { return 0660; }
|
||||
virtual String device_name() const override;
|
||||
|
||||
protected:
|
||||
virtual StringView class_name() const override { return "KCOVDevice"; }
|
||||
|
||||
virtual bool can_read(const FileDescription&, size_t) const override final { return true; }
|
||||
virtual bool can_write(const FileDescription&, size_t) const override final { return true; }
|
||||
virtual void start_request(AsyncBlockDeviceRequest& request) override final { request.complete(AsyncDeviceRequest::Failure); }
|
||||
virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override { return -EINVAL; }
|
||||
virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return -EINVAL; }
|
||||
virtual int ioctl(FileDescription&, unsigned request, FlatPtr arg) override;
|
||||
|
||||
private:
|
||||
KCOVDevice();
|
||||
};
|
||||
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue