From: Johannes Berg <johannes@sipsolutions.net>
To: Aleksandr Nogikh <a.nogikh@gmail.com>,
davem@davemloft.net, kuba@kernel.org, akpm@linux-foundation.org
Cc: edumazet@google.com, andreyknvl@google.com, dvyukov@google.com,
elver@google.com, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, linux-wireless@vger.kernel.org,
nogikh@google.com
Subject: Re: [PATCH v2 0/3] [PATCH v2 0/3] [PATCH v2 0/3] net, mac80211, kernel: enable KCOV remote coverage collection for 802.11 frame handling
Date: Sun, 11 Oct 2020 20:50:00 +0200 [thread overview]
Message-ID: <5d71472dcef4d88786ea6e8f30f0816f8b920bb7.camel@sipsolutions.net> (raw)
In-Reply-To: <20201009170202.103512-1-a.nogikh@gmail.com> (sfid-20201009_190209_250951_9651A9CD)
On Fri, 2020-10-09 at 17:01 +0000, Aleksandr Nogikh wrote:
> From: Aleksandr Nogikh <nogikh@google.com>
>
> This patch series enables remote KCOV coverage collection during
> 802.11 frames processing. These changes make it possible to perform
> coverage-guided fuzzing in search of remotely triggerable bugs.
Btw, it occurred to me that I don't know at all - is this related to
syzkaller? Or is there some other fuzzing you're working on? Can we get
the bug reports from it if it's different? :)
Also, unrelated to that (but I see Dmitry CC'ed), I started wondering if
it'd be helpful to have an easier raw 802.11 inject path on top of say
hwsim0; I noticed some syzbot reports where it created raw sockets, but
that only gets you into the *data* plane of the wifi stack, not into the
*management* plane. Theoretically you could add a monitor interface, but
right now the wifi setup (according to the current docs on github) is
using two IBSS interfaces.
Perhaps an inject path on the mac80211-hwsim "hwsim0" interface would be
something to consider? Or simply adding a third radio that's in
"monitor" mode, so that a raw socket bound to *that* interface can
inject with a radiotap header followed by an 802.11 frame, getting to
arbitrary frame handling code, not just data frames.
Any thoughts?
johannes
next prev parent reply other threads:[~2020-10-11 18:50 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-09 17:01 [PATCH v2 0/3] [PATCH v2 0/3] [PATCH v2 0/3] net, mac80211, kernel: enable KCOV remote coverage collection for 802.11 frame handling Aleksandr Nogikh
2020-10-09 17:02 ` [PATCH v2 1/3] kernel: make kcov_common_handle consider the current context Aleksandr Nogikh
2020-10-14 16:03 ` Andrey Konovalov
2020-10-09 17:02 ` [PATCH v2 2/3] net: store KCOV remote handle in sk_buff Aleksandr Nogikh
2020-10-09 17:02 ` [PATCH v2 3/3] mac80211: add KCOV remote annotations to incoming frame processing Aleksandr Nogikh
2020-10-09 17:13 ` [PATCH v2 0/3] [PATCH v2 0/3] [PATCH v2 0/3] net, mac80211, kernel: enable KCOV remote coverage collection for 802.11 frame handling Johannes Berg
2020-10-11 10:37 ` Andrey Konovalov
2020-10-11 11:09 ` Johannes Berg
2020-10-11 18:50 ` Johannes Berg [this message]
2020-10-11 18:53 ` Andrey Konovalov
2020-10-12 11:18 ` Aleksandr Nogikh
2020-10-12 11:21 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5d71472dcef4d88786ea6e8f30f0816f8b920bb7.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=a.nogikh@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@google.com \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=elver@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nogikh@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.