From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 754ADCCA47A for ; Tue, 14 Jun 2022 13:34:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242608AbiFNNeq (ORCPT ); Tue, 14 Jun 2022 09:34:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238861AbiFNNej (ORCPT ); Tue, 14 Jun 2022 09:34:39 -0400 Received: from mail-oa1-x36.google.com (mail-oa1-x36.google.com [IPv6:2001:4860:4864:20::36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9DE201C11E for ; Tue, 14 Jun 2022 06:34:37 -0700 (PDT) Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-f2a4c51c45so12455714fac.9 for ; Tue, 14 Jun 2022 06:34:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=wxZe6L1nXRSo/rEGlh3/Z3W3UQpOfnPlrbhGyQa89iM=; b=jdQoiAUs5HNMpbnUDsHeNGxCy0MwUrPaxuGGOAdUM+86D1Y7rB3cS3ljEDYsFxMxqJ t5dYo0O/MYdnpJsS8rMfgx3VHrFbB9mfgTFu/5X2LO+yCB8F3i6VvxfYQJXCLvmzfkTT 7iMrS8UbMonnfudG0pz45vZDCSrmEIk4AjBpLX1LjtE0BZIHEUpUk0k6Jw8+Yh+gXjn9 1eVNNOmS0Q8k2BzyfyWW5e7b2YnGJZBmkpkV37g1TsSztBt97JoGBYWo+BERGWcHKJMm /futwy78sj59wVyLT/3C3SQREcMoUQqqESHMXMjDn4xsNlw9p2fC+VBK2WiXiR+QUCaY XC3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=wxZe6L1nXRSo/rEGlh3/Z3W3UQpOfnPlrbhGyQa89iM=; b=w0JoPeMKaNUttPjawTquwO2KhoFFZLYEroi03zn5NBDHVeIcSbtxeQQrLaccPwjbmw vjzoeIWRfX4Rpm96A+PtC+EYl1R//Yfm/ZRYUkuf83uXjgyC2jl1xCY8v0+qUHcp0bg3 7iyRU0cYWvKNYjOyhpfx7lV0QsbvMykgq6Ewk+XXQLCiFOROPrUZIz+a37EKzDE7IMyv tYRqR0+HN4VnwtxgM2aCdXzeGjIQIMcPMEypVQ2Br/mW5QfPp3+G4FCKwTKDDJin50kp ZzwFq7htsaLMBbLzAIeBdvyPIO1ztf2Er8XnP2OHwyQtSfRrXnEl2MVC1yi56jxHL+OU rXKg== X-Gm-Message-State: AJIora9uOMIsRt3UzOMhrw/UBoiIunE6mvrdqtcnUXT/V3qnOowlWXLZ 17Lfa9CMKoBSO3nj5y6AQb2Y0eijieK9es9c31sBow== X-Google-Smtp-Source: AGRyM1shSsjH9+nQeZGkuBjftOK2ByQh7wQgjTsQ2WG9AHGsBGGVqz3ZiPR2LHS1CCcjcG2DhVb2fuuoiEZuLK8ri38= X-Received: by 2002:a05:6870:a198:b0:100:ed11:2fcc with SMTP id a24-20020a056870a19800b00100ed112fccmr2470639oaf.50.1655213676772; Tue, 14 Jun 2022 06:34:36 -0700 (PDT) MIME-Version: 1.0 References: <20220607104015.2126118-1-poprdi@google.com> In-Reply-To: From: =?UTF-8?Q?Tam=C3=A1s_Koczka?= Date: Tue, 14 Jun 2022 15:34:25 +0200 Message-ID: Subject: Re: [PATCH v2] Bluetooth: Collect kcov coverage from hci_rx_work To: Marcel Holtmann Cc: Johan Hedberg , Luiz Augusto von Dentz , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Andy Nguyen , Aleksandr Nogikh Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Marcel, I hope this was the change you originally requested, and I did not misunderstand anything, but if you need any additional modification to the code or the commit, please feel free to let me know! Thank you, Tamas On Tue, Jun 7, 2022 at 1:44 PM Tam=C3=A1s Koczka wrote: > > Hello Marcel, > > I added some comments into the code about what the kcov_remote calls do a= nd > why they were implemented and I also added some reasoning to the commit > message. > > I did not mention in the commit but these functions only run if the kerne= l > is compiled with CONFIG_KCOV. > > Thank you again for reviewing the patch! > > -- > Tamas > > On Tue, Jun 7, 2022 at 12:40 PM Tamas Koczka wrote: > > > > Annotate hci_rx_work() with kcov_remote_start() and kcov_remote_stop() > > calls, so remote KCOV coverage is collected while processing the rx_q > > queue which is the main incoming Bluetooth packet queue. > > > > Coverage is associated with the thread which created the packet skb. > > > > The collected extra coverage helps kernel fuzzing efforts in finding > > vulnerabilities. > > > > Signed-off-by: Tamas Koczka > > --- > > Changelog since v1: > > - add comment about why kcov_remote functions are called > > > > v1: https://lore.kernel.org/all/20220517094532.2729049-1-poprdi@google.= com/ > > > > net/bluetooth/hci_core.c | 10 +++++++++- > > 1 file changed, 9 insertions(+), 1 deletion(-) > > > > diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c > > index 45c2dd2e1590..0af43844c55a 100644 > > --- a/net/bluetooth/hci_core.c > > +++ b/net/bluetooth/hci_core.c > > @@ -29,6 +29,7 @@ > > #include > > #include > > #include > > +#include > > #include > > #include > > #include > > @@ -3780,7 +3781,14 @@ static void hci_rx_work(struct work_struct *work= ) > > > > BT_DBG("%s", hdev->name); > > > > - while ((skb =3D skb_dequeue(&hdev->rx_q))) { > > + /* The kcov_remote functions used for collecting packet parsing > > + * coverage information from this background thread and associa= te > > + * the coverage with the syscall's thread which originally inje= cted > > + * the packet. This helps fuzzing the kernel. > > + */ > > + for (; (skb =3D skb_dequeue(&hdev->rx_q)); kcov_remote_stop()) = { > > + kcov_remote_start_common(skb_get_kcov_handle(skb)); > > + > > /* Send copy to monitor */ > > hci_send_to_monitor(hdev, skb); > > > > -- > > 2.36.1.255.ge46751e96f-goog > >