[v2,3/3] usb: core: kcov: collect coverage from usb complete callback
diff mbox series

Message ID 32bce32c8b88c2f88cd0a8acfcdb5d3a6e894632.1583778264.git.andreyknvl@google.com
State In Next
Commit 4f46aad077c30c846044b4ebdc26aa6547c9b8cd
Headers show
Series
  • kcov: collect coverage from usb soft interrupts
Related show

Commit Message

Andrey Konovalov March 9, 2020, 6:27 p.m. UTC
This patch adds kcov_remote_start/stop() callbacks around the urb
complete() callback that is executed in softirq context when dummy_hcd
is in use. As the result, kcov can be used to collect coverage from those
those callbacks, which is used to facilitate coverage-guided fuzzing with
syzkaller.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 drivers/usb/core/hcd.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Peter Chen March 12, 2020, 9:39 a.m. UTC | #1
On 20-03-09 19:27:06, Andrey Konovalov wrote:
> This patch adds kcov_remote_start/stop() callbacks around the urb
> complete() callback that is executed in softirq context when dummy_hcd
> is in use. As the result, kcov can be used to collect coverage from those
> those callbacks, which is used to facilitate coverage-guided fuzzing with

Typo, One more "those"

Peter

> syzkaller.
> 
> Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
> ---
>  drivers/usb/core/hcd.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
> index aa45840d8273..de624c47e190 100644
> --- a/drivers/usb/core/hcd.c
> +++ b/drivers/usb/core/hcd.c
> @@ -31,6 +31,7 @@
>  #include <linux/types.h>
>  #include <linux/genalloc.h>
>  #include <linux/io.h>
> +#include <linux/kcov.h>
>  
>  #include <linux/phy/phy.h>
>  #include <linux/usb.h>
> @@ -1645,7 +1646,9 @@ static void __usb_hcd_giveback_urb(struct urb *urb)
>  
>  	/* pass ownership to the completion handler */
>  	urb->status = status;
> +	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
>  	urb->complete(urb);
> +	kcov_remote_stop();
>  
>  	usb_anchor_resume_wakeups(anchor);
>  	atomic_dec(&urb->use_count);
> -- 
> 2.25.1.481.gfbce0eb801-goog
>
Andrey Konovalov March 13, 2020, 2:56 p.m. UTC | #2
On Thu, Mar 12, 2020 at 10:39 AM Peter Chen <peter.chen@nxp.com> wrote:
>
> On 20-03-09 19:27:06, Andrey Konovalov wrote:
> > This patch adds kcov_remote_start/stop() callbacks around the urb
> > complete() callback that is executed in softirq context when dummy_hcd
> > is in use. As the result, kcov can be used to collect coverage from those
> > those callbacks, which is used to facilitate coverage-guided fuzzing with
>
> Typo, One more "those"

Will fix in v3, thanks Peter!

>
> Peter
>
> > syzkaller.
> >
> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
> > ---
> >  drivers/usb/core/hcd.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
> > index aa45840d8273..de624c47e190 100644
> > --- a/drivers/usb/core/hcd.c
> > +++ b/drivers/usb/core/hcd.c
> > @@ -31,6 +31,7 @@
> >  #include <linux/types.h>
> >  #include <linux/genalloc.h>
> >  #include <linux/io.h>
> > +#include <linux/kcov.h>
> >
> >  #include <linux/phy/phy.h>
> >  #include <linux/usb.h>
> > @@ -1645,7 +1646,9 @@ static void __usb_hcd_giveback_urb(struct urb *urb)
> >
> >       /* pass ownership to the completion handler */
> >       urb->status = status;
> > +     kcov_remote_start_usb((u64)urb->dev->bus->busnum);
> >       urb->complete(urb);
> > +     kcov_remote_stop();
> >
> >       usb_anchor_resume_wakeups(anchor);
> >       atomic_dec(&urb->use_count);
> > --
> > 2.25.1.481.gfbce0eb801-goog
> >
>
> --
>
> Thanks,
> Peter Chen

Patch
diff mbox series

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index aa45840d8273..de624c47e190 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -31,6 +31,7 @@ 
 #include <linux/types.h>
 #include <linux/genalloc.h>
 #include <linux/io.h>
+#include <linux/kcov.h>
 
 #include <linux/phy/phy.h>
 #include <linux/usb.h>
@@ -1645,7 +1646,9 @@  static void __usb_hcd_giveback_urb(struct urb *urb)
 
 	/* pass ownership to the completion handler */
 	urb->status = status;
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
 	urb->complete(urb);
+	kcov_remote_stop();
 
 	usb_anchor_resume_wakeups(anchor);
 	atomic_dec(&urb->use_count);