From patchwork Tue Jan 14 05:34:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joey Jiao X-Patchwork-Id: 13938429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F3EDE77188 for ; Tue, 14 Jan 2025 05:36:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E3A46B007B; Tue, 14 Jan 2025 00:36:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 793F76B0083; Tue, 14 Jan 2025 00:36:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 633F16B0085; Tue, 14 Jan 2025 00:36:02 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 4788A6B007B for ; Tue, 14 Jan 2025 00:36:02 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A9C04806A9 for ; Tue, 14 Jan 2025 05:36:01 +0000 (UTC) X-FDA: 83004946122.05.BF0679A Received: from mx0a-0031df01.pphosted.com (mx0a-0031df01.pphosted.com [205.220.168.131]) by imf13.hostedemail.com (Postfix) with ESMTP id 3411820005 for ; Tue, 14 Jan 2025 05:35:58 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=nyGQ2yT1; dmarc=pass (policy=none) header.from=quicinc.com; spf=pass (imf13.hostedemail.com: domain of quic_jiangenj@quicinc.com designates 205.220.168.131 as permitted sender) smtp.mailfrom=quic_jiangenj@quicinc.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736832959; a=rsa-sha256; cv=none; b=3/aN7mwxXSEXc9bW4EeGqIZCyevxHNUFZDeSrONItlD3CdEN4UmzRH5TtAnBnNIa+Me7QB /Rr19uAAcwUTTPWa99RIoaCRqgLc60UdK6s9as4gng1FA9f0QBqcayHZaCqQPVSL3kIWok zGj2u9AlUJ73Ni9L2yUUknMt/NM2MKo= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=quicinc.com header.s=qcppdkim1 header.b=nyGQ2yT1; dmarc=pass (policy=none) header.from=quicinc.com; spf=pass (imf13.hostedemail.com: domain of quic_jiangenj@quicinc.com designates 205.220.168.131 as permitted sender) smtp.mailfrom=quic_jiangenj@quicinc.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736832959; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=fGXqRSIT8iEokM5NpyWSUnu+CJKUU08IeXrkQyvtOR8=; b=rc7Mi65eRVZuNp1F8OMttJZVhXhutoyMYo8U1+Xp/WdqnfzzxevdA3WrBZkfIC/SlFL9ph RnQ2MvZVtuE54DABXdjkZQrO5XbyVTdkPNNPIf7bV7Vz0vNLjRXf/FkPNOdFKGKu6p/5OO mmsLp4o6vOSe7eqa00YNQipDw7Uv2PI= Received: from pps.filterd (m0279865.ppops.net [127.0.0.1]) by mx0a-0031df01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50DJLZn7002853; Tue, 14 Jan 2025 05:35:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quicinc.com; h= cc:content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=qcppdkim1; bh=fGXqRSIT8iEokM5NpyWSUn u+CJKUU08IeXrkQyvtOR8=; b=nyGQ2yT1uki8fxdIwfkDSfYTvGhwsgIQNR8Y3K A5gMrUzsV5+SWIBWuzLUaNonLLAAaom8bsvi0VR5maHmArF/dPZCgttkBr2q0qqO /+Ctq7cbaxMwoImYRuJxu+y1Olwf2EUb7gUW0WbiuS9gRBt9fz4S2w0uJmrUUb1i iyWmOQq9AmhUElH1QnNp8e4gWF/JOwHrYoo6hbx/Jc6wSGzmkgZdV42rQnesybES 8tQdth8EevNpwPVsWcW9I5unLSoCP/cDU6LkuH/v7xuifcR0js+bs+DTnZePWf6L x49fxxkAYVlvEx5OLGZ9nhHUOtgcBrNp3MVXc2XABnw81quw== Received: from nasanppmta02.qualcomm.com (i-global254.qualcomm.com [199.106.103.254]) by mx0a-0031df01.pphosted.com (PPS) with ESMTPS id 4458ww943r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2025 05:35:49 +0000 (GMT) Received: from nasanex01c.na.qualcomm.com (nasanex01c.na.qualcomm.com [10.45.79.139]) by NASANPPMTA02.qualcomm.com (8.18.1.2/8.18.1.2) with ESMTPS id 50E5ZnsK019741 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Jan 2025 05:35:49 GMT Received: from la-sh002-lnx.ap.qualcomm.com (10.80.80.8) by nasanex01c.na.qualcomm.com (10.45.79.139) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.9; Mon, 13 Jan 2025 21:35:42 -0800 From: "Jiao, Joey" Subject: [PATCH 0/7] kcov: Introduce New Unique PC|EDGE|CMP Modes Date: Tue, 14 Jan 2025 13:34:30 +0800 Message-ID: <20250114-kcov-v1-0-004294b931a2@quicinc.com> MIME-Version: 1.0 X-B4-Tracking: v=1; b=H4sIAGf3hWcC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE vPSU3UzU4B8JSMDI1MDQ0MT3ezk/DJdS9Pk1JTU5FQTM1MTJaDSgqLUtMwKsDHRsbW1AKxXN/F WAAAA X-Change-ID: 20250114-kcov-95cedece4654 To: Dmitry Vyukov , Andrey Konovalov , Jonathan Corbet , Andrew Morton , Dennis Zhou , Tejun Heo , Christoph Lameter , Catalin Marinas , Will Deacon CC: , , , , , , X-Mailer: b4 0.14.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1736832941; l=4982; i=quic_jiangenj@quicinc.com; s=20250114; h=from:subject:message-id; bh=KF+hdYTmC0kaoWHPMMW6dtsTZWgnKqQ/QLSr+4P37p8=; b=nAwxJxgoU1Q8LXtKwFqlrO6wF8qseE8RRM3mpTnNkDOJW0S2nAezeabZxQjA4mCxTlAmyGo8a DfF4x/4tIOJActPFgWO0910pfQVzG+JdHbQjV5X7EQQJQL55VWc6VYf X-Developer-Key: i=quic_jiangenj@quicinc.com; a=ed25519; pk=JPzmfEvx11SW1Q1qtMhFcAx46KP1Ui36jcetDgbev28= X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: nasanex01b.na.qualcomm.com (10.46.141.250) To nasanex01c.na.qualcomm.com (10.45.79.139) X-QCInternal: smtphost X-Proofpoint-Virus-Version: vendor=nai engine=6200 definitions=5800 signatures=585085 X-Proofpoint-GUID: W6wLUaQRtXns5-yBsMSVi63JGdBpU7pd X-Proofpoint-ORIG-GUID: W6wLUaQRtXns5-yBsMSVi63JGdBpU7pd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 spamscore=0 mlxlogscore=864 mlxscore=0 clxscore=1015 impostorscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0 suspectscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501140044 X-Stat-Signature: pozo3i7iebwyf4i55xw7hm36ny47rk78 X-Rspam-User: X-Rspamd-Queue-Id: 3411820005 X-Rspamd-Server: rspam08 X-HE-Tag: 1736832958-64849 X-HE-Meta: U2FsdGVkX1/q+jo8Ex60/8OSAT9RekfBOrd7ytTGdUWj4FABsom+IA+GDK4iOOEmd474cK5PRixhFBUvEw5Opg+dJuq9vCDGWSdiU0PE5WaxvMkWrUv95HoeDLBmWtSB/luRv62H9b/ULPwZVOmi1Oec9yZnC0YmbG0R2KQbmf0ghmRmnQ29jA+vp9wCp+/dVDFGj9JP++9hgyQjdUP9PHqIgXnf8MEI9T0UGqYqSqeBpD+w7GKzDE5V7UzhIm86XJZRZNnADMl5sgzgJgtscVAGQ1gl1ARgXX3hdJY5wyv2O1d0FFIgz+zgL9RO6WdcSz8vKRIgBX4PfLfRtrG/jguPl84j58yoz/9LcCngghedlElJeC/rNOafmDmzDe4OsJwwxT1ZWJfmDPnzHDBj4la+cGBprstiIiWIgMOVuB8kCNc8zXVDvjE4MKbKLsCGsi7cdP6iS/G8BqeTpv5b0mvR3Ehlxq1vQavIVqvzh1vdPpsjpRQCsz5w9MNeCgRdES+MxBQVFlzwZkff7Pv/+cDggH5cVf65i9pUydxTa6VExz4QZm+WKh8JtyVQLkyGVT+XjE3i7mriHzFNaiCosxmuGQU/n56zEHa/t0nMd+VAjHwFu/vwbeCfSZqRSN9fwZsE+hxA6i2YENH+OP/nGh1F0kzXu+HmIT4J1Wm8oNqhmNxDIPyVVsWmD9EUwc+X5+sqajNLnCl0MPc7vjLWl0yOqETb+UxaTowjNXd3bGvLNq70uBXk+5pX3+9TV9i6kx3qAS2589lL7m+quW6ggIN2D/03c+POp+utsDanwaUXnwcqlJDMaYlGVFS28Mq6467q8TMkl5Px1CJ6AmqmeZbRvrWBdttHXjSg5MTQrdBjy07DXy8GMhdAauwA+D42++qdk+di7YW5DRuofkIH0c7AZl7NPem9yYGsHSlUgpehhOvq4Rekr/Bh7CKUvbDabxSs0QdFnKDjSQThDWw k3RaA6KJ JoLRZJnk9JdGVEYP4SL3JPf7QG/n6BfEKHlz1kRpZMm/gM9wxfCatC2Ynq+U2A+e651mIX72V14bYGXnDEIaAH8RxKS2A/T8Hi8VVYJTc9LI+DPC7RbZRw3+6755P6j6RJYHUKiyuNruXErDVwh8hnBJR94l1KTTFSQaxRYrUX8YB+faZPcrrRRuNlHVlQ6b0O8ByyfA5L9ugQ9dOp34m4ghN1aAW+yi/1hIdKrtFWLp5QQ5Kk1KIbS0owxMARGgVgrPrjcnck06fKBPycr7IiWwicjw1eLfGeIos6FQLfRe2o2gPGV4tnlYelokKIbT3Td6EHayFLI/jUV0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi, This patch series introduces new kcov unique modes: `KCOV_TRACE_UNIQ_[PC|EDGE|CMP]`, which are used to collect unique PC, EDGE, CMP information. Background ---------- In the current kcov implementation, when `__sanitizer_cov_trace_pc` is hit, the instruction pointer (IP) is stored sequentially in an area. Userspace programs then read this area to record covered PCs and calculate covered edges. However, recent syzkaller runs show that many syscalls likely have `pos > t->kcov_size`, leading to kcov overflow. To address this issue, we introduce new kcov unique modes. Solution Overview ----------------- 1. [P 1] Introduce `KCOV_TRACE_UNIQ_PC` Mode: - Export `KCOV_TRACE_UNIQ_PC` to userspace. - Add `kcov_map` struct to manage memory during the KCOV lifecycle. - `kcov_entry` struct as a hashtable entry containing unique PCs. - Use hashtable buckets to link `kcov_entry`. - Preallocate memory using genpool during KCOV initialization. - Move `area` inside `kcov_map` for easier management. - Use `jhash` for hash key calculation to support `KCOV_TRACE_UNIQ_CMP` mode. 2. [P 2-3] Introduce `KCOV_TRACE_UNIQ_EDGE` Mode: - Save `prev_pc` to calculate edges with the current IP. - Add unique edges to the hashmap. - Use a lower 12-bit mask to make hash independent of module offsets. - Distinguish areas for `KCOV_TRACE_UNIQ_PC` and `KCOV_TRACE_UNIQ_EDGE` modes using `offset` during mmap. - Support enabling `KCOV_TRACE_UNIQ_PC` and `KCOV_TRACE_UNIQ_EDGE` together. 3. [P 4] Introduce `KCOV_TRACE_UNIQ_CMP` Mode: - Shares the area with `KCOV_TRACE_UNIQ_PC`, making these modes exclusive. 4. [P 5] Add Example Code Documentation: - Provide examples for testing different modes: - `KCOV_TRACE_PC`: `./kcov` or `./kcov 0` - `KCOV_TRACE_CMP`: `./kcov 1` - `KCOV_TRACE_UNIQ_PC`: `./kcov 2` - `KCOV_TRACE_UNIQ_EDGE`: `./kcov 4` - `KCOV_TRACE_UNIQ_PC|KCOV_TRACE_UNIQ_EDGE`: `./kcov 6` - `KCOV_TRACE_UNIQ_CMP`: `./kcov 8` 5. [P 6-7] Disable KCOV Instrumentation: - Disable instrumentation like genpool to prevent recursive calls. Caveats ------- The userspace program has been tested on Qemu x86_64 and two real Android phones with different ARM64 chips. More syzkaller-compatible tests have been conducted. However, due to limited knowledge of other platforms, assistance from those with access to other systems is needed. Results and Analysis -------------------- 1. KMEMLEAK Test on Qemu x86_64: - No memory leaks found during the `kcov` program run. 2. KCSAN Test on Qemu x86_64: - No KCSAN issues found during the `kcov` program run. 3. Existing Syzkaller on Qemu x86_64 and Real ARM64 Device: - Syzkaller can fuzz, show coverage, and find bugs. Adjusting `procs` and `vm mem` settings can avoid OOM issues caused by genpool in the patches, so `procs:4 + vm:2GB` or `procs:4 + vm:2GB` are used for Qemu x86_64. - `procs:8` is kept on Real ARM64 Device with 12GB/16GB mem. 4. Modified Syzkaller to Support New KCOV Unique Modes: - Syzkaller runs fine on both Qemu x86_64 and ARM64 real devices. Limited `Cover overflows` and `Comps overflows` observed. 5. Modified Syzkaller + Upstream Kernel Without Patch Series: - Not tested. The modified syzkaller will fall back to `KCOV_TRACE_PC` or `KCOV_TRACE_CMP` if `ioctl` fails for Unique mode. Possible Further Enhancements ----------------------------- 1. Test more cases and setups, including those in syzbot. 2. Ensure `hash_for_each_possible_rcu` is protected for reentrance and atomicity. 3. Find a simpler and more efficient way to store unique coverage. Conclusion ---------- These patches add new kcov unique modes to mitigate the kcov overflow issue, compatible with both existing and new syzkaller versions. Thanks, Joey Jiao --- Jiao, Joey (7): kcov: introduce new kcov KCOV_TRACE_UNIQ_PC mode kcov: introduce new kcov KCOV_TRACE_UNIQ_EDGE mode kcov: allow using KCOV_TRACE_UNIQ_[PC|EDGE] modes together kcov: introduce new kcov KCOV_TRACE_UNIQ_CMP mode kcov: add the new KCOV uniq modes example code kcov: disable instrumentation for genalloc and bitmap arm64: disable kcov instrument in header files Documentation/dev-tools/kcov.rst | 243 ++++++++++++++-------------- arch/arm64/include/asm/percpu.h | 2 +- arch/arm64/include/asm/preempt.h | 2 +- include/linux/kcov.h | 10 +- include/uapi/linux/kcov.h | 6 + kernel/kcov.c | 333 +++++++++++++++++++++++++++++++++------ lib/Makefile | 2 + 7 files changed, 423 insertions(+), 175 deletions(-) --- base-commit: 9b2ffa6148b1e4468d08f7e0e7e371c43cac9ffe change-id: 20250114-kcov-95cedece4654 Best regards,