From patchwork Thu Dec 12 17:15:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 11288779 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2E89D138D for ; Thu, 12 Dec 2019 17:16:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 02FB42464B for ; Thu, 12 Dec 2019 17:16:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="CYurTowC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730153AbfLLRP5 (ORCPT ); Thu, 12 Dec 2019 12:15:57 -0500 Received: from mail-wr1-f73.google.com ([209.85.221.73]:52106 "EHLO mail-wr1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730086AbfLLRP4 (ORCPT ); Thu, 12 Dec 2019 12:15:56 -0500 Received: by mail-wr1-f73.google.com with SMTP id c6so1270261wrm.18 for ; Thu, 12 Dec 2019 09:15:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=JRGxEMxXqyLwwq/VLC1I/z+abNsCoEB8oREoiMjCzw4=; b=CYurTowCo3NeG9CHGHLholAE9mQNbdbGPDQT49R1Lmtubio4iN/318jMH33rG87Zjx wGL2YpYyAP3jue6mIO/AJQdIcqonRk3zhhei52OeHFzo/nLWR/R6NiZ+p7TjFhcXUs35 KYUhTcdOJS0KnlTq8VdpEcfj3NFzJfosFzgpm2T4Db0U5vyx35ofw0rUWO1/GUc//etY zMC+euWL6VwIs/k94lLaKxtupRwAJHx0TUG3xZ44bj/kAJadj4vwGECoJoVdhLhGaEpV JtfEpm1Sd5A4a8du8BD++qHOFbFv6yFdbAFnpTuGSJpnk1I7u9RbLoze9dutvq8dzNsp ln7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=JRGxEMxXqyLwwq/VLC1I/z+abNsCoEB8oREoiMjCzw4=; b=imcq0Bgqew2YwHd+zYHdzJmZFAow/Da0C3oMCMW4ufV+q7PHOIQhiJMQwezGCIG6+a FD4CY8WpUIHO/Sh4SH+8hfYQeOEYYL0tvERZj3N25Oyn2f1/62Va3gdryfmrx5Nts44z +ik6TGMAMGYROjCj5E4BAFIdHnX7QOL/9rQbR2onRFQWuwoU0xDP6s1G8r6hkqg5CpXI HEYKdXbRRTPX155GRHF1fBs1g00Dr+YddMLHkVcPxXjupvEnkD6A1mRtyrSOIzWVANLf ZPO9ciZRJM71gu/7vZOJ8a/qGoi3I2F5lFzRJEEF+8o5AdjYjQJgduDNaYYoWsKQte9O s9JA== X-Gm-Message-State: APjAAAW0ezmJ+2a1wYpLGO/pbMRMKOP810k7gF9eknt6fahmacrUISNw Mz7njJAmfXR55NHLSQ7+kC1Ea2RtvGxUGAEQ X-Google-Smtp-Source: APXvYqwZSGOUFrDgSvckfYOQ79ZxiCcGgSE+6bmOJ/qSRTSUUi9MG7l+kSKLLPv3SZ7yvdlV2AFaM3ZR9pxQMMSE X-Received: by 2002:a5d:6408:: with SMTP id z8mr7658035wru.122.1576170953138; Thu, 12 Dec 2019 09:15:53 -0800 (PST) Date: Thu, 12 Dec 2019 18:15:39 +0100 In-Reply-To: Message-Id: <6b4b598d012d981c0c45fcc9f121ba210bd222f9.1576170740.git.andreyknvl@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.24.1.735.g03f4e72817-goog Subject: [PATCH RFC 2/2] HID: usbhid: kcov: add annotations for coverage collection From: Andrey Konovalov To: Dmitry Vyukov , Greg Kroah-Hartman , Alan Stern , Jiri Kosina , Benjamin Tissoires Cc: Andrew Morton , linux-usb@vger.kernel.org, linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, Alexander Potapenko , Marco Elver , Andrey Konovalov Sender: linux-usb-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-usb@vger.kernel.org This patch adds kcov_remote_start/stop() callbacks into usbhid code that is executed in interrupt context. As the result, kcov can be used to collect coverage from those parts of the code, which is used to facilitate coverage-guided fuzzing with syzkaller. Signed-off-by: Andrey Konovalov Acked-by: Jiri Kosina --- drivers/hid/usbhid/hid-core.c | 25 ++++++++++++++++++++----- drivers/hid/usbhid/usbkbd.c | 15 ++++++++++++--- drivers/hid/usbhid/usbmouse.c | 7 ++++++- 3 files changed, 38 insertions(+), 9 deletions(-) diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index c7bc9db5b192..3e825f27d882 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -274,6 +274,8 @@ static void hid_irq_in(struct urb *urb) struct usbhid_device *usbhid = hid->driver_data; int status; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + switch (urb->status) { case 0: /* success */ usbhid->retry_delay = 0; @@ -300,12 +302,12 @@ static void hid_irq_in(struct urb *urb) clear_bit(HID_IN_RUNNING, &usbhid->iofl); set_bit(HID_CLEAR_HALT, &usbhid->iofl); schedule_work(&usbhid->reset_work); - return; + goto out; case -ECONNRESET: /* unlink */ case -ENOENT: case -ESHUTDOWN: /* unplug */ clear_bit(HID_IN_RUNNING, &usbhid->iofl); - return; + goto out; case -EILSEQ: /* protocol error or unplug */ case -EPROTO: /* protocol error or unplug */ case -ETIME: /* protocol error or unplug */ @@ -313,7 +315,7 @@ static void hid_irq_in(struct urb *urb) usbhid_mark_busy(usbhid); clear_bit(HID_IN_RUNNING, &usbhid->iofl); hid_io_error(hid); - return; + goto out; default: /* error */ hid_warn(urb->dev, "input irq status %d received\n", urb->status); @@ -330,6 +332,9 @@ static void hid_irq_in(struct urb *urb) hid_io_error(hid); } } + +out: + kcov_remote_stop(); } static int hid_submit_out(struct hid_device *hid) @@ -433,6 +438,8 @@ static void hid_irq_out(struct urb *urb) unsigned long flags; int unplug = 0; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + switch (urb->status) { case 0: /* success */ break; @@ -459,7 +466,7 @@ static void hid_irq_out(struct urb *urb) hid_submit_out(hid) == 0) { /* Successfully submitted next urb in queue */ spin_unlock_irqrestore(&usbhid->lock, flags); - return; + goto out; } } @@ -467,6 +474,9 @@ static void hid_irq_out(struct urb *urb) spin_unlock_irqrestore(&usbhid->lock, flags); usb_autopm_put_interface_async(usbhid->intf); wake_up(&usbhid->wait); + +out: + kcov_remote_stop(); } /* @@ -480,6 +490,8 @@ static void hid_ctrl(struct urb *urb) unsigned long flags; int unplug = 0, status = urb->status; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + switch (status) { case 0: /* success */ if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN) @@ -510,7 +522,7 @@ static void hid_ctrl(struct urb *urb) hid_submit_ctrl(hid) == 0) { /* Successfully submitted next urb in queue */ spin_unlock_irqrestore(&usbhid->lock, flags); - return; + goto out; } } @@ -518,6 +530,9 @@ static void hid_ctrl(struct urb *urb) spin_unlock_irqrestore(&usbhid->lock, flags); usb_autopm_put_interface_async(usbhid->intf); wake_up(&usbhid->wait); + +out: + kcov_remote_stop(); } static void __usbhid_submit_report(struct hid_device *hid, struct hid_report *report, diff --git a/drivers/hid/usbhid/usbkbd.c b/drivers/hid/usbhid/usbkbd.c index d5b7a696a68c..eae46e51ca6a 100644 --- a/drivers/hid/usbhid/usbkbd.c +++ b/drivers/hid/usbhid/usbkbd.c @@ -102,13 +102,15 @@ static void usb_kbd_irq(struct urb *urb) struct usb_kbd *kbd = urb->context; int i; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + switch (urb->status) { case 0: /* success */ break; case -ECONNRESET: /* unlink */ case -ENOENT: case -ESHUTDOWN: - return; + goto out; /* -EPIPE: should clear the halt */ default: /* error */ goto resubmit; @@ -148,6 +150,9 @@ static void usb_kbd_irq(struct urb *urb) hid_err(urb->dev, "can't resubmit intr, %s-%s/input0, status %d", kbd->usbdev->bus->bus_name, kbd->usbdev->devpath, i); + +out: + kcov_remote_stop(); } static int usb_kbd_event(struct input_dev *dev, unsigned int type, @@ -192,6 +197,8 @@ static void usb_kbd_led(struct urb *urb) unsigned long flags; struct usb_kbd *kbd = urb->context; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + if (urb->status) hid_warn(urb->dev, "led urb status %d received\n", urb->status); @@ -201,7 +208,7 @@ static void usb_kbd_led(struct urb *urb) if (*(kbd->leds) == kbd->newleds){ kbd->led_urb_submitted = false; spin_unlock_irqrestore(&kbd->leds_lock, flags); - return; + goto out; } *(kbd->leds) = kbd->newleds; @@ -212,7 +219,9 @@ static void usb_kbd_led(struct urb *urb) kbd->led_urb_submitted = false; } spin_unlock_irqrestore(&kbd->leds_lock, flags); - + +out: + kcov_remote_stop(); } static int usb_kbd_open(struct input_dev *dev) diff --git a/drivers/hid/usbhid/usbmouse.c b/drivers/hid/usbhid/usbmouse.c index 073127e65ac1..f470ffa8fa87 100644 --- a/drivers/hid/usbhid/usbmouse.c +++ b/drivers/hid/usbhid/usbmouse.c @@ -53,13 +53,15 @@ static void usb_mouse_irq(struct urb *urb) struct input_dev *dev = mouse->dev; int status; + kcov_remote_start_usb((u64)urb->dev->bus->busnum); + switch (urb->status) { case 0: /* success */ break; case -ECONNRESET: /* unlink */ case -ENOENT: case -ESHUTDOWN: - return; + goto out; /* -EPIPE: should clear the halt */ default: /* error */ goto resubmit; @@ -83,6 +85,9 @@ static void usb_mouse_irq(struct urb *urb) "can't resubmit intr, %s-%s/input0, status %d\n", mouse->usbdev->bus->bus_name, mouse->usbdev->devpath, status); + +out: + kcov_remote_stop(); } static int usb_mouse_open(struct input_dev *dev)