Message ID | 20201029173620.2121359-4-aleksandrnogikh@gmail.com (mailing list archive) |
---|---|
State | Not Applicable |
Delegated to: | Johannes Berg |
Headers | show |
Series | net, mac80211, kernel: enable KCOV remote coverage collection for 802.11 frame handling | expand |
On Thu, 2020-10-29 at 17:36 +0000, Aleksandr Nogikh wrote: > From: Aleksandr Nogikh <nogikh@google.com> > > Add KCOV remote annotations to ieee80211_iface_work() and > ieee80211_rx_list(). This will enable coverage-guided fuzzing of > mac80211 code that processes incoming 802.11 frames. I have no idea how we'll get this merged - Jakub, do you want to take the whole series? Or is somebody else responsible for the core kcov part? In any case, Reviewed-by: Johannes Berg <johannes@sipsolutions.net> johannes
On Thu, 29 Oct 2020 at 18:44, Johannes Berg <johannes@sipsolutions.net> wrote: > On Thu, 2020-10-29 at 17:36 +0000, Aleksandr Nogikh wrote: > > From: Aleksandr Nogikh <nogikh@google.com> > > > > Add KCOV remote annotations to ieee80211_iface_work() and > > ieee80211_rx_list(). This will enable coverage-guided fuzzing of > > mac80211 code that processes incoming 802.11 frames. > > I have no idea how we'll get this merged - Jakub, do you want to take > the whole series? Or is somebody else responsible for the core kcov > part? Typically core kcov changes have been going via the -mm tree. Andrey has been making most changes to KCOV recently, so if there are no pending changes that conflict, I don't see it's a problem for this whole series to go through networking. I think the other series that Andrey had been working on has been changed to only touch drivers/usb/, so there should be no conflicts pending. Dmitry, Andrey, is that reasonable? > In any case, > > Reviewed-by: Johannes Berg <johannes@sipsolutions.net> > > johannes >
On Thu, Oct 29, 2020 at 7:00 PM Marco Elver <elver@google.com> wrote: > > On Thu, 29 Oct 2020 at 18:44, Johannes Berg <johannes@sipsolutions.net> wrote: > > On Thu, 2020-10-29 at 17:36 +0000, Aleksandr Nogikh wrote: > > > From: Aleksandr Nogikh <nogikh@google.com> > > > > > > Add KCOV remote annotations to ieee80211_iface_work() and > > > ieee80211_rx_list(). This will enable coverage-guided fuzzing of > > > mac80211 code that processes incoming 802.11 frames. > > > > I have no idea how we'll get this merged - Jakub, do you want to take > > the whole series? Or is somebody else responsible for the core kcov > > part? > > Typically core kcov changes have been going via the -mm tree. > > Andrey has been making most changes to KCOV recently, so if there are > no pending changes that conflict, I don't see it's a problem for this > whole series to go through networking. I think the other series that > Andrey had been working on has been changed to only touch > drivers/usb/, so there should be no conflicts pending. > > Dmitry, Andrey, is that reasonable? Yes, sounds good. FTR, USB kcov changes go through the usb tree.
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 1be775979132..56a1bcea2c1c 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -1356,6 +1356,7 @@ static void ieee80211_iface_work(struct work_struct *work) while ((skb = skb_dequeue(&sdata->skb_queue))) { struct ieee80211_mgmt *mgmt = (void *)skb->data; + kcov_remote_start_common(skb_get_kcov_handle(skb)); if (ieee80211_is_action(mgmt->frame_control) && mgmt->u.action.category == WLAN_CATEGORY_BACK) { int len = skb->len; @@ -1465,6 +1466,7 @@ static void ieee80211_iface_work(struct work_struct *work) } kfree_skb(skb); + kcov_remote_stop(); } /* then other type-dependent work */ diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index 1e2e5a406d58..09d1c9fb8872 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c @@ -4742,6 +4742,8 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta, status->rx_flags = 0; + kcov_remote_start_common(skb_get_kcov_handle(skb)); + /* * Frames with failed FCS/PLCP checksum are not returned, * all other frames are returned without radiotap header @@ -4749,15 +4751,15 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta, * Also, frames with less than 16 bytes are dropped. */ skb = ieee80211_rx_monitor(local, skb, rate); - if (!skb) - return; - - ieee80211_tpt_led_trig_rx(local, - ((struct ieee80211_hdr *)skb->data)->frame_control, - skb->len); + if (skb) { + ieee80211_tpt_led_trig_rx(local, + ((struct ieee80211_hdr *)skb->data)->frame_control, + skb->len); - __ieee80211_rx_handle_packet(hw, pubsta, skb, list); + __ieee80211_rx_handle_packet(hw, pubsta, skb, list); + } + kcov_remote_stop(); return; drop: kfree_skb(skb);