aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHauke Mehrtens <hauke.mehrtens@intel.com>2020-02-12 11:49:01 +0100
committerHauke Mehrtens <hauke@hauke-m.de>2020-02-22 16:34:57 +0100
commit947d2e0a70d4b93eda4b9fe229ad2bf0bfc79251 (patch)
treeb5a2b57bd6b5d688e1c073dd8fb0ba1f93570b85
parent431594a978752a9d43f9bdac1a79dff335ad9ba3 (diff)
downloadupstream-947d2e0a70d4b93eda4b9fe229ad2bf0bfc79251.tar.gz
upstream-947d2e0a70d4b93eda4b9fe229ad2bf0bfc79251.tar.bz2
upstream-947d2e0a70d4b93eda4b9fe229ad2bf0bfc79251.zip
build: Add KCOV kernel code coverage for fuzzing
The adds an option to activate KCOV (Code coverage for fuzzing). Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> Reviewed-by: Alexandru Ardelean <ardeleanalex@gmail.com>
-rw-r--r--config/Config-kernel.in33
1 files changed, 33 insertions, 0 deletions
diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index ed75dd5853..5e677e6afd 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -172,6 +172,39 @@ config KERNEL_KASAN_INLINE
endchoice
+config KERNEL_KCOV
+ bool "Compile the kernel with code coverage for fuzzing"
+ select KERNEL_DEBUG_FS
+ help
+ KCOV exposes kernel code coverage information in a form suitable
+ for coverage-guided fuzzing (randomized testing).
+
+ If RANDOMIZE_BASE is enabled, PC values will not be stable across
+ different machines and across reboots. If you need stable PC values,
+ disable RANDOMIZE_BASE.
+
+ For more details, see Documentation/kcov.txt.
+
+config KERNEL_KCOV_ENABLE_COMPARISONS
+ bool "Enable comparison operands collection by KCOV"
+ depends on KERNEL_KCOV
+ help
+ KCOV also exposes operands of every comparison in the instrumented
+ code along with operand sizes and PCs of the comparison instructions.
+ These operands can be used by fuzzing engines to improve the quality
+ of fuzzing coverage.
+
+config KERNEL_KCOV_INSTRUMENT_ALL
+ bool "Instrument all code by default"
+ depends on KERNEL_KCOV
+ default y if KERNEL_KCOV
+ help
+ If you are doing generic system call fuzzing (like e.g. syzkaller),
+ then you will want to instrument the whole kernel and you should
+ say y here. If you are doing more targeted fuzzing (like e.g.
+ filesystem fuzzing with AFL) then you will want to enable coverage
+ for more specific subsets of files, and should say n here.
+
config KERNEL_TASKSTATS
bool "Compile the kernel with task resource/io statistics and accounting"
default n