From nobody Tue Apr 7 19:55:53 2026 Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 532272F60CC for ; Wed, 11 Mar 2026 21:06:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263211; cv=none; b=kDfukXSA1llrhNcsnGjpoW+bZ9K2Kyv3nr73cftxIhAf/mk2cQH4Lc63V5eact9KbBwIJpQe5o/nM8OfK3YSs0T4TmWQTFlzJXJrqyXFKjRpOclKnf0w2wf6ksiHJWyy4EKomeggje8GVQxu9aJuzDVW/Yt8aFO0LeUer45BHto= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263211; c=relaxed/simple; bh=Rn/uhAEizGU7xZ5aEfF2VvvEfAV/mBrSUtHKuGh1e2Y=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=OIay9aa/NBPPa0uVktShtdwID/wsRFXphu7cEjR1UC8g3NDg+f0aZedESNLK16IpVcl7/9CV/vzphyA9kF0YXQKodX2w86YOlZCF/FS4nVLntAXAWL0r/pCrR34Bn16l5s4VbDcHUffdmnp9Y1SnQP0iGJQwI46DEYXed5hGboU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UpEXIHp0; arc=none smtp.client-ip=209.85.128.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UpEXIHp0" Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-485317b6bd0so9065e9.1 for ; Wed, 11 Mar 2026 14:06:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773263209; x=1773868009; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=Jq184yv6qhyq5he4JEdx2+D4Atx68RIlmhXc/nCq5F8=; b=UpEXIHp0UNk1DU1/bGozN7QSc/NYKqrSqvpaLbTVAVkEJFEVme/CZyENWr2b9DmW5c IW8CkNcBXXfJOOjqstxr60+qYtKMkLhzKtyxSI/up4TgWCiodeZ6f/+ytXpVwd6SFtN3 vJKOwwchTKD2Vf38BQ9HE9UU3ZRz/z43rnYHevdsPj0Zu35m7eBzbcza8ilqu5kRnwux rJiNG7BCittYPtEmKleg+AaN/3iZy4T+cyc8/WyCzdZnhQWmxEOgxswiCrDEd70xxO43 8fcto1V4jaRnlU7I2iU5Qy7vID5KR42esB7r4uKl5rG1oBmwSXVJrKY72vBq687m5aoA EklQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773263209; x=1773868009; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Jq184yv6qhyq5he4JEdx2+D4Atx68RIlmhXc/nCq5F8=; b=Xe7wpnnLEZ4YwGEKY6SQkdNXQFheUROK/NBVph0SmTPlWRYFOJZpitGKiXxor4cSrn K0sDtMsv1aevjKbn+tmTj7iq2lKIWkwfQhlBkPbQxmNADzZwOKt/sG9DQNrqwtujfL72 3azwHUvgc7UC4X8ddu1ygdTQu3S2lSHXJJn9mm5NanhTkZSWwmiiL9GU+RRzj0CDtEOM jjeBT+bid0o+qCrEGIvz31KRoud3iTDQHBJ5KGoTb30WdNxhleZ7NtPd9g4jguaFV8UH QNmq1QiFHkH4x36lFRpAeU65MHa+WCVZWSZDzauu4gqI5iMOgmSG9uO7ly8CvI0wKjHj YXGQ== X-Forwarded-Encrypted: i=1; AJvYcCWewlQa7ed+qTmAKKtoepJ3t3VybbPZVOQJLuOPYQtMdDiFA/YzS7UFhIinHMtb9GO0HYc4RReYlpqi9l0=@vger.kernel.org X-Gm-Message-State: AOJu0Yy6x5OWWeMOVuGdm8b2C3f4glEfumziI91ck6UQT37iwY+EUn2P xGc22wQ/t/kOeeUXf1vPy03L7vCQBMxwwLs1mYcEcTBolEayUKychCvRKyRVRZ1DdQ== X-Gm-Gg: ATEYQzx8EV+WJ35LBlK9K5O7xhjsahcm2yLi9CVLjLg6OWorjxkbR4r9Q9xjxmDFpe6 N1OWY2k1rs5nU2gJggiKIPz1bkHtkbvkGr8TutQOjyK3HJz7FVZ1hH3G+8UEM0TAwiVJO8oBLV9 VW1ELnW887izv1XIxa8hT888Of0wiCUedGdGqXL2pKJ4QEym2sJG1cCj5sw+REg5Hv8N/m/Gh9D rCmhd8q5EdThacNpnSmLFwzfjFXL65lXq1/vUv7n//B8ZSa1jWYf2HRTC7vRf+DvIbXlt1m14x3 2tN4eQj5eI9fNpf3S74H2mER9Kv562VqWSbnK5ew34ara2Cryi9Vv23lMf8VUn9sxvzEeD7M99Y 9Dvj5EL9/ohbV87VrU6jCWtXHAJYo8RW/3zM1pklTLTnyNcaWzoyQoAJj8Cn4DrA9SRjyMOpb8i /SbJg/A1jKT5uEJQ7gZBQYEYibEegp2POT6p75qve8vAKf7DtayHLn2VrJwy709w== X-Received: by 2002:a05:600c:4688:b0:483:1093:f29b with SMTP id 5b1f17b1804b1-4854fa11e50mr229415e9.8.1773263208180; Wed, 11 Mar 2026 14:06:48 -0700 (PDT) Received: from localhost ([2a00:79e0:288a:8:c9d4:528c:7414:ba3a]) by smtp.gmail.com with UTF8SMTPSA id ffacd0b85a97d-439fe219c41sm1949038f8f.29.2026.03.11.14.06.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Mar 2026 14:06:47 -0700 (PDT) From: Jann Horn Date: Wed, 11 Mar 2026 22:06:14 +0100 Subject: [PATCH 1/3] sched: Ensure matching stack state for kcov disable/enable on switch Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260311-kcov-extrecord-v1-1-68f03c4a05ad@google.com> References: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> In-Reply-To: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> To: Dmitry Vyukov , Andrey Konovalov Cc: Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, Jann Horn , Ingo Molnar , Peter Zijlstra X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1773263202; l=1827; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=Rn/uhAEizGU7xZ5aEfF2VvvEfAV/mBrSUtHKuGh1e2Y=; b=nT5u7hSmk+peI4Z70WnnNJltIQzTqQK/FPRXLCAfr/CfAZI5TfWDbVdHNATBPrJE8rscRMwNT pAw0yBbVLkOAnpe1QwRXRzw27rZhNYJFgCMi0/mSGW/bPY0IR7FtcjT X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= Ensure that kcov is disabled and enabled with the same call stack. This will be relied on by subsequent patches for recording function entry/exit records via kcov. This patch should not affect compilation of normal kernels without KCOV (though it changes "inline" to "__always_inline"). To: Ingo Molnar To: Peter Zijlstra Signed-off-by: Jann Horn --- kernel/sched/core.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index b7f77c165a6e..c470f0a669ec 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -5072,8 +5072,10 @@ static inline void kmap_local_sched_in(void) * * prepare_task_switch sets up locking and calls architecture specific * hooks. + * + * Must be inlined for kcov_prepare_switch(). */ -static inline void +static __always_inline void prepare_task_switch(struct rq *rq, struct task_struct *prev, struct task_struct *next) __must_hold(__rq_lockp(rq)) @@ -5149,7 +5151,6 @@ static struct rq *finish_task_switch(struct task_stru= ct *prev) tick_nohz_task_switch(); finish_lock_switch(rq); finish_arch_post_lock_switch(); - kcov_finish_switch(current); /* * kmap_local_sched_out() is invoked with rq::lock held and * interrupts disabled. There is no requirement for that, but the @@ -5295,7 +5296,13 @@ context_switch(struct rq *rq, struct task_struct *pr= ev, switch_to(prev, next, prev); barrier(); =20 - return finish_task_switch(prev); + rq =3D finish_task_switch(prev); + /* + * This has to happen outside finish_task_switch() to ensure that + * entry/exit records are balanced. + */ + kcov_finish_switch(current); + return rq; } =20 /* --=20 2.53.0.473.g4a7958ca14-goog From nobody Tue Apr 7 19:55:53 2026 Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 66D6F2FDC20 for ; Wed, 11 Mar 2026 21:06:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263214; cv=none; b=C8JGY2evJ/0odgSnHAoDLVHtPR5qpp96xMPASAVDTHPjb3MMtGQ0dVgbfOvFazqRotPH9TFORFzi7FfNBFkFvRynxkbePszfGUjS2bjChPWB+gcY2HExW38TOQNddEeIaW2rlTDBaAtwTsQdOgLpiGej+yKQB8kanazPcPxzu3s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263214; c=relaxed/simple; bh=5DsfSgu+FPcywkrKjdBKgz/A0iooKEhY4/hZbp/L+BY=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=kg6PgK0jRweBHfQkGCRyU5aVPcSzkCmv0ywhvYPw5RO98ANmZ+wfk9rmzd/G4+fpbVgpG8tLILEPx0uzxbpRGPz5l0W6vQgg484SCWVUdUCLYSkHrLqt8my/lQoFIomztG/dNRTeXKS/vBlElduwZDrct1o7I7PtCd8DQee1l7Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=k/+2H3pf; arc=none smtp.client-ip=209.85.128.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="k/+2H3pf" Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4852ef20fe8so8155e9.1 for ; Wed, 11 Mar 2026 14:06:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773263211; x=1773868011; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=NzKnYN2/boQ9iOCZJ64ZuiUoSY4TlQ9bsFVP29RzfIo=; b=k/+2H3pfVCT2bXEXNz1bHdFxBqki0CV8LDMcnDz7VGXy4FWOpFnYv9EZeXAJoNhNBK c98nZOmfx7c5Mkf9+beHS2XOCOo5tyXepvwcF0tLCHrL1YTDQ1dgImk/QE/9ZkYZCjtd Da/ihPFOQFmIJsseMpB9MjwhVbY/puyQwW12nEJj2ADn0IqPKNnhxs4gcO0M4ekofoNV v4vSHDqlSBx3AXVPSnYLXpMavm4d/dftN4SkZ7t/XXpMHZL/lKPY+Vy2G9PTQpheUNYv 3xpY/sg08f5ESb5fprWqqMvyY1VQ0fE6L0vjLgaG+zYq/YDMve99ks5f4xp+H5sKu/3i 96zg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773263211; x=1773868011; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NzKnYN2/boQ9iOCZJ64ZuiUoSY4TlQ9bsFVP29RzfIo=; b=lF3mwzBTzSWv/ND2LMSmXRGiDM2RykSetoG23THDJfKaZ6ls+bJjb84D2xXhFzVfN3 oaMoDooNM6jacLBsd2gXDllZrF7qeuP8LlKGRJ/iyhMtCcbrl5oVA7gHRfyVcDAF2fje cIA8Em07P+SXSYQhV5oyo5dv1tsDVzu+UkOTgK7VUO8yb5vDompndR0lD+PtKyrmoC1m ltI5AuEB0BrCibZOX5S3LzqjkcSOI5FbhpKjePLitR02WbROiPOUj1AIDmVFVyc7Ncng 7FXOWOD9ueb59LqjDkPbkv7VWNiDIst7trXqp6A/8tXvjCykx3RtGlRO87wXkvbxyfBN /Wbg== X-Forwarded-Encrypted: i=1; AJvYcCV0+MLzPwuQJ2RPJhLcuw+GoM4QwsiYYmQcpWxG9maHl6OyHNGSJnjMcsL1ViZTpHepXuxPRSVoGHplzbg=@vger.kernel.org X-Gm-Message-State: AOJu0Yx4ThkDN5EdxzCxIqwjYnVOg6nrBl2LyNz5YhMebOBLmc5vn7z4 QJYKeVcRTPLs0s7mXnUn2Mig7fSXmL4lps/F8hTv7dEynHrbr1gpnWoK/SQYx7oSAQ== X-Gm-Gg: ATEYQzxvjl2TYGcURo2hjBA1c/DOYtihRy7h/ar8+RJKIrfCwiYIBTnK37GGq3P0VTX iuv1Kn+xGBHHO7HVzEOfWdsm9pRpPWucqBDwpcjZtCOTBrsDjRTcQ3z9urDFQSjrSIYv93oUKh2 RGR2ECPdghCZ5i/zb1GxHjHDygbeFY2SRbMa7uhk35yKFQpgzg4/VAiHaqdHF8YPjd/kkW3pDa5 rgGuzidXUiAATIaA7xbwy8kTfDpV0GCris0Sbr3aM/g8x//JFPtk+yWYFC4BDDwdW9faA0bvKwz gKO+0ginZC/m6V1/0AC49LpOCSzGJwG6MzBk2P5wfryf0++ebyvxNkdhBsNA/7obpYKoZmJmOIi KJhtp3J+pe4Wq9Hp+324rRxx+Gyi35WJEY+WUKc0ROaK7Lr87KUEwXm+tL4a1ycW9LSZ6c/FmOb ewNQDLsZvW8YFG11Pmg5ySwhEjtEOcJStQFZOvU7sE83AKTcq6Kz0= X-Received: by 2002:a05:600c:1c09:b0:477:255c:bea8 with SMTP id 5b1f17b1804b1-48552297bdcmr92595e9.7.1773263210284; Wed, 11 Mar 2026 14:06:50 -0700 (PDT) Received: from localhost ([2a00:79e0:288a:8:c9d4:528c:7414:ba3a]) by smtp.gmail.com with UTF8SMTPSA id 5b1f17b1804b1-4854b0fa98bsm30652335e9.30.2026.03.11.14.06.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Mar 2026 14:06:49 -0700 (PDT) From: Jann Horn Date: Wed, 11 Mar 2026 22:06:15 +0100 Subject: [PATCH 2/3] kcov: wire up compiler instrumentation for CONFIG_KCOV_EXT_RECORDS Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260311-kcov-extrecord-v1-2-68f03c4a05ad@google.com> References: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> In-Reply-To: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> To: Dmitry Vyukov , Andrey Konovalov Cc: Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, Jann Horn , Josh Poimboeuf , Peter Zijlstra X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1773263202; l=5297; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=5DsfSgu+FPcywkrKjdBKgz/A0iooKEhY4/hZbp/L+BY=; b=K6AVC8ItMBgT1JQDBXviHQZ3H70ou6Q4xycc4VLgngTNhupShXHtef90BIuy7Ymek+6rnFAi2 Y8bz3jas2jaCNDe7ONh2j6QP+E+fmvnj8kVvHN07gOFdeKaDUCFWjcu X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= This is the first half of CONFIG_KCOV_EXT_RECORDS. Set the appropriate compiler flags to call separate hooks for function entry/exit, and provide these hooks, but don't make it visible in the KCOV UAPI yet. With -fsanitize-coverage=3Dtrace-pc-entry-exit, the compiler behavior chang= es as follows: - The __sanitizer_cov_trace_pc() call on function entry is replaced with a call to __sanitizer_cov_trace_pc_entry(); so for now, __sanitizer_cov_trace_pc_entry() must be treated the same way as __sanitizer_cov_trace_pc(). - On function exit, an extra call to __sanitizer_cov_trace_pc_exit() happens; since function exit produced no coverage in the old UAPI, __sanitizer_cov_trace_pc_exit() should do nothing for now. Cc: Josh Poimboeuf Cc: Peter Zijlstra Signed-off-by: Jann Horn Reviewed-by: Dmitry Vyukov --- include/linux/kcov.h | 2 ++ kernel/kcov.c | 30 +++++++++++++++++++++++------- lib/Kconfig.debug | 14 ++++++++++++++ scripts/Makefile.kcov | 2 ++ tools/objtool/check.c | 2 ++ 5 files changed, 43 insertions(+), 7 deletions(-) diff --git a/include/linux/kcov.h b/include/linux/kcov.h index 0143358874b0..e5502d674029 100644 --- a/include/linux/kcov.h +++ b/include/linux/kcov.h @@ -81,6 +81,8 @@ typedef unsigned long long kcov_u64; #endif =20 void __sanitizer_cov_trace_pc(void); +void __sanitizer_cov_trace_pc_entry(void); +void __sanitizer_cov_trace_pc_exit(void); void __sanitizer_cov_trace_cmp1(u8 arg1, u8 arg2); void __sanitizer_cov_trace_cmp2(u16 arg1, u16 arg2); void __sanitizer_cov_trace_cmp4(u32 arg1, u32 arg2); diff --git a/kernel/kcov.c b/kernel/kcov.c index 0b369e88c7c9..2cc48b65384b 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -202,15 +202,10 @@ static notrace unsigned long canonicalize_ip(unsigned= long ip) return ip; } =20 -/* - * Entry point from instrumented code. - * This is called once per basic-block/edge. - */ -void notrace __sanitizer_cov_trace_pc(void) +static void notrace kcov_add_pc_record(unsigned long record) { struct task_struct *t; unsigned long *area; - unsigned long ip =3D canonicalize_ip(_RET_IP_); unsigned long pos; =20 t =3D current; @@ -230,11 +225,32 @@ void notrace __sanitizer_cov_trace_pc(void) */ WRITE_ONCE(area[0], pos); barrier(); - area[pos] =3D ip; + area[pos] =3D record; } } + +/* + * Entry point from instrumented code. + * This is called once per basic-block/edge. + */ +void notrace __sanitizer_cov_trace_pc(void) +{ + kcov_add_pc_record(canonicalize_ip(_RET_IP_)); +} EXPORT_SYMBOL(__sanitizer_cov_trace_pc); =20 +#ifdef CONFIG_KCOV_EXT_RECORDS +void notrace __sanitizer_cov_trace_pc_entry(void) +{ + unsigned long record =3D canonicalize_ip(_RET_IP_); + + kcov_add_pc_record(record); +} +void notrace __sanitizer_cov_trace_pc_exit(void) +{ +} +#endif + #ifdef CONFIG_KCOV_ENABLE_COMPARISONS static void notrace write_comp_data(u64 type, u64 arg1, u64 arg2, u64 ip) { diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 93f356d2b3d9..dddc330ad3ca 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2215,6 +2215,20 @@ config KCOV =20 For more details, see Documentation/dev-tools/kcov.rst. =20 +config KCOV_EXT_RECORDS + bool "Support extended KCOV records with function entry/exit records" + depends on KCOV + depends on 64BIT + # TODO: check CLANG_VERSION instead once this has landed in an LLVM + # release + depends on $(cc-option,-fsanitize-coverage=3Dtrace-pc-entry-exit) + help + Extended KCOV records allow distinguishing between multiple types of + records: Normal edge coverage, function entry, and function exit. + + This will likely cause a small additional slowdown compared to normal + KCOV. + config KCOV_ENABLE_COMPARISONS bool "Enable comparison operands collection by KCOV" depends on KCOV diff --git a/scripts/Makefile.kcov b/scripts/Makefile.kcov index 78305a84ba9d..aa0be904268f 100644 --- a/scripts/Makefile.kcov +++ b/scripts/Makefile.kcov @@ -1,10 +1,12 @@ # SPDX-License-Identifier: GPL-2.0-only kcov-flags-y +=3D -fsanitize-coverage=3Dtrace-pc +kcov-flags-$(CONFIG_KCOV_EXT_RECORDS) +=3D -fsanitize-coverage=3Dtrace-pc= -entry-exit kcov-flags-$(CONFIG_KCOV_ENABLE_COMPARISONS) +=3D -fsanitize-coverage=3Dtr= ace-cmp =20 kcov-rflags-y +=3D -Cpasses=3Dsancov-module kcov-rflags-y +=3D -Cllvm-args=3D-sanitizer-coverage-level=3D3 kcov-rflags-y +=3D -Cllvm-args=3D-sanitizer-coverage-trace-pc +kcov-rflags-$(CONFIG_KCOV_EXT_RECORDS) +=3D -Cllvm-args=3D-sanitizer-cove= rage-trace-pc-entry-exit kcov-rflags-$(CONFIG_KCOV_ENABLE_COMPARISONS) +=3D -Cllvm-args=3D-sanitize= r-coverage-trace-compares =20 export CFLAGS_KCOV :=3D $(kcov-flags-y) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index a30379e4ff97..ae3127227621 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -1251,6 +1251,8 @@ static const char *uaccess_safe_builtin[] =3D { "write_comp_data", "check_kcov_mode", "__sanitizer_cov_trace_pc", + "__sanitizer_cov_trace_pc_entry", + "__sanitizer_cov_trace_pc_exit", "__sanitizer_cov_trace_const_cmp1", "__sanitizer_cov_trace_const_cmp2", "__sanitizer_cov_trace_const_cmp4", --=20 2.53.0.473.g4a7958ca14-goog From nobody Tue Apr 7 19:55:53 2026 Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1F73635DA46 for ; Wed, 11 Mar 2026 21:06:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.43 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263215; cv=none; b=tHVItHM2w0Ge1ddOlkO6HBNLGNHa+Qb9e3kQp18CP4gnHs/bx2ZeMxNgk5Qwwd9k8y8mR8MeIRJIAyat/wISYEZbiZ7pp4vke+JgPb4S1rfBN9Mi9wThOqP6qaAuvuV9/S9Eq2LkIvLTVvIzFRDCyUX0aX/ROa1QAMUAFBmSR0E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773263215; c=relaxed/simple; bh=gl1kEdDECICBLTyyKuOyRBl/9O6Rh/+H5tSpq5Vi8UM=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=t++0ioEQ35+Ll0b1Ki57HB8wfoQ5EvaqLNfR+CpMJcCKz0dFFZl0qpktFeyp11KRiJcEkhVqITbjhDSoNTV0GzAtGJNxo6vaW+C2ay/8RTeGkxKHdzwqEJkOXBPTZGMdRP9Y7pPrUeAenmL7EvQCEL71ej+FsTNg0BkZCx8cowE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=liWzBpPe; arc=none smtp.client-ip=209.85.128.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="liWzBpPe" Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-485344bbf1fso21285e9.0 for ; Wed, 11 Mar 2026 14:06:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773263212; x=1773868012; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=jjaMhHW49Qnvje+/av4ZyUIAC9q72eON3wvAJYxVTt0=; b=liWzBpPeAqat4nH5ZzkYTAneIa5ruq9QpkSiuCteCHLM3Oq/Z2wkMDUJ9ytYfIwqN8 76nAWGs3cfe001rw8HSDsbIIMTFE08oQkgNB0/axF7EJMoMUqyTUfhFBCRjQKKmBg2JI BHPoUP+T3mT7524Q4XUCJbbUAMw7qNROZRZyoKOr+/qMw8+BiJ66DGUC2Ad1VQPYEMQJ 7TIMuNoxmTJIpGClREemKMwvh/f/vzb3uioWmNkDPEJ7U76a63cMMPuSIlgYAdsfYzcc x9x+4dxN/QYc6uKhiNJxf3MOuYZtLwCCXtGxbgFnR5ZKHP9KJJBKShTxqPRJr1Y/EmpY bYQQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773263212; x=1773868012; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=jjaMhHW49Qnvje+/av4ZyUIAC9q72eON3wvAJYxVTt0=; b=q9uhYCpu2CQqBRFfYsHI9gk8W/sZBS8AO9uGo4SBvVn6jkDKxk/5BPS5CdRvY4SheO Ns44XLbTn2KAj4XFnfkKf13lczqUrAXAUbEC4AvTYAXfwRlTIF5pI0fNqIF1pOHsMFLv JuatMkadovnOL9oqYPJ8nStqZ7rcG93GEuiQzVBUq2FP5F49/ki6HUEu0R7D8wXSoMtP eERQkLIiaxqC94jsLz7mgkgLycTnGL3VuPpGVUZfkomXHEFOX4kOOJOtrJNqL8KCToFy WirHJAU8fxHlbo/ynW9o4zsvU7jnCbd2TikpzGt12eRvY6LHCYKUBlp5cGHTKzRwl2R1 WuvQ== X-Forwarded-Encrypted: i=1; AJvYcCWJ3x6hJxqrOM8F+DwyxUbVWsVcgMs4GP/P+ZBstg1PXyMGe8eBJqt0jSi0vjWvYMhQ91Jw+TPAwZBio5M=@vger.kernel.org X-Gm-Message-State: AOJu0YxHh8hB4CuQ2RF9naPnuQnbaTMiSmrkRCqeya9Z/TRVWfO0y6IY BGVputoWmVLkDvxsN0mUcQ8G5RRg/M3AuU+C/HeM9cPIGNo81WDLqXTxnkTV1Bzb9w== X-Gm-Gg: ATEYQzyzHPToMWBz3HeE5istCicntSmgq0oDuJeQ0p926/1IVQ0ZlnK9w4UbE0hGpQP ysCFDYqdDGKpRRcohaan7x+w8xDAeOzIXqs8mnC8b8rIRjF04q5USukAjRkzCyLvMFZrQju+0XS oydPhoTLac4AsPXg9VmkGeToGi5Su+1Za3v9jaaznlZDVF3JIK4f9s349Or9kd87C3Iu2w8pxv+ oS38TUsNao0YG+yrtsMt9Dh8GY8zb1HgCSjGQbY84uYm5xeEObKDVINZij6Mn3GoNMbbYYmba72 dhj8QVioGrMFI+t2BbxZGl5qwMUiFze6k8L3ik9PcUBc/0JtlAJxapt6GCapWIsQSIQENFHd5Z1 85BEPVpWbhYwu/K+DPafzkW1/xoekpMgbMiFl5RKJ37J0r5+AU6EdvC7Rp+0n/AE8xAAfz+t4Sw /vJR4/oURwn1YkXShD9fQnJC2T5rsewNqCNGg0/tH6B5cou+GoO1uXCT0Sa6l0RA== X-Received: by 2002:a05:600c:c285:b0:477:86fd:fb47 with SMTP id 5b1f17b1804b1-4854fa1a473mr146295e9.8.1773263211980; Wed, 11 Mar 2026 14:06:51 -0700 (PDT) Received: from localhost ([2a00:79e0:288a:8:c9d4:528c:7414:ba3a]) by smtp.gmail.com with UTF8SMTPSA id 5b1f17b1804b1-4854b0b906esm39112635e9.4.2026.03.11.14.06.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Mar 2026 14:06:51 -0700 (PDT) From: Jann Horn Date: Wed, 11 Mar 2026 22:06:16 +0100 Subject: [PATCH 3/3] kcov: introduce extended PC coverage collection mode Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260311-kcov-extrecord-v1-3-68f03c4a05ad@google.com> References: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> In-Reply-To: <20260311-kcov-extrecord-v1-0-68f03c4a05ad@google.com> To: Dmitry Vyukov , Andrey Konovalov Cc: Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, Jann Horn X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=ed25519-sha256; t=1773263202; l=7510; i=jannh@google.com; s=20240730; h=from:subject:message-id; bh=gl1kEdDECICBLTyyKuOyRBl/9O6Rh/+H5tSpq5Vi8UM=; b=e/rnv3+0v+r78iIlsq75/4nso6BkrQk3V2nDG/iHUsVN7+gvM3C9zbVYQ5KwhdojDxQjkjCZ7 dQQGF6fxaiPBk56ppaUuFfJ3FRVFPNtBItKr6lDOZo9uaR561Iq3UG/ X-Developer-Key: i=jannh@google.com; a=ed25519; pk=AljNtGOzXeF6khBXDJVVvwSEkVDGnnZZYqfWhP1V+C8= This is the second half of CONFIG_KCOV_EXT_RECORDS. Introduce a new KCOV mode KCOV_TRACE_PC_EXT which replaces the upper 8 bits of recorded instruction pointers with metadata. For now, userspace can use this metadata to distinguish three types of records: - function entry - function exit - normal basic block inside the function Signed-off-by: Jann Horn --- include/linux/sched.h | 6 ++++-- include/uapi/linux/kcov.h | 12 ++++++++++++ kernel/kcov.c | 46 +++++++++++++++++++++++++++++++++++++++++--= --- 3 files changed, 57 insertions(+), 7 deletions(-) diff --git a/include/linux/sched.h b/include/linux/sched.h index a7b4a980eb2f..9a297d2d2abc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1519,8 +1519,10 @@ struct task_struct { int kcov_sequence; =20 /* Collect coverage from softirq context: */ - unsigned int kcov_softirq; -#endif + unsigned int kcov_softirq : 1; + /* Emit KCOV records in extended format: */ + unsigned int kcov_ext_format : 1; +#endif /* CONFIG_KCOV */ =20 #ifdef CONFIG_MEMCG_V1 struct mem_cgroup *memcg_in_oom; diff --git a/include/uapi/linux/kcov.h b/include/uapi/linux/kcov.h index ed95dba9fa37..8d8a233bd61f 100644 --- a/include/uapi/linux/kcov.h +++ b/include/uapi/linux/kcov.h @@ -35,8 +35,20 @@ enum { KCOV_TRACE_PC =3D 0, /* Collecting comparison operands mode. */ KCOV_TRACE_CMP =3D 1, + /* + * Extended PC coverage collection mode. + * In this mode, the top byte of the PC is replaced with flag bits + * (KCOV_RECORDFLAG_*). + */ + KCOV_TRACE_PC_EXT =3D 2, }; =20 +#define KCOV_RECORD_IP_MASK 0x00ffffffffffffff +#define KCOV_RECORDFLAG_TYPEMASK 0xf000000000000000 +#define KCOV_RECORDFLAG_TYPE_NORMAL 0xf000000000000000 +#define KCOV_RECORDFLAG_TYPE_ENTRY 0x0000000000000000 +#define KCOV_RECORDFLAG_TYPE_EXIT 0x1000000000000000 + /* * The format for the types of collected comparisons. * diff --git a/kernel/kcov.c b/kernel/kcov.c index 2cc48b65384b..3482044a7bd5 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -71,6 +71,8 @@ struct kcov { * kcov_remote_stop(), see the comment there. */ int sequence; + /* Whether emitted records should have type bits. */ + unsigned int kcov_ext_format : 1 __guarded_by(&lock); }; =20 struct kcov_remote_area { @@ -97,6 +99,7 @@ struct kcov_percpu_data { void *saved_area; struct kcov *saved_kcov; int saved_sequence; + unsigned int saved_kcov_ext_format : 1; }; =20 static DEFINE_PER_CPU(struct kcov_percpu_data, kcov_percpu_data) =3D { @@ -235,6 +238,12 @@ static void notrace kcov_add_pc_record(unsigned long r= ecord) */ void notrace __sanitizer_cov_trace_pc(void) { + /* + * No bitops are needed here for setting the record type because + * KCOV_RECORDFLAG_TYPE_NORMAL has the high bits set. + * This relies on userspace not caring about the rest of the top byte + * for KCOV_RECORDFLAG_TYPE_NORMAL records. + */ kcov_add_pc_record(canonicalize_ip(_RET_IP_)); } EXPORT_SYMBOL(__sanitizer_cov_trace_pc); @@ -244,10 +253,26 @@ void notrace __sanitizer_cov_trace_pc_entry(void) { unsigned long record =3D canonicalize_ip(_RET_IP_); =20 + /* + * This hook replaces __sanitizer_cov_trace_pc() for the function entry + * basic block; it should still emit a record even in classic kcov mode. + */ + if (current->kcov_ext_format) + record =3D (record & KCOV_RECORD_IP_MASK) | KCOV_RECORDFLAG_TYPE_ENTRY; kcov_add_pc_record(record); } void notrace __sanitizer_cov_trace_pc_exit(void) { + unsigned long record; + + /* + * Unlike __sanitizer_cov_trace_pc_entry(), this PC should only be + * reported in extended mode. + */ + if (!current->kcov_ext_format) + return; + record =3D (canonicalize_ip(_RET_IP_) & KCOV_RECORD_IP_MASK) | KCOV_RECOR= DFLAG_TYPE_EXIT; + kcov_add_pc_record(record); } #endif =20 @@ -371,7 +396,7 @@ EXPORT_SYMBOL(__sanitizer_cov_trace_switch); =20 static void kcov_start(struct task_struct *t, struct kcov *kcov, unsigned int size, void *area, enum kcov_mode mode, - int sequence) + int sequence, unsigned int kcov_ext_format) { kcov_debug("t =3D %px, size =3D %u, area =3D %px\n", t, size, area); t->kcov =3D kcov; @@ -379,6 +404,7 @@ static void kcov_start(struct task_struct *t, struct kc= ov *kcov, t->kcov_size =3D size; t->kcov_area =3D area; t->kcov_sequence =3D sequence; + t->kcov_ext_format =3D kcov_ext_format; /* See comment in check_kcov_mode(). */ barrier(); WRITE_ONCE(t->kcov_mode, mode); @@ -398,6 +424,7 @@ static void kcov_task_reset(struct task_struct *t) kcov_stop(t); t->kcov_sequence =3D 0; t->kcov_handle =3D 0; + t->kcov_ext_format =3D 0; } =20 void kcov_task_init(struct task_struct *t) @@ -570,6 +597,8 @@ static int kcov_get_mode(unsigned long arg) #else return -ENOTSUPP; #endif + else if (arg =3D=3D KCOV_TRACE_PC_EXT) + return IS_ENABLED(CONFIG_KCOV_EXT_RECORDS) ? KCOV_MODE_TRACE_PC : -ENOTS= UPP; else return -EINVAL; } @@ -636,8 +665,9 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigne= d int cmd, return mode; kcov_fault_in_area(kcov); kcov->mode =3D mode; + kcov->kcov_ext_format =3D (arg =3D=3D KCOV_TRACE_PC_EXT); kcov_start(t, kcov, kcov->size, kcov->area, kcov->mode, - kcov->sequence); + kcov->sequence, kcov->kcov_ext_format); kcov->t =3D t; /* Put either in kcov_task_exit() or in KCOV_DISABLE. */ kcov_get(kcov); @@ -668,7 +698,8 @@ static int kcov_ioctl_locked(struct kcov *kcov, unsigne= d int cmd, return -EINVAL; kcov->mode =3D mode; t->kcov =3D kcov; - t->kcov_mode =3D KCOV_MODE_REMOTE; + t->kcov_mode =3D KCOV_MODE_REMOTE; + kcov->kcov_ext_format =3D (remote_arg->trace_mode =3D=3D KCOV_TRACE_PC_E= XT); kcov->t =3D t; kcov->remote =3D true; kcov->remote_size =3D remote_arg->area_size; @@ -853,6 +884,7 @@ static void kcov_remote_softirq_start(struct task_struc= t *t) data->saved_area =3D t->kcov_area; data->saved_sequence =3D t->kcov_sequence; data->saved_kcov =3D t->kcov; + data->saved_kcov_ext_format =3D t->kcov_ext_format; kcov_stop(t); } } @@ -865,12 +897,14 @@ static void kcov_remote_softirq_stop(struct task_stru= ct *t) if (data->saved_kcov) { kcov_start(t, data->saved_kcov, data->saved_size, data->saved_area, data->saved_mode, - data->saved_sequence); + data->saved_sequence, + data->saved_kcov_ext_format); data->saved_mode =3D 0; data->saved_size =3D 0; data->saved_area =3D NULL; data->saved_sequence =3D 0; data->saved_kcov =3D NULL; + data->saved_kcov_ext_format =3D 0; } } =20 @@ -884,6 +918,7 @@ void kcov_remote_start(u64 handle) unsigned int size; int sequence; unsigned long flags; + unsigned int kcov_ext_format; =20 if (WARN_ON(!kcov_check_handle(handle, true, true, true))) return; @@ -930,6 +965,7 @@ void kcov_remote_start(u64 handle) * acquired _after_ kcov->lock elsewhere. */ mode =3D context_unsafe(kcov->mode); + kcov_ext_format =3D context_unsafe(kcov->kcov_ext_format); sequence =3D kcov->sequence; if (in_task()) { size =3D kcov->remote_size; @@ -958,7 +994,7 @@ void kcov_remote_start(u64 handle) kcov_remote_softirq_start(t); t->kcov_softirq =3D 1; } - kcov_start(t, kcov, size, area, mode, sequence); + kcov_start(t, kcov, size, area, mode, sequence, kcov_ext_format); =20 local_unlock_irqrestore(&kcov_percpu_data.lock, flags); =20 --=20 2.53.0.473.g4a7958ca14-goog