From nobody Mon Jun 8 08:30:47 2026 Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazon11011003.outbound.protection.outlook.com [40.107.130.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36ACF3E2756; Wed, 3 Jun 2026 17:43:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.130.3 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508631; cv=fail; b=K9CCPFcygoRXx1QzGQnyiT3aEiTRbuizfB/Q5dIEvV/T1WKV18xKnoLWDEHSmVGpWjnNorwnPgUzW9lEXUaqTARRtt+LnMJiKen7GvmawkFMf8VI32WX9AO/VRAw2qE0FpaZBY3erh3ezmtn6McRb6/tfgY9wWiaoT83/gBh8SU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508631; c=relaxed/simple; bh=jnlv9+N8aPMj7C7Ic/VjPezCllbBd0x72BlUlp0oOig=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=mYyx/a+DR5GKvS+9m2d+/RN118YxIJ8A14QoSHJWJKSRN2Zw7pRQxGqkA1LK3rYTDXAy8auHp1AsP+83ILVoKtQkmckeAd3nZs8dRK3/knRl44ge6FY3WNZIUDUZHkuZG/bwzx8HC5rKujaL3MLghAFPXYBACUXl+Ty7O0vqJyw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=DUWAmEzz; arc=fail smtp.client-ip=40.107.130.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="DUWAmEzz" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=C5pal65YgecFiRWOOXy9qqC+lPIp+HHPdig0jqlv+783obaL16CLAZGHnhb+oE6JCqy8KRnWBUIL4kaCi9LQR3PSHXiqbPQtZdsaxcMmlBpZ5JT3IyHm2TAoilLjmQtY5zIjNdBpq7NaoQqUAoRNTfft3cMzD6wPZwCAevaTOilhSUoESxPIdWDrEb4i6K8g3cR0XGndYwBpGN6597Sf0vCOKoi6YCtgOdSROowoW3Hrq3XijVkvGiKjq2JYVrsfFTLxfW8XdqnZ57TU24FLgD7QK2+qyO2ljddAaqC8WFS0/eCoxD5IyrL4YkzOdzYC2BcLDoKgTKn8wt4ZmifmNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rryPoMmjtSeV1PWkE072O4wQvVTYtimIeSrGkK8+TLE=; b=espK+Hygz6k40VY+PB9yvb/TvBzfFiGZrzmnTCSCxrFcvgaX1dmY7VXBiw3SC8s9FvWAzJWZKhgrkqm6BtH5O42hH7xa8YpwU/lKTJBclbSI5Gba3d+5iBlJ2tg/5d9hxKdLu0gbhCY2GwIWDGVBg760tTbd6jhKxKMIirL8PlTYbOXc0RCUowQ7MR0ZKYh4FeKBKfmZBQkzfKuq7X7+NjtKdAiJeCsMRoXiVdofgtOoxz23CD3t8fyw7kOLMw7XHv1/whB/HoqymSJW9j0yw3/uGnB+pDEid2GeL+HKUeSmO99ASafZOJTKVqx5+hpsJgw9c5b3Q0neRuCpI9P5+w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rryPoMmjtSeV1PWkE072O4wQvVTYtimIeSrGkK8+TLE=; b=DUWAmEzzgvMJ6aI/i2HqbEheNf5gaynJje8n6/a4V2XposZHsmOOHJhiWmcgCwNSzeChQQfGSsaVsdsW2MNbWz6QMrQA2fiWhwmqmpmFzUsI6FgBc1Eqv8zjLXXyz/GmkAltSQW8AomFZrlY1O3B+yDRVCwZi+nydD6vk5HUrJoGrrg43jpSgA3itHblgT90nSuRnQnbHCU7sEiE4sVuCoW71r7zTqProbXR245HSHCOHIq2EUI5YoPGqNq3T4GwzopBqkL6u/sEaLxjm3Y4jJJbWhu8HTkE9avgmcxu783CE6uACMBb2IInxyV8LHovvahcd5845HAgfu/DGR2TeQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0929.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:17d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:46 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:46 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:28 +0200 Subject: [RFC PATCH v2 1/6] kcov: add per-task dataflow tracking for function arguments/return values Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-1-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=12529; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=jnlv9+N8aPMj7C7Ic/VjPezCllbBd0x72BlUlp0oOig=; b=F89hT1xNZgqviKpqwwcQYMuNYZHP3nxcRJaAeY/Kht1QJasEYuPb5AzirkF4FCVn4VAZ64Ieg t8xuGyONezJBFHBnv4RYQH2N0C27XvutuCmBM17d+azFTN9I9NlaaVL X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: DB8P191CA0027.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::37) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0929:EE_ X-MS-Office365-Filtering-Correlation-Id: 0381af3a-769a-483f-b513-08dec197a90b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|366016|1800799024|921020|18002099003|22082099003|56012099006|11063799006|3023799007; X-Microsoft-Antispam-Message-Info: L30Y8vJ9U7W3oMjivMj4TeeRXipPqh1Kh2zRidRDvFq+Cpe9BIulKha2P/Y7UDfWX3hQ7RIZUEcnIFJvCBa8qR78HPLYYKWOy7yNNp4XmhA2tS3Uub+8uNBGag6ILiY8Ys3hfCcsjLHbA/js2dcXYFwmi8J8MoYMPZoYWIKoeu3GhO3yOhMFXG5Q7BfjV1VWFBdWif7sOih/+WFYkBZNiPY+v25XSGvQTCNkdO18F5e+jeXa8FLT/47/HdotlnrK2lVpFPTPXCe6OIU7e1sILw1JqP9CKzsEnJuSdLLUCpdi9ADvw2SN/W3pvxfj8NXTTkflMxnP3zcdKvCFfLmiFdmsRsYOKhFZyMZ7T+2hCv/wr8e0o+rGuSit10n7Qq6HIhEtlyIsn72InIuIGFCe/k/ZdcMnS7fnpvhLSRC0lTK72DlD93jSLAa/z/2DCZM7sG/uzNHQssQgJ0iC7yYT4rsjuUsMFdFKY2lHRykNKAdGyrxQGxAZCxQit91H1AUxHI1+lyErkyxbiwtju2UZ2mk72dblEgkkC1EqMg62KpJlbmdGOBL3vWnyfqXiQWixT7H8CS09jpKp8dMLB7ld5BK81/1gXSmeAGmIHCDsl2oO9amS4w55nIT8svuILEqJinX48OZXvUxWD/p9eq/s76TYtoSfa1Neepax6ImXQ5eJZ3qW8XvayY/LYDTgC7OkXYAaK54iwYC9LJ1vKTkI0gY4S+auATbHbVjcMRoSkTA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(366016)(1800799024)(921020)(18002099003)(22082099003)(56012099006)(11063799006)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?VW5IQUpUc1NMbXNUZGovemlUdiswVG8yRTd6MVFtM0JKU29mRHp5Y29GeWNt?= =?utf-8?B?VWEzQXlCTFNIL3FCMXlMd3prNVBUS0lDQ2ZCVW41clRmTEgxTlU0ZGp1UUl4?= =?utf-8?B?cThheEU3clh0N205SmVPdTRKZkU4NmVyRFE1Y0ZJVm53VlZ3K2RtUUtjZHd1?= =?utf-8?B?L2h5WWgzN2lRR0l0Znoyd1cxK1Z5VFAxMUdjeFhtS2tiS2trVi9KWllRWEpY?= =?utf-8?B?WlNWSC84RTg3NnZGMVNCQXB4c0h1ZHVyU2Nod3F0bjE5eURJdzRZeFFwZlJ3?= =?utf-8?B?eVRENTBQWVZBdVV0cXIvRVlZSEdSMjExUzBhYVB5eVBrZ3Z5cU9VVE1TQ2U2?= =?utf-8?B?d3RxMC8wVmU0TjZROFBoZU1LVTRPRnpocldBNEpXQzNMOSs1a0VMdXhEREs1?= =?utf-8?B?amE3dHgwWVVaZUlxUURjVm90aDVJTHd6dlZDdUIyY09uVHdPTks5NlpmMTVu?= =?utf-8?B?cDRqVm91UXJGa3dSRUJrZ1FNYUE2UFFqOGVoMmIybG5lckluNkp3OG5hajdp?= =?utf-8?B?MCtIdkVmUjA3TWFRTExkRWhtYmxnM0VhRmk1Z1JUNkxZYkdZbml3RjdHTHVE?= =?utf-8?B?N3Q5RnYxNnNmUnR1N29ML2VGU1RDTlV1UVV6dnkzVHE4MndzK1ZKMnRvaVhC?= =?utf-8?B?Yk9rdU5JWUF6NWsrRVdhTExWZ0MxZG5STk5CYUY5b0lNK2llWi9mVkwyT2Z6?= =?utf-8?B?NkFMNGxoRXJHbThrZjRTUE1INFErMllrbUFBRTlnTE5Db1V0WGppZ2JTdm1y?= =?utf-8?B?cGNKTW5CZWNnYVdUOVp3NDJ4ZkRNVDd2V1VOTS9uUDl4UlYrbkljdWx0L1FG?= =?utf-8?B?UEthMUd1cEtXMGZJT3IyWHVsakdabWNQZ04vbnpCM3E1OWhCbGdqelE3eXFO?= =?utf-8?B?T2pjSlArNHNZNzRxWXVMUE1xNVlrZUhWR3I5U1NKTzlodmYrazJ0cjVLalBL?= =?utf-8?B?TCs0ZjZrR2FEbUNOZnFpL01MYzdmMll0RHlNWGFCOFBaR1pMV1hwK25BTmlL?= =?utf-8?B?aDh3S3l4M0d1RG9ZUmM0a0FSMDFWaW1iTUZqZkp0VU9rS0QzZlkrUUZiTWZr?= =?utf-8?B?QXRUUVFkMUlMd1U2NEExcGJLSmMrTndlbTlXRzJMQ25BVlUyV2FwME1DZ2Rl?= =?utf-8?B?SERSbnlRbUZoT21jRmVnUUpFaGNOS3QxL041N0t3cWVVeHk5eC9CaWRtS0RM?= =?utf-8?B?L3FHV2Nia3U3YVpjeEQ5NGtmQzFQaDFvNFBzeUxFQlEra25ocGtob1RPTE5K?= =?utf-8?B?QnR4aTk3S05DLzhSOGc4Smh4UTF2d24xY3BMUDk2dGg2SjlyaGczQ2xuWDY3?= =?utf-8?B?eStmdTVKTXhMckwwOE05dnQxeGFkN3hZbEpaR2svN0haZW5nNHZlaTl3Wlo3?= =?utf-8?B?NlByNWY3RDVSak12eTZnanZLY2twM0NSekVIZmpXT1Iya2NPbldiY3YwK1oz?= =?utf-8?B?QzJTSEZaV2ZRL2hyczR5SDJSYk5RRk8xaVM4MGNtdFNEU1hJOVdYK0ZtcE9Q?= =?utf-8?B?MTc0K0hXZGl3alRUNUIwUlgvVFN1VlBtWHJtWkMyU1M1b0w3S3dhOXJnRUpx?= =?utf-8?B?REwyRnFnV3NFK1I4OUhnbzEvMXF1YXB4aTJqTk5QK0IrUDEwcjFSckUrSnlB?= =?utf-8?B?dks5N0xCMDRHaVJKeW5vMmJyd2VRSWlsZ2poRzYxdVNQVUVKNjRIVThqa05u?= =?utf-8?B?d1BBSUc2RUpVUlFNeTUwcjV3T2ZROFl4Ty9ubE1DWm9xc1haL0lybnFHKzRB?= =?utf-8?B?Zkxua01wbVk5anloWmxVQXVIMHpZeDBCTUVHdjdSZnJQbHZ3NHZ3WWFJWDcv?= =?utf-8?B?K1FmVGtCUVJQZThTNkd5akRwc0hpcUc0YVVmUkh0R20rOGhWM1pLdGwvOCtZ?= =?utf-8?B?NzNaS3RNYVFOYmgwM0NpRjlYc0gvcngxeU1IZ21zZXRWcmVIcHh4WkRDRnhQ?= =?utf-8?B?V0xjNGJjZXBJMml0K01Ub0V6cUZSWVo0c2JaSXQ3bzN3V3Z2K3ZSMlc2VVVv?= =?utf-8?B?a0xHWHR6ZzBkbVl2ZFRJdXBxZStwMXdTNWhsYTdWUFJwMjJjd3RHZkV6bU5D?= =?utf-8?B?dXRDaStJLzlDRiszQndUNFdBWE5rcE1RQUJsbHZYM1VpWUoybjR0R0ZtV2NT?= =?utf-8?B?Y25MM0JNbHhlem55cXlkdU1uYlRxZGIrTS9tejYrS1dhVStKQ241SHRaTTdQ?= =?utf-8?B?YjNsQmdDVGRlcFp2WnVZYVBVVDBzQzlaTW8yOVh2UWFJSmZFWTB0WGdCOXhz?= =?utf-8?B?TVhMTHRmdHlUb1NDTE5vODUxbjNUR3kvajBmMXNlWUcrTzMyWWVNYTc1Z3Ni?= =?utf-8?B?T0Vsbm1acjVxa3pwQzRjTEpuVnRpYnhvLzZUWHNHNjZjYjNVNnJMQT09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 0381af3a-769a-483f-b513-08dec197a90b X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:46.3949 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: xoh4cKjmkDczsw7rWGFWh2mTgfB+HwqHaGgJKAcK6eB/2eKiMQ6uv2DwzgvuBrtXMnQxaNOzaOF7fOGQvC6lUw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0929 Add a new KCOV subsystem that captures function arguments at entry and return values at exit, with automatic struct field expansion using compiler-generated DebugInfo metadata. Key components: - CONFIG_KCOV_DATAFLOW_ARGS: enables argument capture - CONFIG_KCOV_DATAFLOW_RET: enables return value capture - /sys/kernel/debug/kcov_dataflow: separate device from legacy kcov - Ioctl namespace 'd' (KCOV_DF_INIT_TRACE, KCOV_DF_ENABLE, KCOV_DF_DISABLE) - Per-task buffer: task->kcov_df_area with atomic xadd reservation - Fault-tolerant: all reads via copy_from_kernel_nofault() - Recursion-safe: notrace __no_sanitize_coverage noinline - ERR_PTR aware: skips struct expansion for error pointers The callbacks (__sanitizer_cov_trace_args/ret) are inserted by the compiler when -fsanitize-coverage=3Ddataflow-args,dataflow-ret is used. The Kconfig options depend on cc-option to verify compiler support. Buffer format (TLV records, all u64): area[0]: atomic word count [pos+0]: type_and_seq (0xE=3Dentry, 0xF=3Dreturn in upper 4 bits) [pos+1]: PC [pos+2]: meta (arg_idx | arg_size | ptr) [pos+3..N]: field values read via copy_from_kernel_nofault() This is completely independent from legacy /sys/kernel/debug/kcov. Existing users (syzkaller, oss-fuzz) are unaffected. Signed-off-by: Yunseong Kim --- include/linux/sched.h | 8 ++ kernel/kcov.c | 291 ++++++++++++++++++++++++++++++++++++++++++++++= ++++ lib/Kconfig.debug | 22 ++++ 3 files changed, 321 insertions(+) diff --git a/include/linux/sched.h b/include/linux/sched.h index c4433c185ad8..03be4b495f70 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -1533,6 +1533,14 @@ struct task_struct { /* KCOV sequence number: */ int kcov_sequence; =20 + /* KCOV dataflow per-task sequence counter for TLV records: */ + u32 kcov_dataflow_seq; + + /* KCOV dataflow: separate buffer for trace-args/trace-ret */ + unsigned int kcov_df_size; + void *kcov_df_area; + bool kcov_df_enabled; + /* Collect coverage from softirq context: */ unsigned int kcov_softirq; #endif diff --git a/kernel/kcov.c b/kernel/kcov.c index 1df373fb562b..d3c9c0efe961 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -353,6 +353,288 @@ void notrace __sanitizer_cov_trace_switch(kcov_u64 va= l, void *arg) EXPORT_SYMBOL(__sanitizer_cov_trace_switch); #endif /* ifdef CONFIG_KCOV_ENABLE_COMPARISONS */ =20 +#if defined(CONFIG_KCOV_DATAFLOW_ARGS) || defined(CONFIG_KCOV_DATAFLOW_RET) +/* + * KCOV Dataflow: /sys/kernel/debug/kcov_dataflow + * + * Completely separate from legacy /sys/kernel/debug/kcov. + * Own buffer, own ioctl, own mmap. No printk =E2=80=94 buffer only. + * + * TLV record layout (all u64): + * area[0]: total u64 words written (atomic counter) + * [pos+0]: type_and_seq (0xE=3Dentry|0xF=3Dreturn in upper 4 bits, seq = in lower 24) + * [pos+1]: PC + * [pos+2]: raw pointer | (arg_idx << 56) | (arg_size << 48) for entry + * [pos+3..N]: field values (or scalar value if num_fields=3D0) + */ +#define KCOV_DF_TYPE_ENTRY 0xE0000000ULL +#define KCOV_DF_TYPE_RET 0xF0000000ULL +#define KCOV_DF_MAGIC_BAD 0xBADADD85ULL +#define KCOV_DF_IS_ERR(p) ((unsigned long)(p) >=3D (unsigned long)-4095UL) + +/* Ioctl commands for /sys/kernel/debug/kcov_dataflow */ +#define KCOV_DF_INIT_TRACE _IOR('d', 1, unsigned long) +#define KCOV_DF_ENABLE _IO('d', 100) +#define KCOV_DF_DISABLE _IO('d', 101) + +struct kcov_dataflow { + refcount_t refcount; + spinlock_t lock; + unsigned int size; /* in u64 words */ + void *area; + struct task_struct *t; +}; + +static void kcov_df_put(struct kcov_dataflow *df) +{ + if (refcount_dec_and_test(&df->refcount)) { + vfree(df->area); + kfree(df); + } +} + +/* + * Core write function =E2=80=94 no printk, no locks, just atomic buffer w= rite. + * Called from __sanitizer_cov_trace_args/ret in instrumented code. + */ +static noinline notrace __no_sanitize_coverage void +kcov_df_write(u64 type_marker, u64 pc, u64 meta, void *ptr, + u64 *offsets, u32 num_fields) +{ + struct task_struct *t =3D current; + u64 *area; + unsigned long pos, max_pos; + u32 record_len, seq, i; + + if (!t->kcov_df_enabled) + return; + + area =3D (u64 *)t->kcov_df_area; + if (!area) + return; + + max_pos =3D t->kcov_df_size; + + /* Record: header(1) + pc(1) + meta(1) + fields or scalar(max 1) */ + record_len =3D 3 + (num_fields > 0 ? num_fields : 1); + + /* Atomic reservation */ + pos =3D 1 + xadd((unsigned long *)&area[0], record_len); + if (unlikely(pos + record_len > max_pos)) { + xadd((unsigned long *)&area[0], -(long)record_len); + return; + } + + seq =3D ++t->kcov_dataflow_seq; + area[pos] =3D type_marker | (seq & 0x00FFFFFFULL); + area[pos + 1] =3D pc; + area[pos + 2] =3D meta; + + if (num_fields =3D=3D 0) { + /* Scalar: read value from ptr using size from meta */ + u64 val =3D 0; + u32 sz =3D (meta >> 48) & 0xFF; + + if (sz > sizeof(val)) + sz =3D sizeof(val); + if (ptr && !KCOV_DF_IS_ERR(ptr)) + copy_from_kernel_nofault(&val, ptr, sz); + area[pos + 3] =3D val; + } else { + /* Struct fields */ + if (KCOV_DF_IS_ERR(ptr)) { + for (i =3D 0; i < num_fields; i++) + area[pos + 3 + i] =3D KCOV_DF_MAGIC_BAD; + return; + } + for (i =3D 0; i < num_fields; i++) { + u64 off, sz, val =3D KCOV_DF_MAGIC_BAD; + void *fa; + + if (copy_from_kernel_nofault(&off, &offsets[i * 2], sizeof(off)) || + copy_from_kernel_nofault(&sz, &offsets[i * 2 + 1], sizeof(sz))) { + area[pos + 3 + i] =3D KCOV_DF_MAGIC_BAD; + continue; + } + fa =3D (void *)((unsigned long)ptr + off); + val =3D 0; + if (sz <=3D sizeof(val)) + copy_from_kernel_nofault(&val, fa, sz); + else + copy_from_kernel_nofault(&val, fa, sizeof(val)); + area[pos + 3 + i] =3D val; + } + } +} + +#ifdef CONFIG_KCOV_DATAFLOW_ARGS +noinline void notrace __no_sanitize_coverage +__sanitizer_cov_trace_args(u64 pc, u32 arg_idx, u32 arg_size, void *arg_pt= r, + u64 *offsets, u32 num_fields); + +noinline void notrace __no_sanitize_coverage +__sanitizer_cov_trace_args(u64 pc, u32 arg_idx, u32 arg_size, void *arg_pt= r, + u64 *offsets, u32 num_fields) +{ + /* meta: [arg_idx(8) | arg_size(8) | ptr(48)] */ + u64 meta =3D ((u64)arg_idx << 56) | ((u64)arg_size << 48) | + ((u64)(unsigned long)arg_ptr & 0xFFFFFFFFFFFFULL); + kcov_df_write(KCOV_DF_TYPE_ENTRY, pc, meta, arg_ptr, + offsets, num_fields); +} +EXPORT_SYMBOL(__sanitizer_cov_trace_args); +#endif + +#ifdef CONFIG_KCOV_DATAFLOW_RET +noinline void notrace __no_sanitize_coverage +__sanitizer_cov_trace_ret(u64 pc, u32 ret_size, void *ret_val, + u64 *offsets, u32 num_fields); + +noinline void notrace __no_sanitize_coverage +__sanitizer_cov_trace_ret(u64 pc, u32 ret_size, void *ret_val, + u64 *offsets, u32 num_fields) +{ + u64 meta =3D ((u64)ret_size << 48) | + ((u64)(unsigned long)ret_val & 0xFFFFFFFFFFFFULL); + kcov_df_write(KCOV_DF_TYPE_RET, pc, meta, ret_val, + offsets, num_fields); +} +EXPORT_SYMBOL(__sanitizer_cov_trace_ret); +#endif + +/* --- /sys/kernel/debug/kcov_dataflow file operations --- */ + +static int kcov_df_open(struct inode *inode, struct file *filep) +{ + struct kcov_dataflow *df; + + df =3D kzalloc(sizeof(*df), GFP_KERNEL); + if (!df) + return -ENOMEM; + spin_lock_init(&df->lock); + refcount_set(&df->refcount, 1); + filep->private_data =3D df; + return nonseekable_open(inode, filep); +} + +static int kcov_df_close(struct inode *inode, struct file *filep) +{ + struct kcov_dataflow *df =3D filep->private_data; + unsigned long flags; + + spin_lock_irqsave(&df->lock, flags); + if (df->t =3D=3D current) { + current->kcov_df_enabled =3D false; + current->kcov_df_area =3D NULL; + current->kcov_df_size =3D 0; + df->t =3D NULL; + } + spin_unlock_irqrestore(&df->lock, flags); + kcov_df_put(df); + return 0; +} + +static int kcov_df_mmap(struct file *filep, struct vm_area_struct *vma) +{ + struct kcov_dataflow *df =3D filep->private_data; + unsigned long size, off; + struct page *page; + unsigned long flags; + void *area; + int res =3D 0; + + spin_lock_irqsave(&df->lock, flags); + size =3D df->size * sizeof(u64); + if (!df->area || vma->vm_pgoff !=3D 0 || + vma->vm_end - vma->vm_start !=3D size) { + res =3D -EINVAL; + goto out; + } + area =3D df->area; + spin_unlock_irqrestore(&df->lock, flags); + + vm_flags_set(vma, VM_DONTEXPAND); + for (off =3D 0; off < size; off +=3D PAGE_SIZE) { + page =3D vmalloc_to_page(area + off); + res =3D vm_insert_page(vma, vma->vm_start + off, page); + if (res) + return res; + } + return 0; +out: + spin_unlock_irqrestore(&df->lock, flags); + return res; +} + +static long kcov_df_ioctl(struct file *filep, unsigned int cmd, unsigned l= ong arg) +{ + struct kcov_dataflow *df =3D filep->private_data; + unsigned long flags; + unsigned long size; + int res =3D 0; + + spin_lock_irqsave(&df->lock, flags); + switch (cmd) { + case KCOV_DF_INIT_TRACE: + if (df->area) { + res =3D -EBUSY; + break; + } + size =3D arg; + if (size < 2 || size > (128 << 20) / sizeof(u64)) { + res =3D -EINVAL; + break; + } + spin_unlock_irqrestore(&df->lock, flags); + df->area =3D vmalloc_user(size * sizeof(u64)); + if (!df->area) + return -ENOMEM; + spin_lock_irqsave(&df->lock, flags); + df->size =3D size; + break; + + case KCOV_DF_ENABLE: + if (!df->area || df->t) { + res =3D -EINVAL; + break; + } + df->t =3D current; + current->kcov_df_area =3D df->area; + current->kcov_df_size =3D df->size; + current->kcov_dataflow_seq =3D 0; + /* Barrier before enabling */ + barrier(); + current->kcov_df_enabled =3D true; + break; + + case KCOV_DF_DISABLE: + if (df->t !=3D current) { + res =3D -EINVAL; + break; + } + current->kcov_df_enabled =3D false; + barrier(); + current->kcov_df_area =3D NULL; + current->kcov_df_size =3D 0; + df->t =3D NULL; + break; + + default: + res =3D -ENOTTY; + } + spin_unlock_irqrestore(&df->lock, flags); + return res; +} + +static const struct file_operations kcov_df_fops =3D { + .open =3D kcov_df_open, + .unlocked_ioctl =3D kcov_df_ioctl, + .compat_ioctl =3D kcov_df_ioctl, + .mmap =3D kcov_df_mmap, + .release =3D kcov_df_close, +}; +#endif /* CONFIG_KCOV_DATAFLOW_ARGS || CONFIG_KCOV_DATAFLOW_RET */ + static void kcov_start(struct task_struct *t, struct kcov *kcov, unsigned int size, void *area, enum kcov_mode mode, int sequence) @@ -1146,6 +1428,15 @@ static int __init kcov_init(void) */ debugfs_create_file_unsafe("kcov", 0600, NULL, NULL, &kcov_fops); =20 +#if defined(CONFIG_KCOV_DATAFLOW_ARGS) || defined(CONFIG_KCOV_DATAFLOW_RET) + /* + * Toggle verbose printk: echo 1 > /sys/kernel/debug/kcov_dataflow_verbose + * Default off =E2=80=94 zero overhead when not debugging. + */ + debugfs_create_file_unsafe("kcov_dataflow", 0600, NULL, NULL, + &kcov_df_fops); +#endif + #ifdef CONFIG_KCOV_SELFTEST selftest(); #endif diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index e2f976c3301b..abd1a94589aa 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2261,6 +2261,28 @@ config KCOV_SELFTEST On test failure, causes the kernel to panic. Recommended to be enabled, ensuring critical functionality works as intended. =20 + +config KCOV_DATAFLOW_ARGS + bool "Enable KCOV dataflow: function argument capture" + depends on KCOV + depends on $(cc-option,-fsanitize-coverage=3Ddataflow-args) + help + Captures function arguments at entry via /sys/kernel/debug/kcov_dataflo= w. + Struct pointer arguments are auto-expanded using compiler DebugInfo + metadata, recording individual field values at runtime. + Enable per-module with: KCOV_DATAFLOW_file.o :=3D y in the Makefile. + Requires clang with -fsanitize-coverage=3Ddataflow-args support. + +config KCOV_DATAFLOW_RET + bool "Enable KCOV dataflow: return value capture" + depends on KCOV + depends on $(cc-option,-fsanitize-coverage=3Ddataflow-ret) + help + Captures function return values via /sys/kernel/debug/kcov_dataflow. + Struct pointer returns are auto-expanded using compiler DebugInfo + metadata, recording individual field values at runtime. + Enable per-module with: KCOV_DATAFLOW_file.o :=3D y in the Makefile. + Requires clang with -fsanitize-coverage=3Ddataflow-ret support. config DEBUG_AID_FOR_SYZBOT bool "Additional debug code for syzbot" default n --=20 2.43.0 From nobody Mon Jun 8 08:30:47 2026 Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazon11011003.outbound.protection.outlook.com [40.107.130.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77F18453495; Wed, 3 Jun 2026 17:43:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.130.3 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508633; cv=fail; b=vD1vrVv6sQPQkfe7xu3OAiT5X/gpUTQPFMeIEmfCkHEWv+p41LkKCGxMyuP12YpSbkRr3G4hSAi/b0tWdBNcJYMSyobr+fwpDpmpGjdqe+zk7OILlXMhBjDL8iiYZQCNYg9VhIMe16Jkhi/v7qYQ8eiSivCHYVuHI3pJ5GKic6s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508633; c=relaxed/simple; bh=t4ne+rbpe7Er/mY/UQq9toK9844yPlpn7fPZ5NmAUuM=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=LO6v9lyvAeCdQ0ZHI2/BOIK8Kg4Jf0c+saVaLYVD/kbg6rdWpp/xxvOwSfUJdDA0aDnzg3gh40By3gY1ZR2T6ZcGVs0qElWvPgtW7jEs+T31QOWP3DZ19audDyeoOZQZqHawc36ovsoELyD2GSx6CJ+AqTVpjb5z74A511/u0+s= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=moHX5J3D; arc=fail smtp.client-ip=40.107.130.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="moHX5J3D" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=CNuhMr2dZifI9al1KsPCjzaKzgr8wPwEiDImyHldBJrigYlM4nMF3GrIdd2LO23tGUlQV/LUqIMRiaIyYl67svbmNEvf2dNyfCvCXWWifVQCLGVtOkMpAhNdZvuGmXMexIrv9Dsf8SO+oz4u+vI+OpXXtpOorufW2HKFlmt6Yx2m7RNBdQldKsKTWoaIPfTYM6ZpOe6BWiqBvKU1Sr+ieV2JI/NTuOGhGQB77JH8STq9zS+Kke18mKB9UY1rtyH+T/mlHAAzHmbYh5T7hqj+lD2QJSJgo0ChW4JNjQKwkpojoYfSwg81bYYrKYoDB2Pj8iuLz3SD5JcqLLTZUqPOeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KwfJzZY8C57sWivUEr4WS37gZF+YigpqadsWzsCMwVU=; b=AbA8ElmEz5CGg7JIhubxwdkcQJ3wEBgB5NGMidmDYSKxAzG75MCjQVoQF1K6ihoYYM208oRLMl6mZo4nhVMGC/2ruamLi19xnG5//B38Z0fw8JqbADTdh1iE40/aduwwFwXvcWbItnHrMiZRGEsXQiUu8GB0cgjJZhGMnaqbAkz0fAbZ/rR+jmiXEQPuGB6Eay01VULZWQX5s+5YLkPQhhwepepEwn6GH9AZzWFweZu/A2DZb9BhrayMAI5AosaMRuciL3NT8E6dEV/RS5xDn3ogbN/34wRoG3ST9hHWL5YOcZmTpOQMcL7N+uB0l4pKxubB2p73DwbTHNv+0E0CsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KwfJzZY8C57sWivUEr4WS37gZF+YigpqadsWzsCMwVU=; b=moHX5J3DTEAgZwvRD/i9i/QFc/XKXh+YqAGvb/QTczOs3G4qcFUl5H+wcJY22AZQ4vMTr4dgCfMdO7PtL4cphHQemsS5QiTkMcKgHuSQV8hy1lu4ooO20j/bxhAyShN7bFeAkSsfzUXordXyQwXWR0cgAOChGz6NCKqprtijSEI25MPNalx57No0jauE0D3rfYP123g3F72kc8rr1plNRZUasSjK3U7OXmX+8hTEKruAJbyp2+NkbfxkZYVsdxPyx2KBDGYZXbcyTzKeUV4p0LPcQ3Y/5BDZyaeSG/Dry26JQs5hpaNppIg57Srji3NDxYkdAz1kp4SrkTm6c6xCAA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0929.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:17d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:48 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:48 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:29 +0200 Subject: [RFC PATCH v2 2/6] kcov: add build system support for dataflow instrumentation Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-2-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=2724; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=t4ne+rbpe7Er/mY/UQq9toK9844yPlpn7fPZ5NmAUuM=; b=LDpTwQAz+pbub5nkL4XVGGf1e1nGMWyYSGf3YuDpS0iyfTPHVzg08aTPrqW25Pb86BIw3u0wp zpu8Kw5/PU3DFL3pmwHYfjd+6CeCaAd0M8AotBHNP9XktTGy7+1VggE X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: DUZPR01CA0260.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b9::8) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0929:EE_ X-MS-Office365-Filtering-Correlation-Id: babcf569-8ed4-48c8-66e7-08dec197aad0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|366016|1800799024|921020|18002099003|22082099003|56012099006|11063799006; X-Microsoft-Antispam-Message-Info: 4MkQtKd9zlc3K7KUIn7E//uW/ww2/fcUZHmvmGnqHzhq7pQKF+rTmWS8TlSn3PSLBdmQ+wvWKJ6Oep4ua6H8lqmDkQXzSKliiNtYrhluDINvstJK4Rw4piSIfvEgIFxPk2NJSIW0Uhs1r6YIxLS57v4NZQKBoImJml3EGk64HH0TP7FiSfL6ECNyqet5WEDBNKiK4EI2nokDD43tuONvJRBk1SnCLUk/I8jLutXdoG4eBdYWcs5Kqxk+uZa+l7mulJpYI9WfXvDyV6k4yq9IowxlGus61XzSrrHy7wruccpbcRfNa7UZYB1t8E7kte5s4hNqkkY+jREi+aCMWrWspRodOblijbBvESE9+H0vepMUJKY9VM60+DI+KRb+SPlJt0g1PKTTrSj4tId8Mus9MMbUwsT1WzxPPBwi/cFpgdoXmzE5tdAugmuFEXidcmnf45JnA4hksIm6wZ1ZyqZBUqIr3S57c0PiWby9QTY+DOg4MkCyRzApwTibnu8EZK5XeReX2BJVFysXL2xRtzZhDMrO4vcNbhEs+VzqLEHVY97u4mWAsnvzPba5XCrnsvLmnkYPr3lDJZ9C5R3DOdK36MHSCzjxYdXE/l266IL+VOwBrOfqhvYm5YMIjKVGqZfPCUWrY6teAe5jd5EPuMhmNEOZsMtRgIX8SEgHY2GjtY2w1jU5qGV9y9fqYsMXDtGtzWlwqW5VTin3e1gDXigJf+30HUl4CzxThPxUK7K6gfA= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(366016)(1800799024)(921020)(18002099003)(22082099003)(56012099006)(11063799006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eUx2SXNpMzVYSWhLcThjelY0Ym1CZWM5bzZ2M1dMMUhSMCswMjkwUW9jUGhN?= =?utf-8?B?eXZyY1dTNGd1L0EyQngzSTFjWGNrMXU1M05GMngzUWVKY3hIOTVpY25Rc3J1?= =?utf-8?B?Y2todEtGZURmZkdKdTljSGJQWWtaY0thOEhxeUZzc0N4Tkc5RjlSL3IxZFdw?= =?utf-8?B?VHRvWHl6b051RkY4ZmxvUHZOTVJtZUdjZGlGV2FHamxXRmpnaDBIcVh2S0FZ?= =?utf-8?B?WFRKQU82MjJGdFpaZ2hLNzFjVjZBdENqQ2tNT25RY0J3UllTQ3g3MUVTbWlT?= =?utf-8?B?NzZ3OG1vNm9MUmhVTHBSVG1KK05uWEJ6dWk0NnUveFhNQWh1cWdiQ2FWR2Rv?= =?utf-8?B?WHFGelN5RzY3SHhFckRLOHUwQkhIb2V3bFdieEpjSGFMMlRQMlpYTlRycHZ0?= =?utf-8?B?QjZya3VOMTkvS2xOTGI0aHVNRmFGYWNUZ1lOWVhFdUFRTlBtZjMrMTVBNVFT?= =?utf-8?B?WVJNaWQwenVSblRBY0g0VXZVeUUxemVSWjNjMnJyZ01mOWdGVFlQM1FQdGZl?= =?utf-8?B?QTAxM0RENWoxaGFoQjRSelB0QWVkK1VtMjFBbkxSNlNzejdEenNuVlBzb1Mw?= =?utf-8?B?c1ZqWjFUaDlaS3JNUXlRRTU2Nm9LdldtZGhZVGF2c0NlSnlWSUhIUEZXblhs?= =?utf-8?B?WGtVNHU4bWloSDBIMWZPSW1OeVB5WWFwQVVIY1FFbXFCOEoyY2ttWnE1MVNW?= =?utf-8?B?Y2FvZ3lOYmJoTmRnK3crb2djT0lsRm1Xd1RqdzJqeVRjNFV6VE15QmRKam5P?= =?utf-8?B?a29lK08xU2t4emVzK3ZOeVh3VjByeGVFaHBCeE50RlhRaGltcWRRc1NOMm9K?= =?utf-8?B?SU0reW4yTE5PendjRXAvK1VMclpwTVIrT1F3N25Dc1VhR1IxUWZxTDU5Nkt2?= =?utf-8?B?aFVKYVJwSHJiMFhEdWVoSXdxVFFoamtXSEJGdFhzM2dva3BLc3hGYjRWWWtj?= =?utf-8?B?MWJ3UTY5MDM3M2JYL0t0WXdtc1RvK3NzaGw5d0haTlFqSFpOR1FST0IyVTlU?= =?utf-8?B?S1psRHUyTzZHUXlOWGtjRS9NR0xveDE5NEpIOUt1Sk9nR1lUYVFEc1JpeVJC?= =?utf-8?B?ZDRsak8vcjN2eVlnTVlzK0kxRE9nNlZEUjNIUWJmdXllaHozN1FJeFRrT0pT?= =?utf-8?B?Q3ZlOWFGZlhBWnFSazVsLzNDYzRJZlJSOFJtUUdaRmw4aTkvTEVNZG1ZNjZn?= =?utf-8?B?UURHdmUzUXlUK3Zta2NoaGU2QlBQZ3R1TGV6YWYxN1M1a3hSeGgyRUNzMFZk?= =?utf-8?B?ZCtlQkxtNFZGby9ra2poVVFBdjV4Q0dKV1daTGo5T3NoVnpjUXVDdW9CbjY3?= =?utf-8?B?UC9UMjF3dW5LRndtR1pPeGx5b2dGcXN1OW96LzdWWERSQ3NBWXkwaWNUOTAy?= =?utf-8?B?bWJWOWVPMFlrYmNLKzRVUVpyZXVMUzZzclYycWJQb3JlT0pZOFBKbHhIbTcy?= =?utf-8?B?QjFtUzArSnNIa2NqcllHRVF0MjdkZ0wyd0JLYTF3MnphbVJnd2ZSZnBkSjYy?= =?utf-8?B?OHVxQVYzazFCd2x5UmFmbGNhS0ovN2ZqY2ZQZU9uLzI4U1FJWTFnblpoQnBS?= =?utf-8?B?clBMNzRPSkZhV0JlODN5b1BtVzRwMWttNmJYZHcyT01RQ251aStRQnRjNndj?= =?utf-8?B?YlFhak15aHc0c3Q0bW95RDZtWHRZNnJqQWx0STViWnBmckl2K0F3bGl5TjNn?= =?utf-8?B?VWEvS2JZc0hVMXZ3YkdGK05QWUJVUDhQSWpzaXRmaXczOGJTNVdLNit4Rkxy?= =?utf-8?B?WUJuVUlHSFhNR1hobmI3NzJoMnpQNmZzbzd1MC92alBhaUdvWG02TXN3SnpL?= =?utf-8?B?RkROVUgxRTJvWldBL2J1WXRIbGJqM1Zud283QkY4bjdLcDlDWmpwWFg3eGp4?= =?utf-8?B?eDh5QjZ1MXJDOUU4eisyWjJxM2w4QW5NYXVLczZwbFVOWDJ1RUFJU2h5TFg1?= =?utf-8?B?ejdKRm1LR0NRQk5uTUloTFc4cmZzcTEzQ3dLQU9wWFlJZ01QdWl4TE8vMVRp?= =?utf-8?B?M0FNK05oazlrQmFScE5aMTJuWTBoNkcxZEdIOHZtYzBRMFVrRElCZHJiSk1x?= =?utf-8?B?M2dYbStGdDRxRUIvOHo0Zm81V3dTbUlRQXI0UHBMUXcyMFN5ZThNT0JFNWJt?= =?utf-8?B?VlRTUUJKUUlqWEhWN1VPTlEzU0RDWUlFaGVnbkxOT0lmVjZ4ZXJUNzdqT3BQ?= =?utf-8?B?OXQ0TGFxY1FzeWJjUWFDZktuYXI1TGQxWjhUeENRRDlINXRhWjVONFViL0hv?= =?utf-8?B?eDR2cXFBUkZJeUphWjBqREFKWGM5YUQ2UXlmZk1TOFIrcDFQTFVqMVgvQWlm?= =?utf-8?B?alVzM0d5NlE3Z2NhV1BYSE5Vb1hkMHF2cFV0MXoyOW52WW9lTDRoUT09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: babcf569-8ed4-48c8-66e7-08dec197aad0 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:48.8605 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wbNM/uO/xfTp6VGI428hTjlde0D9bj2uF8xewZWIk57aWRGtehr8K/zd4yoyq214pmXZimy2OYU4N7LIGInl6Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0929 Add CFLAGS_KCOV_DATAFLOW and RUSTFLAGS_KCOV_DATAFLOW exports to scripts/Makefile.kcov, containing: -fsanitize-coverage=3Ddataflow-args,dataflow-ret -g (with optional -fno-inline via CONFIG_KCOV_DATAFLOW_NO_INLINE) scripts/Makefile.lib applies these flags when a module's Makefile sets: KCOV_DATAFLOW_file.o :=3D y (per-file) KCOV_DATAFLOW :=3D y (per-directory) Also supports CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL for global enablement. The flags are only applied to kernel objects (same guard as basic KCOV). Signed-off-by: Yunseong Kim --- scripts/Makefile.kcov | 6 ++++++ scripts/Makefile.lib | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/scripts/Makefile.kcov b/scripts/Makefile.kcov index 78305a84ba9d..101173fe194b 100644 --- a/scripts/Makefile.kcov +++ b/scripts/Makefile.kcov @@ -2,10 +2,16 @@ kcov-flags-y +=3D -fsanitize-coverage=3Dtrace-pc kcov-flags-$(CONFIG_KCOV_ENABLE_COMPARISONS) +=3D -fsanitize-coverage=3Dtr= ace-cmp =20 +# KCOV dataflow: trace function args and return values +kcov-dataflow-flags-y :=3D -fsanitize-coverage=3Ddataflow-args,dataflow-re= t -g +kcov-dataflow-flags-$(CONFIG_KCOV_DATAFLOW_NO_INLINE) +=3D -fno-inline + kcov-rflags-y +=3D -Cpasses=3Dsancov-module kcov-rflags-y +=3D -Cllvm-args=3D-sanitizer-coverage-level=3D3 kcov-rflags-y +=3D -Cllvm-args=3D-sanitizer-coverage-trace-pc kcov-rflags-$(CONFIG_KCOV_ENABLE_COMPARISONS) +=3D -Cllvm-args=3D-sanitize= r-coverage-trace-compares =20 export CFLAGS_KCOV :=3D $(kcov-flags-y) +export CFLAGS_KCOV_DATAFLOW :=3D $(kcov-dataflow-flags-y) +export RUSTFLAGS_KCOV_DATAFLOW :=3D -Cpasses=3Dsancov-module -Cllvm-args= =3D-sanitizer-coverage-level=3D3 -Cllvm-args=3D-sanitizer-coverage-dataflow= -args -Cllvm-args=3D-sanitizer-coverage-dataflow-ret -Cdebuginfo=3D2 export RUSTFLAGS_KCOV :=3D $(kcov-rflags-y) diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 80e127c75a93..519bf651cdcf 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -88,6 +88,13 @@ _c_flags +=3D $(if $(patsubst n%,, \ _rust_flags +=3D $(if $(patsubst n%,, \ $(KCOV_INSTRUMENT_$(target-stem).o)$(KCOV_INSTRUMENT)$(if $(is-kernel-obj= ect),$(CONFIG_KCOV_INSTRUMENT_ALL))), \ $(RUSTFLAGS_KCOV)) +# KCOV dataflow: per-file opt-in or global via CONFIG_KCOV_DATAFLOW_INSTRU= MENT_ALL +_c_flags +=3D $(if $(patsubst n%,, \ + $(KCOV_DATAFLOW_$(target-stem).o)$(KCOV_DATAFLOW)$(if $(is-kernel-object)= ,$(CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL))), \ + $(CFLAGS_KCOV_DATAFLOW)) +_rust_flags +=3D $(if $(patsubst n%,, \ + $(KCOV_DATAFLOW_$(target-stem).o)$(KCOV_DATAFLOW)$(if $(is-kernel-object)= ,$(CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL))), \ + $(RUSTFLAGS_KCOV_DATAFLOW)) endif =20 # --=20 2.43.0 From nobody Mon Jun 8 08:30:47 2026 Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazon11011003.outbound.protection.outlook.com [40.107.130.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4DD9648033E; Wed, 3 Jun 2026 17:43:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.130.3 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508634; cv=fail; b=lG0CHsPzMlatTH7cNkKIfNuIh8uFxcQmpglrYAbf/UOBolPsnqK8Xb/1J+y3I3C/GVv5UPC7vTkmglHAnISwjyVFK6JAnUmnbXMAQ6BI++DXfpYOiL2T9klG9vzuwOjMZF5bfQ3vs5uK+ZObD8BVRI94W5xY62RQ2dKsBZarkzo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508634; c=relaxed/simple; bh=+xfznbHFRNJvLBGos9C7SoS912geIXFu9E+d1ulriZk=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=EFaUmkxsOLkTEiIUSYp8n/oSqI5+y3tm8HYnDSArYaxpZuJDimaMUq3X8PxDGN9TDyKb7d6g9ljMSJY9p6jb6KT0NegHZNaa0jDh/CN6ACNmnKj9s1v99jGFsL8xH9Uq/Tc2KZTJR3HDzwe7XP3ZiXrZTar8/qKf+ui/3F/Xu1w= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=xNgUPgON; arc=fail smtp.client-ip=40.107.130.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="xNgUPgON" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Ee+nsSY9/k3B9nYsWl4/epf2HR3jG/tSeb4Qqioh434ell7ZTe/iNQ/i8KIIpcmbWpV98Xm3tAvSEFWQwobIb2FRO9fBLJ0/bOfNXoZT52xFt5Z9a9UmRZIDXIdPVQ5veOTYWNwapTm+BxUONFUAAisHnL6PfemrNYy79B3AcpunP01MQNN/CAcqRm7U/uUV2aRve2VOt/mY4cx3g9kEPPR4IP+cDb5617jJa+GOzCr3kLczbQnr3yb9IrAE7/kNwrE/SUmELENoM5dgKFMW4zqBmaa49Mnd4P5uGmJstwSPHId2IyqwTz+xweOStlkPDS+lg9kPvnopPbtVw8sbPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=slWpyV6EIesdBTU3x08xAgpjvzLlNxHQ9EVVIiQq10U=; b=l6bJtOkmGPmAcnNi6QRlwdhZzvUMPctekh6jtlmNMChNPABI9gWm45TpTLUBzrRat9z4LUNj5xb71Ie939So01pO8ILtFxfF5aIejOortS9MaSVpyv7i/Cxtl6SnjR3tMiHY/bItnqpSWuQ00hpfahBPu/F39a/2hxdGb6b3eb4h65A2l4L4FJj6iU8WDnL5694X8sAdHTy15NMvKSpSvCENO07nvEZj98zy2LO3/mHyaX3RKc3ivjq5oYIMGYKxvZ9csPP6QP9qmzbIOIowdpWFUL++NrwJ7r4rmFJKdn4gw+/W3jWkCn2IQGTdVaYRm9oUtxEHhlG2mc1QetsAlg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=slWpyV6EIesdBTU3x08xAgpjvzLlNxHQ9EVVIiQq10U=; b=xNgUPgONGFBWFJ6zml2k6gwbKPnk48mwjJsqDK1J0Ob1H13nSNAaSzfboAynNRbfPxlja4KdTtQqtj0VTMPyuIkmktZSQo6hlezD4FtWrFJSbnJaYpXkpdmYv1nBCFe5QAw/WWGFAo8CJtFQ6qPxevlB9HBisOTr5A1O6lxWgi45w7GqZ8BnOCWlZbO7LSWOyr0KIkxDRxH+Un0HQOw/zyQhxeQq63k+uak8sFSyXKo0bG9OqeqS3S71hLBaKK7kwrlPtULfYWk0z3TwwI7ShNBZiwgWk1HEE8pY9CGPuwhan1vfLn1g6Laz+eqFK5ktXQpSx4HdzNERu8/wuNupQA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0929.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:17d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:50 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:50 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:30 +0200 Subject: [RFC PATCH v2 3/6] kcov: add CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL and NO_INLINE Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-3-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=3118; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=+xfznbHFRNJvLBGos9C7SoS912geIXFu9E+d1ulriZk=; b=9FMDsEJt+OhekcfZrZygVatO9+mLVp0qgBpSjIispfCCGDZjErdudM4xSciLOvYzhMFUv1Hi2 34WlN1apkMwDq+E28sZlYRSTIZbS/8nySnJxdxcl1hwUw0zzs6YZD3+ X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: DUZPR01CA0248.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b5::21) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0929:EE_ X-MS-Office365-Filtering-Correlation-Id: a087201d-afe2-49e0-3fcd-08dec197ac38 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|366016|1800799024|921020|6133799003|18002099003|22082099003|56012099006|11063799006|3023799007; X-Microsoft-Antispam-Message-Info: RC+zQYxpyT6lLGg9j/U9u5diBLe45GPXNpYS3gxE7J3gjdOLMnsuzwjIIMj3M85DCLFMWAnCiWGA7PfS0Ost4MBLbjYH/ytFDavXpSIKFJFCRWHAb0RjGwM98mAIOyYtkKGAlWsLHcn40hhWmHbFXVjVB7ie+Bw4rGYqLndM9rxQSkuqSSvUUbnI7YimCxjsmaigh5CFc2mLayVkObaBbj6N+LqMpGiG+vAb+PumQjVV6yCxLmFFbRTrh3Fvxu00I5EJJiJBxkLfvSlLOHRjVYjt01LCDT4qk+ilhs1VjdTL/BfUwi+0sZieFQIVg9OM5BCZ2320qrCWZYo+1FGKn0YznpxRzJpCpdSWRPaGyOgZpKumawnxBxpmK6lvZ6hKudzfHLaRiZhKSJcb6Y7SE92p78krh0PIqMS/ba1mCzUTUsXuP4+KuOgjNdUgjXby2fwYHONABfixjTkbMUW/1UFJ+Ye3aioDmibYUsARYdbFNpmJnU3MmICbQsxxLOEm1m+cPQtzxHbwBcaQmMLlxYt+bqqkbL8EHh283DIWE/Vo80cMpoUPcSmAtH5KLYZsXAuXFsto3EdFY7K7XC0KJIAAAif6GmA+XAwVG7nxEk5mZPfmP7knRVprtTKo1if/fFkq/D3V+ZpJzimrP4ZSKLaCDW0kbJLaKIBvpuksONPNygCorqnXYrRUikSsnY46G7ODluJi9AZiR5CbjXyP5dWObiAg7Tc/26Rd7r+Qcas= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(366016)(1800799024)(921020)(6133799003)(18002099003)(22082099003)(56012099006)(11063799006)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dXA5SDIrYkNCdVlNUTVkY1dqTlFKeklWeDc1ZGM4Q2xRSE5neVNkZnBGT2N2?= =?utf-8?B?cFJ2V2E4TlBXVXFzQ1l5R2NJaFZpUENsUGR4NTA3VVloS2ZGMmRRdUQxS0Jj?= =?utf-8?B?bFJ1aHRZTlRDc09LdGJaSS9peUZ6WVFxMGpVZHBGN0IyS01NOEU0U2Y4T3VJ?= =?utf-8?B?ZHFZajh0ajZLK2RrejQyOWlSWUFOTWNEcWNYVE9ndElCL092QUJrM3FhdU9S?= =?utf-8?B?ODYzRDliSGkxKzlHS015c0d6OUlWUjZMNlNEWExUSVg0UkdiUTg2dFF1YmEw?= =?utf-8?B?QzVXMVIrUUFyMERwRzZoME9CVENUdWxyRXkxUlhIMzZLUXpjMGI3cEtLL3pC?= =?utf-8?B?d29rT3FYVm9HYi8xQkVicHpoUktZZ1hCcFFiQ0ltTkhxeWdHaFBBSXRJN1dE?= =?utf-8?B?bVVuU09sWTdKZzErSi93V2JIeEN6dXZqN3VqcnZEK25pM3hZd0RHaG8zYkJx?= =?utf-8?B?V0MwMzFpWm9UanFiUSt5UkdNUEg2eE1IL3FZdzRTSVhpUXN4eE5IdisrVFky?= =?utf-8?B?bVZxdU5aNWtlUkZkLzRYV0E1THNHZzB2N0tQRWRMSkR3RFMzRGpFZ3Q5MTZw?= =?utf-8?B?NlR0eVBUL2p4Y3NHeXg1NkpCcHU0NzY4S1BsNThFUWtNOXpDZ0FKcTBNS05Z?= =?utf-8?B?Y2dsTmtYT0pja2pTRFEvU05OWGt2Ri8zbFVvaXhIb09xbDdmWlFpL1dMdFcz?= =?utf-8?B?aUhjQVdXTkJBY3B4bE53VGk5bWQxZkFRKzNqQmVRWGRkMkZERG5BOHJUMU55?= =?utf-8?B?M0p6eGdSdjA5YzVWajNNKzhWZ2ExVmlkQ1hTZ05neGkzb0xhSlVQYzRFdWlJ?= =?utf-8?B?dm1Tc3V6OGJlMnZlbS84ZlNBdklCdVAwMkNHMDA3T3NqMDRrNVFSeEdiNXpT?= =?utf-8?B?RGJNaGF5eEh5bys0ZTM0d2luZWpVQ3cxamxDWHVCd0QyRnlWcW9qNlZBL3Y4?= =?utf-8?B?MWM1U3NkTnRXY05MNkE1TURTV0JwMzJxOVgyK1lQRWh0MVJXejZSNWFuejN1?= =?utf-8?B?YUlVVXdNeVN5M1pzU1ZPbUJWWHN1OUxkcER0ejhOem53SFBuY1YzS1IxU01N?= =?utf-8?B?blJoNmpFVk5NSktvTDlqcnUzTGJoa1BvOWpJM1laMjdhZm12a004R3FFclE2?= =?utf-8?B?bUxlTFpJSmg3ZlBrSXhTWWhGc3FZQ3NqSFc2MEVjMkx0RkxDVnFKRXp1SUxC?= =?utf-8?B?eDRieWpKTmRUeTJKMDIwTXFoMFpwMm9RcFFVWWNGTVl4bWFxVHZVNVo2ekRr?= =?utf-8?B?aUpWdFkzVUFlMFR5Zjc2VWtPV3hQWEJlU1Bxc3JHSi9GU0M2S0ZSUEcwSWxk?= =?utf-8?B?L3Axd29PcC9IcWRiWlp4a1JFa3NRRjRDRlQwMEJYMHJPSzNOaDVuNmRuTDJC?= =?utf-8?B?RWNvbkFScTEwcWVLMkp4aHRnTkZaUE1RQkhhd3hsRXlxSEVkbEZscUVtZUV0?= =?utf-8?B?aTNrQ0tMbSt5UFg4dWJ6dnM1ZFNFR0x5YUMxemxlbThkVmlKRDZNbDM3bWhI?= =?utf-8?B?YlhuankrVzE0aG5jaHdYUnRiTDJzNUtWUDMrNnhCd2gvbklpMENFYTE2bTBY?= =?utf-8?B?TTNSZ3VrN05aRFJ6RDdvSncrYy9XVHFYaFVqRG13SHlPbGJHd25pMHNWcnk5?= =?utf-8?B?amVzNWozV0RvUTM5aW5GZDkrZm5GbGUvdW9TRDNub0s1Z3IySzM1NGEzZTgv?= =?utf-8?B?NDJjT3hBciszZ0M4bUlpOU1EZVdIZGEvbGVqdWxadk5oYnN4Nk5xU0NSWmIr?= =?utf-8?B?YXY3a3E4SXA1bUIwQnh0RzB1TUJkemEyQkI3MnRzWEZtWmRLWnBGc05lWDBu?= =?utf-8?B?ZUM0ajVBYXhSZ3ZKUWtLWkVXdnBYYkRhaDZnekdYcWNxNk9WMGNXNlNFK0Vw?= =?utf-8?B?ZFo4QlFpMzhyc3NHWnhQSkVhS0xueHJnV0dqVnVXb3dTMWNUMCtQZjJmTGtx?= =?utf-8?B?WjRUdnhTYzZYa09yWUg3WkxxMVczWnFEblN1OG5iVUtBbGhwakl3dDBPN0gz?= =?utf-8?B?MmgvNEdTUVJIcnpGS2ZOekdhdkZlY3pNWlJZK1VQdTRNaUJ0dTVkOTFLTlli?= =?utf-8?B?Z2dCN2d3UnNOQTV4ZkNzMnBKUmZ2UGxlYnYvK0F4OTQvTnkyTksyZWRjMUNi?= =?utf-8?B?bElNY0ZJVW5oVXFtUmdwcVIvQ1JrS3pXWnhtQXZ5WmJuTCtvTUMxWGh0SDd6?= =?utf-8?B?enpIWHdTK0w5QS9ZcW9OaU5OckNsTHlXS251WVRQRW9CVHFHQ3pCREZiU1J4?= =?utf-8?B?NW9xWjB5ajdldnVEM0RjTTc5aVVUWGFvMmxSalJQYTVodnNhR0tlZXRZSS9r?= =?utf-8?B?dytCMnN4dHBEQ09Xc2E5OHd5SGtsQkt1UG8zZVhpaGRIK3R3cnhBdz09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: a087201d-afe2-49e0-3fcd-08dec197ac38 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:50.7780 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: c05xihhwxUCfwtcIgTqhbym2hj8KOm9NyTMqneIWe5o4xuGG+tEVw2IrmwiEytLgquyN8tEm2FrdhOXn5MZaeQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0929 Add two Kconfig options for global dataflow instrumentation control: - CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL: instruments all kernel objects with dataflow tracing by default (mirrors CONFIG_KCOV_INSTRUMENT_ALL). Individual files can opt out with: KCOV_DATAFLOW_file.o :=3D n - CONFIG_KCOV_DATAFLOW_NO_INLINE: adds -fno-inline to instrumented files for complete argument visibility (default y). Setting to n allows global enablement without stack overflow or BUILD_BUG_ON failures. Overhead with INSTRUMENT_ALL (NO_INLINE=3Dn, KASAN baseline): .text: +9.5%, .data: +44%, boot: +71%, syscall: +133% Comparable to KASAN (+100-200%) and acceptable for fuzzing kernels. rust/Makefile: opt out core.o from dataflow (same as KCOV_INSTRUMENT). Signed-off-by: Yunseong Kim --- lib/Kconfig.debug | 23 ++++++++++++++++++++++- rust/Makefile | 1 + 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index abd1a94589aa..3b952b6361a8 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -2261,7 +2261,6 @@ config KCOV_SELFTEST On test failure, causes the kernel to panic. Recommended to be enabled, ensuring critical functionality works as intended. =20 - config KCOV_DATAFLOW_ARGS bool "Enable KCOV dataflow: function argument capture" depends on KCOV @@ -2283,6 +2282,28 @@ config KCOV_DATAFLOW_RET metadata, recording individual field values at runtime. Enable per-module with: KCOV_DATAFLOW_file.o :=3D y in the Makefile. Requires clang with -fsanitize-coverage=3Ddataflow-ret support. + +config KCOV_DATAFLOW_INSTRUMENT_ALL + bool "Instrument all code with KCOV dataflow by default" + depends on KCOV_DATAFLOW_ARGS || KCOV_DATAFLOW_RET + help + If enabled, all kernel objects are compiled with dataflow + instrumentation (like CONFIG_KCOV_INSTRUMENT_ALL for basic KCOV). + Individual files can opt out with: KCOV_DATAFLOW_file.o :=3D n + Increases compile time and binary size significantly. + Suitable for fuzzing and security auditing kernels. + +config KCOV_DATAFLOW_NO_INLINE + bool "Disable inlining for dataflow-instrumented files" + depends on KCOV_DATAFLOW_ARGS || KCOV_DATAFLOW_RET + default y + help + Adds -fno-inline to dataflow-instrumented files for complete + argument visibility. Without this, inlined functions will not + have their arguments captured individually. + Disabling allows global enablement with lower overhead at the + cost of missing inlined function traces. + config DEBUG_AID_FOR_SYZBOT bool "Additional debug code for syzbot" default n diff --git a/rust/Makefile b/rust/Makefile index b9e9f512cec3..d122a65226dc 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -656,6 +656,7 @@ ifneq ($(or $(CONFIG_X86_64),$(CONFIG_X86_32)),) $(obj)/core.o: scripts/target.json endif KCOV_INSTRUMENT_core.o :=3D n +KCOV_DATAFLOW_core.o :=3D n =20 $(obj)/compiler_builtins.o: private skip_gendwarfksyms =3D 1 $(obj)/compiler_builtins.o: private rustc_objcopy =3D -w -W '__*' --=20 2.43.0 From nobody Mon Jun 8 08:30:47 2026 Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazon11011003.outbound.protection.outlook.com [40.107.130.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28B4248164A; Wed, 3 Jun 2026 17:43:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.130.3 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508638; cv=fail; b=I7u5wgxc9UIgmLCB7VdaA6ln10xq8JDsVMwT3dxyQ7Lass+fZ5reqnMqsDCEcFPwAuWtxtC9fMDGBaEOQhJbG5gVv0DyiygRg0gR7jMtqhqNCf00JaXZ4RPU2BaR0JVM4rMVAzQ4P1ehcfD6Mbmd8LeUpUDmPOWEcZ3kueSAdgM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508638; c=relaxed/simple; bh=4uAmKVHT4YgUXldNscMuTepw72D9AUUzGcclheaGOys=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=bl7eYtFaTPfjZz0TN03+/QYDcyV9LtlZ88ik7lEsf5OzqS7MhN0pFr2H5bAR5Q6k8Dit/enxkunelN31E4aKIZ3QQuajWiO7f6j0EMptsGzd4FNtrMsQjZ7zFAbzum8qIR+Td+ICr+5q0H0e2W/jGDX5X3vXHFxzHWu2FjO3seQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=lteTRD8a; arc=fail smtp.client-ip=40.107.130.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="lteTRD8a" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=F7wQdL3TrjKsMcoCdC6PUVx73fwHEKugbsfaPGIHZfGDI3bh+Cx0t9RzGCwoiYMNebVPog8zBKKLSY5/LRCaViJva0xDfumVY/ZWaRd/etU6XJpc112J7mhtxuh/AyPicjhWNE8WICblc169aNzYcMwV+vHhKMKjH8Q1gk4LlVTSd3dsVkQxXfhmzVc2lq9xLCxSOY+q7TambuEPrJ5agIRxIuPmFjzqPh2J2SwbT8mRmzRR6o2EuwRehl2o6H7vF/4qWKTjKxPMqIXjftTnFUtXi2vCdr7I8rBbsSLRo4SnZGDFUPfFRtNHkF0PLW6W5JOZfJWRGXa7iFXXur6EUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/cOGKiJ6cSokO7n5kdbwTxpc/y/P6fiLF96NtQPAHaU=; b=oJoGRZk6NCok+9BdfgraXUDaoksKKoDWnwde2EgCK81iKgj3ejC8ra1EWxlQkmrm0a6at8Os0bPWyPaofwR8f3HdPj/y9ZdSDZDBjtbxtJ3HL3+bWaHiwzx2NMcMELmnVhs3fWv0cF0eOMYptJ/n1G9vtJrmDP44XkH3/QUxRI94OJMcMP8556/WJ5bE+psGg3aXJswN5mj8x92cpccvEy6ZEdANqFm9Hbjqqc+F3B5+OFeQaI5NspljfbLzm2aJHqQI7kVVHCu0CL7SSlNb6FqXGUSdVlxiyxr/RIaK/xOUCfu8l0b4RkuEcl/OsQ4cYx1LdYspyL1zcSxzDbECUA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/cOGKiJ6cSokO7n5kdbwTxpc/y/P6fiLF96NtQPAHaU=; b=lteTRD8aIgaRnAzjAX2oLMQ7UyTRqCpkfXz+nY55BL12BbnL81GZP1E6yGbyQmh670sP1XmnfN2KrxbpmtsrlgBa4dQVP6B6UtA6c4vsaI3aSsSuv5/UjOdtsHc5a3mIfd6Q7m7g/nypS7YD0XPUbsnFp/9rq+BWGfh995VlXqxkTNZoXfEE9IWfXRM4KqwMfLDKv1TMIwtPW/9kgQ3FBm9Ek0TbVQWmUm7rMz4L2G3n8dgCIkQu9YZvKWEGtswslXt79zcGl0b384h1RtHPD0YMDJ0q+L4P89F7L272P31sYMcfYN9zFvwIfd+6zlAiwtQqpXW0QT+5wCgkQ12YEQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0929.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:17d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:52 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:52 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:31 +0200 Subject: [RFC PATCH v2 4/6] tools/kcov-dataflow: add userspace consumer and test modules Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-4-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=29565; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=4uAmKVHT4YgUXldNscMuTepw72D9AUUzGcclheaGOys=; b=iIQn/JcFem10KaKBdhNmfU8hkadmt63RBxoZXTZ40swRetOB3N5+8qwU2vUK8ATdsXbUJxg+i oDoA2kE9oxfBSO0ShgA/uNqNwnBlgPmZOX4d4xNx+pXZ2JvCgIbGYQd X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: DUZPR01CA0278.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b9::23) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0929:EE_ X-MS-Office365-Filtering-Correlation-Id: 7644f24e-ebc9-4f06-bf25-08dec197ad5f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|7416014|376014|366016|1800799024|921020|6133799003|18002099003|22082099003|56012099006|11063799006|3023799007; X-Microsoft-Antispam-Message-Info: CTHU3GljEXfxZ5udJbGPCLrdHcuakpbR6NW4UCJ3wZlM+N2jadwKtCbZc6DYrFiXE3rSCBJDjCIpg2z+JRar5WcraCHzALaIVfpOUD6ynS1z/2gR5deTFD9NE8aCN09Kww9an25a6DKE00Bx2ZesWfkLgYyJ77eKBbOZE6z3pvSL1rA18YZa5V4FDVY1eh5OtIY/mVlNZxI92uXhFV0OVnGJi7boSaZUuXbzesdM7hA5D4nRCWKoQvnXFMDFCeQ96RInQV5XR0xtrKegMCqBZ8h+XO7ABumVLDY2C9ysikk3d/Hj/zIqN0nxAl6YrKl8FgtkBCJy6IoCkObJyv1wwKCytUzf+Rm0MvSq8cl0ujk5AKY4wRWr4gXIn8OFw1RBjo+pzWe2oF/Em42fHhfSk8rqz+CI1ixstKpyDNy39SMZUy0xHOcGmIZ4f20mASL4vclsvfPj6Pj4fy+Y1PfS0r2rQwGoOsZnWguzg3N31gzAbzgouTaer2j/VsSw2nZwi3qu/LCFeMzagiQdM54qeexffjYNh724Nf02g6jgLffJkHgFPLTmLTbt9T9bbMlFhpe6z6XS0XiqzY9HET4jgi1fYVN/4r2LcSDqGLRHrMmno2Wk/ShVDXe5g7oH7jtSWkQAPwvHob5S7EQdPMG3gEtIjde/D9unb1IhBC9tYt0Mk/JBs93KxNGNqrrAp9O4jJosZRGmfzYCaOEA/ewmQR81t9eY2SoCJh3nLqBgzYo= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(7416014)(376014)(366016)(1800799024)(921020)(6133799003)(18002099003)(22082099003)(56012099006)(11063799006)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bkZyTzBwRW0vT3c5YmxsTWFoU1EyWDVtclFGZWlvZVVuS0IvTXFSTEMrekhm?= =?utf-8?B?aGdOdDNKSVQxeEY4RnpSVyt4NEpyWUN2TGpEaTVTR3JBZnFRNFN0OUdybUZY?= =?utf-8?B?K3pRbmdVZG1BS1duRktkbWFSZjROd20wU05RbUFTUXdiNkhzQ1VHdjl2dU4y?= =?utf-8?B?bDRTWGpkNFl2S25SUDRzeldZc29WWkYrSkdJRVB4NnRqa0xodmZQYmJtNDd3?= =?utf-8?B?UVMybGFRcFJlK0pxN3pUbnNTcUlacHFEd0ZXSWQ4NHZrYy82dDFrbGQrbnc2?= =?utf-8?B?NTh0Uno3UXdJeGpvdHZ1MDZibFIrSzloS1dhZGVLVDNDTXVJSVY2VWs4ZTFr?= =?utf-8?B?NFdjelhMd2c3Ri9tRVRvT1doOFF2ZEJkZGRKK01FTHUwamo5aEJiY3gvenVl?= =?utf-8?B?SmxiaUErUndQSzk4YkYyR2tHdDhLUmZRaUl2NC9lYUxzZjJRUURkVjFyOEF3?= =?utf-8?B?MjdIUEluZDNWVkpGWW5xZXQzN3FQaTNLTHlnQTdSK1lwQnVHbDNaQzJjU1Vq?= =?utf-8?B?dW9PTzZPeXN6b1AwSjFhdmlzU1pDZ1FVSG9lRW41eE9WT1R4RU1pcE02U0FP?= =?utf-8?B?TnpkVTkwYXdRNW5VdDY4dG0xWE1mWEM4YkRXaHBCOWRRUDRDamZDcmY3TS8x?= =?utf-8?B?d2N2cm1YYVBsTXFWLzdUaFpibFZHeVV3ZGsvclhNN2dLakovV2Z1RmxpelQ0?= =?utf-8?B?Y053b3Y3UkNkSkMxcTVNMXBRS1l2YXhwWVJzN0l1ZXdSeGRBbG5mZU93WDFy?= =?utf-8?B?bE1TLzhyb2c3Zm9tNGNXU3k4MlZPaGpRSVVpWCtMcHJIZEU5KytpZTE4c3hp?= =?utf-8?B?dzhxSmxmb1Z3b002MzB4RDQzdTZGNFJPd0JtdDRCV0kyTHRua0dqUVNCdzFu?= =?utf-8?B?MmdpSERGZmdlM1habkZRSThvYjJwcVdHZ3RDRThQYU13bFlRNWFBZXFLS2cx?= =?utf-8?B?ckVJcTV6L1BzbC9TemlKaFhnNDVSK1FjTDZqMEZBYTNrNnpaaFd2amJOeU1O?= =?utf-8?B?MW5oMEk5U0NYVmRvak83RURYd2g4VFgrMUMvR0Fmb3RJQzNFdE1YdG9MNUlH?= =?utf-8?B?cGxwaVRtYUM4bkwxWXg0RTg2d25UV0JGZjFtdHQ5Z3JXR2xKSFk0Y0prejE2?= =?utf-8?B?WWdqQ1FqbFJzMzJTd3Q1ZmQ3cExjWUNvZ3hhdGNtcVN3MjRJQlhrRTJkb3Fn?= =?utf-8?B?aVQzYlgwakNXaDJDajQyWVdudFVXK0NySDN1eDFWQUNpMG42cHU5VkZVcURH?= =?utf-8?B?dEp4Z2NISW16M3paQ0JvbFF5OVp0alZqaGN5VXJwelJJMVpqWjhLSm96SEhZ?= =?utf-8?B?alUvU2RvUU1rcFBVTytKSFliaFFGYkVJVG96ZUk3bk5vazVKUm9uS3RXaktp?= =?utf-8?B?Q2FCMDJvcWxnZDhDOE4xSFUzY0lMd1cvNnhGb1JzM3MrUHlGNWtSYnIxSmR4?= =?utf-8?B?SzJwWGVuNXFBYVBtZ1dPYjNMMncxRDFjL2RZdWtZOWpCRGFoWHdYTDFrSytz?= =?utf-8?B?VGZRaWdyYjJPLzU4bjlyZWtXT1JmSERONnIrNndMWHo2WGQvUzdzd1RvUzB0?= =?utf-8?B?Z2VISzFtcU55OUJiZ3VaRnkzb1ZCVXVOVVlZQ1M4V29IMCtQZzdadmlnc1Qx?= =?utf-8?B?aTk3eGFiSXFjUmtnWk1SdWkrVzI2SHRzajBEUndZU0ZiUTV3dVg0REVUT2gr?= =?utf-8?B?eG51QjZOZk5SUktCSC8wRzZOVGpSc1ZOMUZBbkVRN1Vwait1b0hYUDRBekNs?= =?utf-8?B?cXNSQWhtSVg4TXcwRlcwYVVySzFFOWtOVTUva2VNbnlNY2NiL3ZrVG9IbEY0?= =?utf-8?B?ZFZrR21lMEtLKzZ3c0RGRFd5NWM5MTlqdUdMV29OYWw2TDBROXRvdjRJc0Uy?= =?utf-8?B?Q3piY3AvUWF0aHJWOVo4ZzQ0K2wvM0p3T0VFMXNXSlpGWVdZTG5Oc2JWNC9E?= =?utf-8?B?enp4Sld6V2Jya2lFQzZBenZYckhQQXFrVlJFV1RuMzhlWFh3U2t6YUZFMmJY?= =?utf-8?B?WlZoM3JrNlRwOUxNRlpTNUFnUUhwZW1PelZnM0hZS2VoYjBFOUlmN2dweDA0?= =?utf-8?B?U0JqMjA3YkhkT25VV3lxempRZjcxUm1RVE1xSTBMdkpsTWtuMTBKZWsxZStv?= =?utf-8?B?Y3J6eVA3dXNyYnowOVpCODlLMVpObHZFUmdock5vSGMvRlJ6UmppR3BTQzNq?= =?utf-8?B?RU8wT2NVaGZWS0NVcVhYbzR6RkhPMmk0UXowMWQ1blpReTVMV3djQ1RsQWc0?= =?utf-8?B?TVMwcmZuTmdpdVJKTnBPWEM3bWFMakRLeHpJY0JTaHI5cW1ER1RybXNlWk9L?= =?utf-8?B?VzBGYWUwR0xIMXlIa2txeDQyWDFzRnFaYk9WL3NOWUwyZnN6VCtOQT09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 7644f24e-ebc9-4f06-bf25-08dec197ad5f X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:52.7296 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: PGmygXVUaP6G55PWGhtjGdGKjEjGF9dxBja0/5fIYmtpyU0OfzczWYimSHeI6yAvP13q/VLb8ciWLlSKrdH6RA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0929 Add tools/kcov-dataflow/ with: - trigger.c: userspace consumer that opens /sys/kernel/debug/kcov_dataflow, mmaps the buffer, enables recording, triggers a kernel path, and dumps the captured TLV records. - kcov-view.py: visualization tool that parses and pretty-prints the binary TLV buffer with struct field expansion and symbol resolution. - eight_args_c/eight_args_mod.c: stress test with 1-8 argument functions verifying correct capture of register and stack-passed arguments. - eight_args_rust/eight_args_rust.rs: Rust equivalent of the 8-argument stress test, verifying Rust module dataflow support. - deep_module/deep_chain_mod.c: 10-level deep call chain demonstrating taint propagation tracking across function boundaries. Sample kcov-view.py output (C): func2+0x0 [eight_args_mod](arg[0]=3D0x11, arg[1]=3D0x22) ret =3D 0x33 func8+0x0 [eight_args_mod](arg[0]=3D0x11, .., arg[7]=3D0x88) ret =3D 0x264 Sample kcov-view.py output (Rust): rfunc2+0x0 [eight_args_rust](arg[0]=3D0x11, arg[1]=3D0x22) ret =3D 0x33 rfunc8+0x0 [eight_args_rust](arg[0]=3D0x11, .., arg[7]=3D0x88) ret =3D 0x264 Signed-off-by: Yunseong Kim --- tools/kcov-dataflow/.gitignore | 12 + tools/kcov-dataflow/deep_module/Makefile | 2 + tools/kcov-dataflow/deep_module/deep_chain_mod.c | 224 +++++++++++++++++ tools/kcov-dataflow/eight_args_c/Makefile | 2 + tools/kcov-dataflow/eight_args_c/eight_args_mod.c | 95 +++++++ tools/kcov-dataflow/eight_args_rust/Makefile | 2 + .../eight_args_rust/eight_args_rust.rs | 114 +++++++++ tools/kcov-dataflow/kcov-view.py | 272 +++++++++++++++++= ++++ tools/kcov-dataflow/trigger.c | 125 ++++++++++ 9 files changed, 848 insertions(+) diff --git a/tools/kcov-dataflow/.gitignore b/tools/kcov-dataflow/.gitignore new file mode 100644 index 000000000000..1f35df8fbd07 --- /dev/null +++ b/tools/kcov-dataflow/.gitignore @@ -0,0 +1,12 @@ +# Built binaries +test_mock +test_mock_binary +trigger +*.o +*.ko +*.mod +*.mod.c +Module.symvers +modules.order +.module-common.o +*.ll diff --git a/tools/kcov-dataflow/deep_module/Makefile b/tools/kcov-dataflow= /deep_module/Makefile new file mode 100644 index 000000000000..6afed580dc9a --- /dev/null +++ b/tools/kcov-dataflow/deep_module/Makefile @@ -0,0 +1,2 @@ +obj-m :=3D deep_chain_mod.o +KCOV_DATAFLOW_deep_chain_mod.o :=3D y diff --git a/tools/kcov-dataflow/deep_module/deep_chain_mod.c b/tools/kcov-= dataflow/deep_module/deep_chain_mod.c new file mode 100644 index 000000000000..786e23c5d213 --- /dev/null +++ b/tools/kcov-dataflow/deep_module/deep_chain_mod.c @@ -0,0 +1,224 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * deep_chain_mod.c - Demonstrates kcov_dataflow tracing through 10 nested + * function calls. An attacker-controlled "offset" value propagates from + * the entry point through transformations until it causes an OOB write + * in the deepest function. + * + * Call chain: + * entry_handler =E2=86=92 parse_request =E2=86=92 validate_header =E2= =86=92 extract_payload =E2=86=92 + * transform_data =E2=86=92 apply_filter =E2=86=92 compute_index =E2=86= =92 lookup_slot =E2=86=92 + * write_slot =E2=86=92 commit_write (BUG: OOB here) + */ +#include +#include +#include +#include +#include + +/* Simulated protocol structures */ +struct request_header { + u32 magic; + u32 version; + u32 payload_offset; /* =E2=86=90 attacker controls this */ + u32 payload_size; +}; + +struct payload { + u64 session_id; + u32 transform_key; + u32 filter_mask; + u8 data[32]; +}; + +struct slot_table { + u32 num_slots; + u64 slots[8]; /* only 8 slots! */ +}; + +static struct proc_dir_entry *proc_deep; + +/* =3D=3D=3D 10 nested functions: deepest first =3D=3D=3D */ + +/* Function 10 (DEEPEST): The vulnerable write */ +static noinline int commit_write(struct slot_table *table, u32 index, u64 = value) +{ + /* BUG: no bounds check on index =E2=80=94 if index >=3D 8, OOB write */ + table->slots[index] =3D value; + return 0; +} + +/* Function 9 */ +static noinline int write_slot(struct slot_table *table, u32 slot_idx, + u64 session_id) +{ + u64 combined =3D session_id ^ (u64)slot_idx; + + return commit_write(table, slot_idx, combined); +} + +/* Function 8 */ +static noinline u32 lookup_slot(struct slot_table *table, u32 computed_idx) +{ + /* Pass through =E2=80=94 in real code this might do hash lookup */ + u32 final_idx =3D computed_idx % 16; /* BUG: should be % 8 */ + + write_slot(table, final_idx, 0xDEADC0DE00000000ULL | final_idx); + return final_idx; +} + +/* Function 7 */ +static noinline u32 compute_index(u32 transform_result, u32 filter_output) +{ + /* Combines two values into an index */ + return (transform_result + filter_output) & 0xF; /* 0-15, but table has = 8 */ +} + +/* Function 6 */ +static noinline u32 apply_filter(struct payload *pl, u32 transformed_val) +{ + u32 filtered =3D transformed_val & pl->filter_mask; + + return filtered >> 1; +} + +/* Function 5 */ +static noinline u32 transform_data(struct payload *pl, u32 raw_offset) +{ + /* Transforms the offset using the payload's key */ + return raw_offset * pl->transform_key; +} + +/* Function 4 */ +static noinline struct payload *extract_payload(void *buf, u32 offset, u32= size) +{ + /* In real code: validates and extracts payload from buffer */ + return (struct payload *)((u8 *)buf + offset); +} + +/* Function 3 */ +static noinline int validate_header(struct request_header *hdr) +{ + if (hdr->magic !=3D 0x50524F54) /* "PROT" */ + return -1; + if (hdr->version > 2) + return -1; + /* BUG: doesn't validate payload_offset bounds! */ + return 0; +} + +/* Function 2 */ +static noinline int parse_request(void *buf, u32 buf_size, + struct request_header **out_hdr, + struct payload **out_payload) +{ + struct request_header *hdr =3D (struct request_header *)buf; + + if (validate_header(hdr) < 0) + return -1; + + *out_hdr =3D hdr; + *out_payload =3D extract_payload(buf, hdr->payload_offset, hdr->payload_s= ize); + return 0; +} + +/* Function 1 (ENTRY): The syscall handler */ +static noinline int entry_handler(void *user_buf, u32 user_size) +{ + struct request_header *hdr; + struct payload *pl; + struct slot_table *table; + u32 transformed, filtered, index, slot; + + if (parse_request(user_buf, user_size, &hdr, &pl) < 0) + return -1; + + table =3D kzalloc(sizeof(*table), GFP_KERNEL); + if (!table) + return -ENOMEM; + table->num_slots =3D 8; + + /* The tainted data flow: + * hdr->payload_offset =E2=86=92 extract_payload =E2=86=92 pl + * pl->transform_key + payload_offset =E2=86=92 transform_data =E2=86=92 = transformed + * transformed + pl->filter_mask =E2=86=92 apply_filter =E2=86=92 filtered + * transformed + filtered =E2=86=92 compute_index =E2=86=92 index + * index =E2=86=92 lookup_slot =E2=86=92 slot (% 16, should be % 8) + * slot =E2=86=92 write_slot =E2=86=92 commit_write (OOB if slot >=3D 8) + */ + transformed =3D transform_data(pl, hdr->payload_offset); + filtered =3D apply_filter(pl, transformed); + index =3D compute_index(transformed, filtered); + slot =3D lookup_slot(table, index); + + pr_info("deep_chain: slot=3D%u (OOB if >=3D 8)\n", slot); + + kfree(table); + return 0; +} + +/* Trigger: constructs a malicious request that causes index=3D12 (OOB) */ +static ssize_t deep_trigger_write(struct file *file, const char __user *ub= uf, + size_t count, loff_t *ppos) +{ + u8 *buf; + struct request_header *hdr; + struct payload *pl; + + buf =3D kzalloc(256, GFP_KERNEL); + if (!buf) + return -ENOMEM; + + /* Craft malicious request */ + hdr =3D (struct request_header *)buf; + hdr->magic =3D 0x50524F54; /* valid magic */ + hdr->version =3D 1; /* valid version */ + hdr->payload_offset =3D 16; /* offset to payload (valid position) */ + hdr->payload_size =3D sizeof(struct payload); + + /* Craft payload that will produce OOB index */ + pl =3D (struct payload *)(buf + 16); + pl->session_id =3D 0xAAAABBBBCCCCDDDDULL; + pl->transform_key =3D 3; /* multiplier */ + pl->filter_mask =3D 0xFFFFFFFF; /* no filtering */ + memcpy(pl->data, "ATTACKER_PAYLOAD_DATA!!!", 24); + + /* + * Trace: payload_offset=3D16, transform_key=3D3 + * transformed =3D 16 * 3 =3D 48 + * filtered =3D (48 & 0xFFFFFFFF) >> 1 =3D 24 + * index =3D (48 + 24) & 0xF =3D 72 & 0xF =3D 8 + * lookup_slot: final_idx =3D 8 % 16 =3D 8 =E2=86=90 OOB! (table has slo= ts[0..7]) + */ + + pr_info("deep_chain: triggering 10-deep call chain with offset=3D%u\n", + hdr->payload_offset); + + entry_handler(buf, 256); + + kfree(buf); + return count; +} + +static const struct proc_ops deep_proc_ops =3D { + .proc_write =3D deep_trigger_write, +}; + +static int __init deep_chain_init(void) +{ + proc_deep =3D proc_create("deep_trigger", 0200, NULL, &deep_proc_ops); + if (!proc_deep) + return -ENOMEM; + pr_info("deep_chain_mod: loaded. echo x > /proc/deep_trigger\n"); + return 0; +} + +static void __exit deep_chain_exit(void) +{ + proc_remove(proc_deep); +} + +module_init(deep_chain_init); +module_exit(deep_chain_exit); +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("10-deep call chain for kcov_dataflow visualization"); diff --git a/tools/kcov-dataflow/eight_args_c/Makefile b/tools/kcov-dataflo= w/eight_args_c/Makefile new file mode 100644 index 000000000000..de35bb541f07 --- /dev/null +++ b/tools/kcov-dataflow/eight_args_c/Makefile @@ -0,0 +1,2 @@ +obj-m :=3D eight_args_mod.o +KCOV_DATAFLOW_eight_args_mod.o :=3D y diff --git a/tools/kcov-dataflow/eight_args_c/eight_args_mod.c b/tools/kcov= -dataflow/eight_args_c/eight_args_mod.c new file mode 100644 index 000000000000..660b27033756 --- /dev/null +++ b/tools/kcov-dataflow/eight_args_c/eight_args_mod.c @@ -0,0 +1,95 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * eight_args_mod.c - Verify kcov_dataflow captures 1 through 8 argument f= unctions. + */ +#include +#include + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("KCOV dataflow 8-argument stress test module"); + +noinline u64 func1(u64 a1) +{ + return a1; +} +EXPORT_SYMBOL(func1); + +noinline u64 func2(u64 a1, u64 a2) +{ + return a1 + a2; +} +EXPORT_SYMBOL(func2); + +noinline u64 func3(u64 a1, u64 a2, u64 a3) +{ + return a1 + a2 + a3; +} +EXPORT_SYMBOL(func3); + +noinline u64 func4(u64 a1, u64 a2, u64 a3, u64 a4) +{ + return a1 + a2 + a3 + a4; +} +EXPORT_SYMBOL(func4); + +noinline u64 func5(u64 a1, u64 a2, u64 a3, u64 a4, u64 a5) +{ + return a1 + a2 + a3 + a4 + a5; +} +EXPORT_SYMBOL(func5); + +noinline u64 func6(u64 a1, u64 a2, u64 a3, u64 a4, u64 a5, u64 a6) +{ + return a1 + a2 + a3 + a4 + a5 + a6; +} +EXPORT_SYMBOL(func6); + +noinline u64 func7(u64 a1, u64 a2, u64 a3, u64 a4, u64 a5, u64 a6, + u64 a7) +{ + return a1 + a2 + a3 + a4 + a5 + a6 + a7; +} +EXPORT_SYMBOL(func7); + +noinline u64 func8(u64 a1, u64 a2, u64 a3, u64 a4, u64 a5, u64 a6, + u64 a7, u64 a8) +{ + return a1 + a2 + a3 + a4 + a5 + a6 + a7 + a8; +} +EXPORT_SYMBOL(func8); + +static ssize_t trigger_write(struct file *f, const char __user *buf, + size_t count, loff_t *ppos) +{ + pr_info("func1(0x11)=3D0x%llx\n", func1(0x11)); + pr_info("func2(0x11,0x22)=3D0x%llx\n", func2(0x11, 0x22)); + pr_info("func3(0x11,0x22,0x33)=3D0x%llx\n", + func3(0x11, 0x22, 0x33)); + pr_info("func4(0x11,..,0x44)=3D0x%llx\n", + func4(0x11, 0x22, 0x33, 0x44)); + pr_info("func5(0x11,..,0x55)=3D0x%llx\n", + func5(0x11, 0x22, 0x33, 0x44, 0x55)); + pr_info("func6(0x11,..,0x66)=3D0x%llx\n", + func6(0x11, 0x22, 0x33, 0x44, 0x55, 0x66)); + pr_info("func7(0x11,..,0x77)=3D0x%llx\n", + func7(0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77)); + pr_info("func8(0x11,..,0x88)=3D0x%llx\n", + func8(0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88)); + return count; +} + +static const struct proc_ops ops =3D { .proc_write =3D trigger_write }; + +static int __init init_mod(void) +{ + proc_create("test_args", 0200, NULL, &ops); + return 0; +} + +static void __exit exit_mod(void) +{ + remove_proc_entry("test_args", NULL); +} + +module_init(init_mod); +module_exit(exit_mod); diff --git a/tools/kcov-dataflow/eight_args_rust/Makefile b/tools/kcov-data= flow/eight_args_rust/Makefile new file mode 100644 index 000000000000..8881d369e670 --- /dev/null +++ b/tools/kcov-dataflow/eight_args_rust/Makefile @@ -0,0 +1,2 @@ +obj-m :=3D eight_args_rust.o +KCOV_DATAFLOW_eight_args_rust.o :=3D y diff --git a/tools/kcov-dataflow/eight_args_rust/eight_args_rust.rs b/tools= /kcov-dataflow/eight_args_rust/eight_args_rust.rs new file mode 100644 index 000000000000..11bbe1449eaf --- /dev/null +++ b/tools/kcov-dataflow/eight_args_rust/eight_args_rust.rs @@ -0,0 +1,114 @@ +// SPDX-License-Identifier: GPL-2.0 +//! Verify kcov_dataflow captures 1-arg through 8-arg functions. +//! Write to /sys/kernel/debug/test_args_rust to trigger all 8. +#![allow(missing_docs)] + +use kernel::prelude::*; +use kernel::c_str; + +module! { + type: ArgsModule, + name: "eight_args_rust", + authors: ["kcov-dataflow"], + description: "1-8 arg verification", + license: "GPL", +} + +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc1(a1: u64) -> u64 { a1 } +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc2(a1: u64, a2: u64) -> u64 { a1 + a2 } +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc3(a1: u64, a2: u64, a3: u64) -> u64 { + a1 + a2 + a3 +} +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc4(a1: u64, a2: u64, a3: u64, a4: u64) -> u64 { + a1 + a2 + a3 + a4 +} +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc5( + a1: u64, a2: u64, a3: u64, a4: u64, a5: u64, +) -> u64 { + a1 + a2 + a3 + a4 + a5 +} +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc6( + a1: u64, a2: u64, a3: u64, a4: u64, a5: u64, a6: u64, +) -> u64 { + a1 + a2 + a3 + a4 + a5 + a6 +} +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc7( + a1: u64, a2: u64, a3: u64, a4: u64, a5: u64, a6: u64, a7: u64, +) -> u64 { + a1 + a2 + a3 + a4 + a5 + a6 + a7 +} +#[no_mangle] +#[inline(never)] +pub extern "C" fn rfunc8( + a1: u64, a2: u64, a3: u64, a4: u64, a5: u64, a6: u64, a7: u64, + a8: u64, +) -> u64 { + a1 + a2 + a3 + a4 + a5 + a6 + a7 + a8 +} + +unsafe extern "C" fn write_handler( + _file: *mut kernel::bindings::file, + _buf: *const core::ffi::c_char, + count: usize, + _ppos: *mut kernel::bindings::loff_t, +) -> kernel::ffi::c_long { + let r1 =3D rfunc1(0x11); + pr_info!("rfunc1: ret=3D0x{:x}\n", r1); + let r2 =3D rfunc2(0x11, 0x22); + pr_info!("rfunc2: ret=3D0x{:x}\n", r2); + let r3 =3D rfunc3(0x11, 0x22, 0x33); + pr_info!("rfunc3: ret=3D0x{:x}\n", r3); + let r4 =3D rfunc4(0x11, 0x22, 0x33, 0x44); + pr_info!("rfunc4: ret=3D0x{:x}\n", r4); + let r5 =3D rfunc5(0x11, 0x22, 0x33, 0x44, 0x55); + pr_info!("rfunc5: ret=3D0x{:x}\n", r5); + let r6 =3D rfunc6(0x11, 0x22, 0x33, 0x44, 0x55, 0x66); + pr_info!("rfunc6: ret=3D0x{:x}\n", r6); + let r7 =3D rfunc7(0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77); + pr_info!("rfunc7: ret=3D0x{:x}\n", r7); + let r8 =3D rfunc8(0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88); + pr_info!("rfunc8: ret=3D0x{:x}\n", r8); + count as kernel::ffi::c_long +} + +#[repr(transparent)] +struct SyncFops(kernel::bindings::file_operations); +unsafe impl Sync for SyncFops {} + +static FOPS: SyncFops =3D SyncFops(kernel::bindings::file_operations { + write: Some(unsafe { core::mem::transmute(write_handler as *const ()) = }), + ..unsafe { core::mem::zeroed() } +}); + +struct ArgsModule { d: *mut kernel::bindings::dentry } + +impl kernel::Module for ArgsModule { + fn init(_module: &'static ThisModule) -> Result { + let d =3D unsafe { + kernel::bindings::debugfs_create_file_unsafe( + c_str!("test_args_rust").as_char_ptr(), + 0o222, core::ptr::null_mut(), core::ptr::null_mut(), &FOPS= .0, + ) + }; + Ok(Self { d }) + } +} +impl Drop for ArgsModule { + fn drop(&mut self) { unsafe { kernel::bindings::debugfs_remove(self.d)= }; } +} +unsafe impl Send for ArgsModule {} +unsafe impl Sync for ArgsModule {} diff --git a/tools/kcov-dataflow/kcov-view.py b/tools/kcov-dataflow/kcov-vi= ew.py new file mode 100755 index 000000000000..70acb5474f5e --- /dev/null +++ b/tools/kcov-dataflow/kcov-view.py @@ -0,0 +1,272 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0 +""" +kcov-view.py - Merged KCOV + KCOV_DATAFLOW viewer + +Reads both /sys/kernel/debug/kcov (PC trace) and /sys/kernel/debug/kcov_da= taflow +(args/ret), correlates by PC, and produces a human-readable call trace with +argument values and struct field expansion. + +Usage (inside guest or with appropriate permissions): + python3 kcov-view.py + +Example: + python3 kcov-view.py "echo x > /proc/uaf_trigger" + +Output: + func+0x0 [module] + =E2=86=92 a(arg[0]=3D0x1, arg[1]=3D0x2, arg[2]=3D0x3, arg[3]=3Dstruc= t{.f[0]=3D1, .f[1]=3D2, .f[2]=3D3}) + =E2=86=90 ret =3D struct{.f[0]=3D1, .f[1]=3D2, .f[2]=3D3} + =E2=86=92 a(arg[0]=3D0x0, arg[1]=3D0x0, arg[2]=3D0x1, arg[3]=3DNULL) + =E2=86=90 ret =3D 0x0 +""" +import os, sys, struct, mmap, fcntl, subprocess, re, ctypes +from collections import defaultdict + +# Ioctl definitions (x86_64) +KCOV_INIT_TRACE =3D 0x80086301 # _IOR('c', 1, unsigned long) +KCOV_ENABLE =3D 0x6364 # _IO('c', 100) +KCOV_DISABLE =3D 0x6365 # _IO('c', 101) +KCOV_TRACE_PC =3D 0 + +KCOV_DF_INIT_TRACE =3D 0x80086401 # _IOR('d', 1, unsigned long) +KCOV_DF_ENABLE =3D 0x6464 # _IO('d', 100) +KCOV_DF_DISABLE =3D 0x6465 # _IO('d', 101) + +BUF_SIZE =3D 65536 # 65536 * 8 =3D 512KB =3D 128 pages (page-aligned) + +# Load kallsyms for symbolization +def load_kallsyms(): + syms =3D {} + try: + with open("/proc/kallsyms") as f: + for line in f: + parts =3D line.split() + if len(parts) >=3D 3: + addr =3D int(parts[0], 16) + name =3D parts[2] + mod =3D parts[3].strip("[]") if len(parts) > 3 else "" + syms[addr] =3D (name, mod) + except: + pass + return syms + +def symbolize(pc, syms): + """Find nearest symbol <=3D pc""" + best_addr =3D 0 + best_name =3D f"0x{pc:x}" + best_mod =3D "" + for addr, (name, mod) in syms.items(): + if addr <=3D pc and addr > best_addr: + best_addr =3D addr + best_name =3D name + best_mod =3D mod + offset =3D pc - best_addr + if best_mod: + return f"{best_name}+0x{offset:x} [{best_mod}]" + return f"{best_name}+0x{offset:x}" + +def parse_dataflow(buf, n): + """Parse TLV records from kcov_dataflow buffer into a list of events."= "" + events =3D [] + i =3D 1 + while i <=3D n and i < BUF_SIZE: + hdr =3D buf[i] + typ =3D hdr & 0xF0000000 + seq =3D hdr & 0x00FFFFFF + + if typ not in (0xE0000000, 0xF0000000): + i +=3D 1 + continue + + pc =3D buf[i + 1] + meta =3D buf[i + 2] + i +=3D 3 + + # Collect field values + fields =3D [] + while i <=3D n and i < BUF_SIZE: + v =3D buf[i] + vtype =3D v & 0xF0000000 + if vtype =3D=3D 0xE0000000 or vtype =3D=3D 0xF0000000: + break + fields.append(v) + i +=3D 1 + + if typ =3D=3D 0xE0000000: + arg_idx =3D (meta >> 56) & 0xFF + arg_sz =3D (meta >> 48) & 0xFF + ptr =3D meta & 0xFFFFFFFFFFFF + events.append({ + "type": "entry", "seq": seq, "pc": pc, + "arg_idx": arg_idx, "arg_size": arg_sz, + "ptr": ptr, "fields": fields + }) + else: + ret_sz =3D (meta >> 48) & 0xFF + ptr =3D meta & 0xFFFFFFFFFFFF + events.append({ + "type": "ret", "seq": seq, "pc": pc, + "ret_size": ret_sz, "ptr": ptr, "fields": fields + }) + return events + +def format_value(val): + if val =3D=3D 0xBADADD85: + return "FAULT" + if val =3D=3D 0: + return "0" + return f"0x{val:x}" + +def format_entry(ev): + """Format an entry event as a function argument.""" + if len(ev["fields"]) > 1: + # Struct: multiple fields + flds =3D ", ".join(f".f[{i}]=3D{format_value(v)}" for i, v in enum= erate(ev["fields"])) + return f"struct{{{flds}}}" + elif len(ev["fields"]) =3D=3D 1: + v =3D ev["fields"][0] + if v =3D=3D 0 and ev["ptr"] =3D=3D 0: + return "NULL" + return format_value(v) + return format_value(ev["ptr"]) + +def merge_and_display(pc_trace, df_events, syms): + """Display dataflow events with symbolization.""" + print("\n=E2=95=94=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=97") + print("=E2=95=91 Merged KCOV Coverage + Dataflow View = =E2=95=91") + print("=E2=95=9A=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2= =95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95= =90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90=E2=95=90= =E2=95=90=E2=95=90=E2=95=90=E2=95=9D\n") + + if not df_events: + print(" (no dataflow events captured)") + return + + # Group events into calls: consecutive entries for same PC followed by= a ret + calls =3D [] + current_args =3D [] + current_pc =3D None + + for ev in df_events: + if ev["type"] =3D=3D "entry": + if current_pc is not None and ev["pc"] !=3D current_pc: + calls.append({"pc": current_pc, "args": current_args, "ret= ": None}) + current_args =3D [] + current_pc =3D ev["pc"] + current_args.append(ev) + elif ev["type"] =3D=3D "ret": + if current_pc =3D=3D ev["pc"]: + calls.append({"pc": current_pc, "args": current_args, "ret= ": ev}) + current_args =3D [] + current_pc =3D None + else: + if current_args: + calls.append({"pc": current_pc, "args": current_args, = "ret": None}) + current_args =3D [] + calls.append({"pc": ev["pc"], "args": [], "ret": ev}) + current_pc =3D None + + if current_args: + calls.append({"pc": current_pc, "args": current_args, "ret": None}) + + for call in calls: + sym =3D symbolize(call["pc"], syms) + args_parts =3D [] + for a in call["args"]: + idx =3D a["arg_idx"] + if len(a["fields"]) > 1: + flds =3D ", ".join(f".f[{i}]=3D{format_value(v)}" for i, v= in enumerate(a["fields"])) + args_parts.append(f"arg[{idx}]=3Dstruct{{{flds}}}") + elif len(a["fields"]) =3D=3D 1: + args_parts.append(f"arg[{idx}]=3D{format_value(a['fields']= [0])}") + else: + args_parts.append(f"arg[{idx}]=3D?") + + print(f" =E2=86=92 {sym}({', '.join(args_parts)})") + + if call["ret"]: + r =3D call["ret"] + if len(r["fields"]) > 1: + flds =3D ", ".join(f".f[{i}]=3D{format_value(v)}" for i, v= in enumerate(r["fields"])) + print(f" =E2=86=90 ret =3D struct{{{flds}}}") + elif len(r["fields"]) =3D=3D 1: + print(f" =E2=86=90 ret =3D {format_value(r['fields'][0]= )}") + print() + +def main(): + if len(sys.argv) < 2: + print(f"Usage: {sys.argv[0]} ") + print(f"Example: {sys.argv[0]} 'echo x > /proc/uaf_trigger'") + sys.exit(1) + + trigger_cmd =3D sys.argv[1] + syms =3D load_kallsyms() + + # Setup ctypes mmap + libc =3D ctypes.CDLL("libc.so.6", use_errno=3DTrue) + libc.mmap.restype =3D ctypes.c_void_p + libc.mmap.argtypes =3D [ctypes.c_void_p, ctypes.c_size_t, ctypes.c_int, + ctypes.c_int, ctypes.c_int, ctypes.c_long] + PROT_RW =3D 0x3 # PROT_READ | PROT_WRITE + MAP_SHARED =3D 0x01 + + # Open both devices + kcov_fd =3D -1 + df_fd =3D -1 + kcov_arr =3D None + df_arr =3D None + + # Legacy kcov (PC trace) - skip for now, use kallsyms for symbolization + kcov_arr =3D None + + # Dataflow device - required + df_fd =3D os.open("/sys/kernel/debug/kcov_dataflow", os.O_RDWR) + fcntl.ioctl(df_fd, KCOV_DF_INIT_TRACE, BUF_SIZE) + df_ptr =3D libc.mmap(None, BUF_SIZE * 8, PROT_RW, MAP_SHARED, df_fd, 0) + if df_ptr =3D=3D ctypes.c_void_p(-1).value: + print("Error: kcov_dataflow mmap failed") + sys.exit(1) + df_arr =3D (ctypes.c_uint64 * BUF_SIZE).from_address(df_ptr) + + # Enable both + if kcov_arr: + fcntl.ioctl(kcov_fd, KCOV_ENABLE, KCOV_TRACE_PC) + kcov_arr[0] =3D 0 + + fcntl.ioctl(df_fd, KCOV_DF_ENABLE, 0) + df_arr[0] =3D 0 + + # Trigger - must happen in THIS process (kcov_dataflow is per-task) + if ">" in trigger_cmd: + target =3D trigger_cmd.split(">")[-1].strip() + else: + target =3D trigger_cmd + try: + fd_t =3D os.open(target, os.O_WRONLY) + os.write(fd_t, b"x") + os.close(fd_t) + except Exception as e: + print(f"Trigger failed: {e}") + + # Read results + pc_trace =3D [] + if kcov_arr: + n_pcs =3D kcov_arr[0] + for i in range(1, min(int(n_pcs) + 1, BUF_SIZE)): + pc_trace.append(kcov_arr[i]) + fcntl.ioctl(kcov_fd, KCOV_DISABLE, 0) + + n_df =3D int(df_arr[0]) + df_raw =3D [int(df_arr[i]) for i in range(min(n_df + 10, BUF_SIZE))] + fcntl.ioctl(df_fd, KCOV_DF_DISABLE, 0) + + # Parse and display + df_events =3D parse_dataflow(df_raw, int(n_df)) + merge_and_display(pc_trace, df_events, syms) + + # Cleanup + if kcov_arr: + os.close(kcov_fd) + os.close(df_fd) + +if __name__ =3D=3D "__main__": + main() diff --git a/tools/kcov-dataflow/trigger.c b/tools/kcov-dataflow/trigger.c new file mode 100644 index 000000000000..7fa7b4414770 --- /dev/null +++ b/tools/kcov-dataflow/trigger.c @@ -0,0 +1,125 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * trigger.c - Uses /sys/kernel/debug/kcov_dataflow to capture + * function args/ret TLV records. Completely independent from legacy kcov. + */ +#include +#include +#include +#include +#include +#include +#include +#include + +#define KCOV_DF_INIT_TRACE _IOR('d', 1, unsigned long) +#define KCOV_DF_ENABLE _IO('d', 100) +#define KCOV_DF_DISABLE _IO('d', 101) + +#define COVER_SIZE (64 * 1024) /* 64K u64 words =3D 512KB */ + +static void dump_buffer(uint64_t *cover, uint64_t n) +{ + uint64_t i =3D 1; + + printf("=3D=3D=3D KCOV Dataflow TLV Dump (%lu words) =3D=3D=3D\n", n); + while (i <=3D n && i < COVER_SIZE) { + uint64_t hdr =3D cover[i]; + uint64_t type =3D hdr & 0xF0000000ULL; + uint64_t seq =3D hdr & 0x00FFFFFFULL; + uint64_t pc =3D cover[i + 1]; + uint64_t meta =3D cover[i + 2]; + + if (type =3D=3D 0xE0000000ULL) { + uint32_t arg_idx =3D (meta >> 56) & 0xFF; + uint32_t arg_sz =3D (meta >> 48) & 0xFF; + uint64_t ptr =3D meta & 0xFFFFFFFFFFFFULL; + + printf("[ENTRY] seq=3D%lu pc=3D0x%lx arg[%u](%u) ptr=3D0x%lx\n", + seq, pc, arg_idx, arg_sz, ptr); + } else if (type =3D=3D 0xF0000000ULL) { + uint32_t ret_sz =3D (meta >> 48) & 0xFF; + uint64_t ptr =3D meta & 0xFFFFFFFFFFFFULL; + + printf("[RET] seq=3D%lu pc=3D0x%lx ret(%u) ptr=3D0x%lx\n", + seq, pc, ret_sz, ptr); + } else { + i++; + continue; + } + + /* Print field values */ + i +=3D 3; + while (i <=3D n && i < COVER_SIZE) { + uint64_t next =3D cover[i]; + uint64_t next_type =3D next & 0xF0000000ULL; + + if (next_type =3D=3D 0xE0000000ULL || next_type =3D=3D 0xF0000000ULL) + break; + if (next =3D=3D 0xBADADD85ULL) + printf(" val =3D FAULT\n"); + else + printf(" val =3D 0x%lx\n", next); + i++; + } + } + printf("=3D=3D=3D Done =3D=3D=3D\n"); +} + +int main(int argc, char **argv) +{ + const char *trigger_path =3D "/proc/uaf_trigger"; + int fd, tfd; + uint64_t *cover; + uint64_t n; + + if (argc > 1) + trigger_path =3D argv[1]; + + fd =3D open("/sys/kernel/debug/kcov_dataflow", O_RDWR); + if (fd < 0) { + perror("open kcov_dataflow"); + return 1; + } + + if (ioctl(fd, KCOV_DF_INIT_TRACE, COVER_SIZE)) { + perror("KCOV_DF_INIT_TRACE"); + close(fd); + return 1; + } + + cover =3D mmap(NULL, COVER_SIZE * sizeof(uint64_t), + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (cover =3D=3D MAP_FAILED) { + perror("mmap"); + close(fd); + return 1; + } + + if (ioctl(fd, KCOV_DF_ENABLE, 0)) { + perror("KCOV_DF_ENABLE"); + munmap(cover, COVER_SIZE * sizeof(uint64_t)); + close(fd); + return 1; + } + + /* Reset */ + __atomic_store_n(&cover[0], 0, __ATOMIC_RELAXED); + + /* Trigger */ + tfd =3D open(trigger_path, O_WRONLY); + if (tfd >=3D 0) { + write(tfd, "x", 1); + close(tfd); + } + + n =3D __atomic_load_n(&cover[0], __ATOMIC_RELAXED); + + ioctl(fd, KCOV_DF_DISABLE, 0); + + dump_buffer(cover, n); + + munmap(cover, COVER_SIZE * sizeof(uint64_t)); + close(fd); + return 0; +} --=20 2.43.0 From nobody Mon Jun 8 08:30:47 2026 Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazon11013019.outbound.protection.outlook.com [40.107.162.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22DCB481AB5; Wed, 3 Jun 2026 17:43:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.162.19 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508640; cv=fail; b=REZ6Ho8AaOknCA/HFW+LMxgXi2CPpFjPFU3PIOReB/J5OlNLDYavElaVjRilsl3V1XjH7wFlMaHHDr3S7lS4/JkeQ8TSHFIRVSJj2CdfqTLG7FzytJ+FSmiHAP0oymHyt0hANaM8a/+HTSYYFu0GGoQTFt9nOyEWAwvjbYK5lHE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508640; c=relaxed/simple; bh=syIiSLzTslOa/iARhIAEp1YxcgsuWQ88mMQyVHe0HuY=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=nHwEFi6fPSSV7H403n/X0SgavIBHaZMubMlUHIDc7velBvLgCCboxLclhio7CUGSaDR4yR4nrAs96IpSBGvQnoRM84eTLs39baiAXqWgSlkKrQaItmh189QsTs0BABSlqlZmDpDbhef22Wt/hgxl1nYk6z7Lnx6PDJN6jlhYEMo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=z9H5Vghj; arc=fail smtp.client-ip=40.107.162.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="z9H5Vghj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GJr5CT1TwO/1XYiRfxRRYgItgjnUvhU1p8cYQKQMD5SvGIB8HoOEHuBvS6FH/ccSH4ZUjPmMR9PDj2cIssihpIzpl9VvdZeiFOv+Ak/KtTA89veyEF8+T3cbkWJhJEEqjssQlanVQtawhVfLhODTer23Dlc/iD8KOmCrorOHFi1JqfWCYM+zFM4/YjgHkyn9nBiJ39b5+4XnaTO/I+k4cAhnvkQvLii9nL29Lotc3STMUFNX5aKUro6g0YIHDd3Gqc/Q/HEwi6m9AygZtNFCQGY5oKQGL6GGMMU9iGFyjJdiTmEl7hxwPIEB9jsjtF1W4azdI3vZCP0TFmyuhOEdwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=e09OlxeWLs2PvX07k0LCCp/tdU+Z4gcnbWiixtMl0ls=; b=riEsfIxQ7e4yYnIJrFLleOfRekIsIJEOSURQTfbhoFmL1vF75bEl0qQxHiks2DNB8aH7UwkdaFpu+1d4DD2Ptgnp4uVVs+Q02VvfYoR+WM3BVkFDf/LIzp72DoWtdwx0nKvHxndaEnv7gBKEw2ntS2UpPyo/v1UpBC1c4qgrLW1NEBoRPZrQ3VzCLzh4TvTHsUWzUzThBQMPL4ZJcdWAgxGdlhlmOm6KXqwhCITMeHAiBb1v9fdhX8yIU9/DyOZx+VGytnkOlg+at+7HJo1ux1vhsOmAResAiPurfsnzxdGzCDODjv3PyWKS2S6NZGr9DkTPl0ZpBdpfrZpei9cJMg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=e09OlxeWLs2PvX07k0LCCp/tdU+Z4gcnbWiixtMl0ls=; b=z9H5VghjFZxUQ2Z+Y47f7e5niqdRarI63QEN0H/MqWpTVmg6kvF/LJ+PO0cOUUtiF4+4i9+r4JECX01VCPObp9SC6tPmNx+Z2RDjb907tUM/JpqXeuvuYalErUm4KnI30z3kfW4M+n6+0wP32zqSKWDwGSgexJKuQQ92WMOOCOmkqJpItLdDD+o0+KtUojLwuO+yfvlYnfsSj7UQGNhA8hLGPu1KgWGXUQxDFmcwqzYXGckFVZhEh5emBBgIQjmpgHW58Eo7Wd03N9L2jEEmHw22meYYp8i4pwCip98nJQKyWWXYDJ0w7xrEsDJ9LFbkw+384/zhI09ohOdIZ/FSbA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0616.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:116::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:55 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:54 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:32 +0200 Subject: [RFC PATCH v2 5/6] kcov: add interrupt context guard to kcov_df_write() Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-5-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=1825; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=syIiSLzTslOa/iARhIAEp1YxcgsuWQ88mMQyVHe0HuY=; b=WkgWVJI13YtXgbZRBMyilflGfOSTfXAgAORyoMhok5V5YVsa8u0vKi4D8B2gbxsVFm3fyHNcI RO3s+88kwo2Bq0bdlreLjFLNBWpyublMl48WDxwG9uyHg0uAi1JP5hq X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: DB8P191CA0020.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::30) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0616:EE_ X-MS-Office365-Filtering-Correlation-Id: 46f20328-31e8-4cc7-e6bc-08dec197ae98 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|7416014|1800799024|22082099003|18002099003|921020|11063799006|6133799003|56012099006; X-Microsoft-Antispam-Message-Info: sLkTx17tbmetY3BgEaJDquyeS7sHSAoMBy6UqAEsjrkMMkMVjIO88pD1AoFKlCuRBkbAaZSqBCKL8WDufXF2JgwOEvIP0mpmBSln6vYcuuTNqlDQLrbW35wMmpotMConDj8wEOqv4YygaCDImYG5dHyZHm09KcHnKlT4BzfKgoE8AXQTo8gwra8ul9FqwI0Zr50CjW/b+aXUH1IIHNawknhMOpM5L0hzcUhjEdI9mGFdWm4POPJ4XDA/gIRYBvgsqfEl69XBU8hG9LEt0Orgi42KVkzzBnGAytQlSIxh8QM9QZ3nfunQzQ73P2WijhCS331MbVCa7mnRBiWEC6SIf1OeoRH2x/YnXmpSD43N32lHDUhdqRyrDTocWFfXBXUb7mlv7uv/dK5dOcrp7Ucp8EuS9UQnsshQ/cGKKoHTA3a0tpimizSftleawb6h/5A4z5SW1Bv3czPsKFAvQh2Page4dLgqMEykfwP2F9qoZV889GoI1msnYPId39T9kOkDdEOPfMQdoqDmxFHHTuGc1viHtMiYILo7mO/c/dQNari8R6DaTPEPeFbN/ed7BEJe11zBBc8ktlOTybgQeaEqW7YJ1rnl06c/x5A93E9yH9Vb4yIrrvVnS/+uMohMLzxWGxeR5w1bm0Ous5mP54aj2MRzR5oSefzla1k+XuX7J9BxiSOy+eG6yRpVdRBzs+ghGgelMeyphNt2v2HMFpkQ2DnyRHFSxgfoxlcKrsWbz7c= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(7416014)(1800799024)(22082099003)(18002099003)(921020)(11063799006)(6133799003)(56012099006);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Z1FBMUdpYVVrM2lpdHZTVmFPMnA2bllaeUtscmhYRFB3VCtpV2U2VlVqbmM3?= =?utf-8?B?ZXVaUFMvMmVoZlgraWtHS2g4NlRtMk5hQUUxVW11QWVodW90bFZ5MEVsNmc0?= =?utf-8?B?bUI1TWtVeWhXMy9hVFRUR0d5Z1JxSERHaWVJYTI0MmVMdnc1Nkk0MEhIREdK?= =?utf-8?B?K0VLQmxETUtwTVBSTDNPRWtaaEVWcnNtRHZ5SVNBa3p0elVEWEpuaW9vL1Ux?= =?utf-8?B?MmhBQ3hjTGFQNFk4amRQa2o5Z0lhQUZMdzViZEkzRlc1d2VaSjRYV3grYWpL?= =?utf-8?B?VHZla24rRENIU01HcTM3QzRUNmxHN3pVdDQ1OGZvYjcyR2QvYmhscXU2a0Zs?= =?utf-8?B?bVNOeThHSGJrd01KQ0pGVTFCdEFKbnd6NFJreHRIMysxYlM0YW9UV2QxNjJX?= =?utf-8?B?K1FhNDJxUisycVBTZm9RcnRIelhoVm1QQURTSUZ0N01SOGpUSnE5eGxCQzlB?= =?utf-8?B?RDI2R0FpTWRnNS9nVFZDM2NGVitXd1hoOERiMUxCcCtaeGpWSjFQb25jSXZp?= =?utf-8?B?Y2VhOEhJcUdHaWlodXFGY3UxQjVzeC9yOGpUM2xMVDZFbnhnY0JYb2h5VVBw?= =?utf-8?B?MzRLeXczblhIWGhxVXZQamJ6Yk9ESWFhVGxRYVlWUEJhRDgweDFSNEVwVkgv?= =?utf-8?B?b1JPMzJOU2RiSmx3eWpFd2c1OUY5ajVaemMrZEpkTFF4dXdxTXByalg1VnZT?= =?utf-8?B?cnZ6UFVaZmdleXdVNkNNUXJPdDdQc2daSHI0REZhcG1WWXNjeWJxZG9taThS?= =?utf-8?B?ZDhhNmwrWDcyQ1Q2SUF6ZXNBQ080cWxLMjlPMnQyVmp5U0UwamUrOVNDaEFt?= =?utf-8?B?MmhTU3BpVFJxNmhkdGsrbzhqMWc4RUhaWU1YWXlwQzAwR2VEY25CZTJRVHJr?= =?utf-8?B?MGVScmhzSFNleGZISWxRV090aXB5VUVRYnBySVFZWi9TTVR5V25IM05kOVhk?= =?utf-8?B?WUVhQzNzOTJxRHpKSjJnRCtCRmx6OUlDUDNubHZpRVdub0hkaUtCVkRDTzhQ?= =?utf-8?B?dnJBUlB3TUJES01nQkg4YTdvazc4UTFUL25jUnR6SkpxbjhucnAva2JHMUMx?= =?utf-8?B?YTczbVp3M1pvV2VoWEFUbDUyeW1XUTNyaDlDVFg2YmZRY3IvVTdYSDZRdUNY?= =?utf-8?B?NS9xOWhwZEdjMXBwRk9mOGxuei9ETURnZ3o2bmNjUGtnbGgyT3B1K0VYRzRB?= =?utf-8?B?bktjZWxPa1ZvRFdoOC91QVc1SzBYd3FTWGwxK3BsaUk1WnJpSUQ3TXZ2emlH?= =?utf-8?B?cFpibjdGOGhtRFdMOWxCc2FVaGNEK2xWTWxMOTczKzQ1dGI3RUdEZlYvZ0gx?= =?utf-8?B?WEp1WVJIVnNwWFZUWk0yVzJjMEM2T2IzV1EzRGxXRksvRkY3c2hTaTB5dlVk?= =?utf-8?B?N0VMdVNOSEFCTHltd2loV3JjMFpaNUpubDVWd0ZtTitWeENVVDcwMjJKaUcr?= =?utf-8?B?QmV4UGlXS3ZVQnBvcFZicnlzanlWdWNqbTZiaHN0NWZJU3F5M2x6a3NSZ3o5?= =?utf-8?B?bHdrdklYRVQzeHMrcDZId1FVckprS01SaVRTekJMQUV5ektxbFM3a0dzQWts?= =?utf-8?B?NzlvUVdKYzFOb016VGRvai85K0NhQzV1Z0RnNE1lOTNvNnRGTnBDUC9UVUlZ?= =?utf-8?B?YXJXclYvUzRjZzV2T0tLRlRHOE5sQmJmVEdNQTBiblM1NzIyZkQ5Wm5yakVi?= =?utf-8?B?anFqMDR5L2NMaGMwMklEaHlzU21CT1pMbjVsM1I1ckFaa005U2djdW9RSmdk?= =?utf-8?B?ZERjc21NVzZVanBpaFI5T251T0xCUGo3SlpLVDlsWmtiT0dNRlRKVVNPTXpL?= =?utf-8?B?SjBRa201QjQvRFM3U2s0TDJORStYTUhacTJyZkcwRFU5akM5RExaYUZKQjBB?= =?utf-8?B?RU9QcU5KZmg5U1Q3ZWJTclhWcVliV0ZPS2ZYSXFNVHFpcnNFYm13VnRSQjNl?= =?utf-8?B?dWFJbGVDSngvSng5OU5idkMwb1dMRWI0TE4rcS9PT1d4eFViTGN6NWNHNUlD?= =?utf-8?B?OURoY25xaFY3OFl6UXpxUmYyb2VFb1ZyMU56U2RURW9zQStVV2lwcXQrRGli?= =?utf-8?B?WTZaQ0JIMFdJZjZOemJreU9KSW1IMk9hQTJuZ2VCMzdCZGtZUWw2eXVKN2FH?= =?utf-8?B?Vm16ZXJPaUd0MUtySmJPdlpYS2F1WFVPSmpqWTZ1RzM2ckhJeHZuSEcvVnhL?= =?utf-8?B?dkc3UGUrUC9vbCs5dXlHSnFXaUNMRnlWNGFTNmNQaVA0K3J5d1VFYUFrNG1O?= =?utf-8?B?T0htTFV0UlNZemoxY0VWSEhHaS94Z0NJU3gxQm13bXZiRHlQK1hGWFIxcGtm?= =?utf-8?B?bjlrdGJSR0hidXpZcVlTZzVHekV5bGhtMzRTNkV1WlJHOWNPcElwUT09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: 46f20328-31e8-4cc7-e6bc-08dec197ae98 X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:54.7837 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: /j62YgOyZvu6zqBj8cXjp+Y0HJbFUVbKo61d+QIMWuYptKit09HfEUwH/ONvhAIJ7xzzTtU6lxoi3M5ftFqL6w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0616 The KCOV-Dataflow write path (kcov_df_write) only checks t->kcov_df_enabled before writing to the shared ring buffer. Unlike the standard KCOV check_kcov_mode() which rejects interrupt context, kcov_df_write() has no such protection. This means instrumented code running in hardirq, softirq, or NMI context that interrupts a task mid-write can re-enter kcov_df_write(), causing: - Data corruption in the ring buffer (interleaved records) - Out-of-order sequence counter increments - Potential faults from nested pointer dereferences Add an in_task() check to reject calls from non-task context, matching the safety model of the standard KCOV tracing path. Also suppress -Wmissing-prototypes in the eight_args_c test module Makefile, as the exported test functions intentionally lack a shared header. Signed-off-by: Yunseong Kim --- kernel/kcov.c | 4 ++++ tools/kcov-dataflow/eight_args_c/Makefile | 1 + 2 files changed, 5 insertions(+) diff --git a/kernel/kcov.c b/kernel/kcov.c index d3c9c0efe961..373b8034ca5c 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -409,6 +409,10 @@ kcov_df_write(u64 type_marker, u64 pc, u64 meta, void = *ptr, if (!t->kcov_df_enabled) return; =20 + /* Reject calls from hardirq/softirq/NMI to prevent reentrant corruption.= */ + if (!in_task()) + return; + area =3D (u64 *)t->kcov_df_area; if (!area) return; diff --git a/tools/kcov-dataflow/eight_args_c/Makefile b/tools/kcov-dataflo= w/eight_args_c/Makefile index de35bb541f07..038775b49435 100644 --- a/tools/kcov-dataflow/eight_args_c/Makefile +++ b/tools/kcov-dataflow/eight_args_c/Makefile @@ -1,2 +1,3 @@ obj-m :=3D eight_args_mod.o KCOV_DATAFLOW_eight_args_mod.o :=3D y +ccflags-y +=3D -Wno-missing-prototypes --=20 2.43.0 From nobody Mon Jun 8 08:30:47 2026 Received: from PA4PR04CU001.outbound.protection.outlook.com (mail-francecentralazon11013019.outbound.protection.outlook.com [40.107.162.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 18BC1481FA8; Wed, 3 Jun 2026 17:44:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.162.19 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508643; cv=fail; b=c8c7nhKAmRdiiQY267Xn4CxxO5hCfDeioidN+dvJ7f27cuhVYLSH3oMZjNxz4Un5I3QTJPtxkmGKKVQCFostPnYELrN0Eza8eBDZBYqIb8unwAQRpRvLkurHFnihv/CWE81Rvo1kk3TV4CkndE6wiLkow7Ylq3fgJG4PWOdJdDw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780508643; c=relaxed/simple; bh=Z4sgMzoY8wD282Gwg8b+W22TpdV2LyIiGtQaFuQdeKg=; h=From:Date:Subject:Content-Type:Message-Id:References:In-Reply-To: To:Cc:MIME-Version; b=knJCDbTkDzm1cEesw3GWcat7jplsMEQRhsGwoq3GUoyK+RjMDIq6zZhAZewGCADc2JnvOi6qrm3uzkzPKmOzzRTNaBD5xTx+4rnhkEy64Qtxb6SP3LGI8vBFsKkF/QTnvAss3K+604fH+wit7t6Jou9G3X/4tLhfKYe1mMFgJ+Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech; spf=pass smtp.mailfrom=est.tech; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b=oC36zDkt; arc=fail smtp.client-ip=40.107.162.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=est.tech Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=est.tech Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=est.tech header.i=@est.tech header.b="oC36zDkt" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=H1VCf+dLjQR/ibqSca1GdyoKdQlAWxEIX55HbNpDZShA8ehAiMi+ocwXWBcJfnXzg47hhFXkvj8KfXY0aAHpw/eL0GBcEyu7mfW3C+XF4gV6CVS2GlGBSIg8jYdfeo7yGxTtl6HUjbePGttaPV+B/wffXJnZLHakNdtZGp/WrQTbaSM8JZCD6TNEKl+aZujMK2kR9i9BOlWQuATfNm+Tzi0CPyNNdjC1+4b1Po/caQ+j4fT1trnouvKMAgM1nAXbCIXEHFLOiyYsRkvaQ0fQT2OQ8+9zpypUXk2UnC9RCQhRvXJa+hicNCGjYDBybcY9SPnu8PO6i0Jg1H5PwUo1WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d+eDkjlnysriWd90gMNIlPdPm/Ukypuqt08m3Oa9Dfc=; b=Ynwqfvg3xGB8JASCYL2exq8viyDu6nUncQ+ufie/zLtmnuLiqmCbYikSDIZOaEbJQEPZH/9aoEKRHVnOhCI9FL08EPyI3i51Bo5qp5XkoU5HCt5gwuc2KgI6D5Q3gP8BRvsdYjDppra3YYlGNnGVuTC7x7CY4gLvZOqym1QEIiXh65JejHcRenhMTzqgHeveHQcEcCVhbOe2eB50aQIu2bLqMoEN22UyBbnJo3pUdJpy6h/cqaMrUQ0/bri/OFPisiaxu7PEzCh1jkCnNOol5OVs5yvAeDuWURMgHatdcvtSSYOuP16ymWyXwlhXVp1ja3o4ptsFDVi/H5Wf1Rzr+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=est.tech; dmarc=pass action=none header.from=est.tech; dkim=pass header.d=est.tech; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=est.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d+eDkjlnysriWd90gMNIlPdPm/Ukypuqt08m3Oa9Dfc=; b=oC36zDkt57+XutoxBJMvlWo+CNb5UuijjDkTBT/2MjmprWHeNpK27W7/pr9ISY3thgRvK9thpD8he93uuxv45K0+cGqk9BTGlvOD4lL/LbA3mwRBTsCw4ayI1f5SzUHwKWdVevdiWjpIru3GYWKRv4XNdvexeFKVUH/1ogi/yMocE/dErUMbjah23uoBPV2mTChkBXujxOugLhnQry5/ZM262XUQ+dENxk4oPcpKN/Ub6GToh5rwUU62Ze8gD7PfGWZhm7+WZBHX9w4bsFck9bt9u5Nw+G4d4cmMMBJyB9rntnPRs7FUKCGj10Hempq8+g8yCJ/mt9yHhfyE+3RjYw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=est.tech; Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) by AM7P189MB0616.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:116::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.92.7; Wed, 3 Jun 2026 17:43:57 +0000 Received: from AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4]) by AS8P189MB1752.EURP189.PROD.OUTLOOK.COM ([fe80::69fc:c4d4:200b:e4b4%7]) with mapi id 15.21.0092.006; Wed, 3 Jun 2026 17:43:57 +0000 From: Yunseong Kim Date: Wed, 03 Jun 2026 19:43:33 +0200 Subject: [RFC PATCH v2 6/6] kcov: add recursion guard and documentation for kcov-dataflow Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260603-kcov-dataflow-next-20260603-v2-6-fee0939de2c4@est.tech> References: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> In-Reply-To: <20260603-kcov-dataflow-next-20260603-v2-0-fee0939de2c4@est.tech> To: Ingo Molnar , Peter Zijlstra , Juri Lelli , Vincent Guittot , Dietmar Eggemann , Steven Rostedt , Ben Segall , Mel Gorman , Valentin Schneider , K Prateek Nayak , Dmitry Vyukov , Andrey Konovalov , Andrew Morton , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , Nicolas Schier , Miguel Ojeda , Boqun Feng , Gary Guo , =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= , Benno Lossin , Andreas Hindborg , Alice Ryhl , Trevor Gross , Danilo Krummrich , Jonathan Corbet , Shuah Khan Cc: Yunseong Kim , linux-kernel@vger.kernel.org, kasan-dev@googlegroups.com, llvm@lists.linux.dev, linux-kbuild@vger.kernel.org, rust-for-linux@vger.kernel.org, workflows@vger.kernel.org, linux-doc@vger.kernel.org, Yunseong Kim X-Mailer: b4 0.15.2 X-Developer-Signature: v=1; a=ed25519-sha256; t=1780508619; l=13948; i=yunseong.kim@est.tech; s=20260426; h=from:subject:message-id; bh=Z4sgMzoY8wD282Gwg8b+W22TpdV2LyIiGtQaFuQdeKg=; b=ZL1EUqK0zMn7j8bvNzWgcgG1GOe7pLCuajiKrc6E3jBgeo6TQIJQF3kRvWo/QeYEWBncV/jMi ye7Ux/u8vbTCFRFhqLT42KPb1dv9xVm0Wz4w1rURQShktxhLvfkkcpU X-Developer-Key: i=yunseong.kim@est.tech; a=ed25519; pk=1nBUX92cvTaavYG1+MR073D+XMKhdOciBZcnf6h6qEo= X-ClientProxiedBy: LO4P123CA0090.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:190::23) To AS8P189MB1752.EURP189.PROD.OUTLOOK.COM (2603:10a6:20b:39b::19) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P189MB1752:EE_|AM7P189MB0616:EE_ X-MS-Office365-Filtering-Correlation-Id: d41c520c-fce2-4c5a-d245-08dec197b03d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|7416014|1800799024|22082099003|18002099003|921020|11063799006|6133799003|56012099006|3023799007; X-Microsoft-Antispam-Message-Info: iIIGoaExvmNChIWBL6p3Db97qvRDLF6NUMCzOdj9jBwKJP/dr1Gr/N5H7hVP6CmTUwdFlaugSVzmD6hyrIw7r6CugOglnYfdXg+CAR+/WskHG0XA0raCJvfmycahGHe8Cnu0B6BOswZFVonpslx41toSDbp7/q/qYLNz3tlsuOnqIeXh7Awg4XZs61k0QrANeF4vKrdSuTJ88011Bd92HsYHQMS7xql1EGj/3oaeJQRndHcEfAL/O3XMac16o2akLjy9fj/cnc936pSFUVqk4rtvHd/+teyzlYusldolamn2gXfWo4/Q0ZrHWY0FxZzHhgSeIKmJhK3rmNKMmF8moZJe3QC+xv4lOHlhrUYA8hMy46FyBYIjDQMdI2E9nAKLY0HMV+dz/R0tYjzjUtOnrUawVFfp7QRjtlWwit5ScN9RFzvjV6vD3y5T9NjVYEyhDT1+KPW1D+gAZkThsiNsr1o387+PNXWIgXzjQ5tZTLtVF/s84OmyGQctN4udbYL15KOR5ebtnXrKeo6u+yO0lBErPeUYkUob9kpDw853+pbCn0U/dh8g5NF0c8K7XA0bamMKDOOt4M+XFylaJlCcfDcZyREsGBHORDzzqWF9OcgQYhzHhf0S2ZSc2TGaJiT7vy5oXOqBTlEVqVQ+z1BC2Nl1TVNX9f5KcapvWG/XBNs4n+XzhM5gV/Qin4zkeeyVQrCBgaBkkwwjp6cnFGi12TdxbiPPmb5bEJtl9FaNPVc= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P189MB1752.EURP189.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(7416014)(1800799024)(22082099003)(18002099003)(921020)(11063799006)(6133799003)(56012099006)(3023799007);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?eHpZYnhaRlhNTk9BNHdTajFrT2wzM241eStaNzlEckJldWlucityR2NtbVFY?= =?utf-8?B?VEM3dktZa2dzdzRORHRMSUpLUjdoSUlwbkxJc2Q5enBTTzNiQnRJZEZzemo5?= =?utf-8?B?SGRTQ24yeFhnY3Q4N0xuUDBoZ1NzbTQ0QnRKczY0bEt1L0FuL21JcytjdmNI?= =?utf-8?B?UENGR21SblQ1OUExKzVaSG9menFiSGJWd2UyRm8rVWpuRGtuMkJWcGkwMnFi?= =?utf-8?B?LzkybjFKYzBNS0tEZitOd21PeFJWdklUWmVYaHJMcWNHL0phUmVQTlR5eFFY?= =?utf-8?B?OWhFekZ3bVdnMU0yVWF1b21DRTRlcWk1N09SV044Y0N1OHExK0pGZjgzS3lr?= =?utf-8?B?dUZlNFRLUzNkQU8zVlNwbDFvUnBFNElCWGtDVHd1MVRTVEJCWHRWT21DYzZV?= =?utf-8?B?OTIxZEo5R2R0N1VtTktmZFhBNXk2RVcrcEhkTWMzVmFld1JmZXJra0tsT2xU?= =?utf-8?B?SllHWjVubG02WjEraEJrVzRQdVFBTzZiQ1hpN2JEVUN5N01aT3RheUpmVkk4?= =?utf-8?B?KzBhNnJ5MDZzUHJMQXZyR21rVlFxR2VSdVdmZzhBdWpieWpPNjh4WW53M3F0?= =?utf-8?B?cHpjWEF5R1NaMFJ3SXdlUVJEaE91SktzVFJ4bmxKanFMT05CL1E3ODN0N3h4?= =?utf-8?B?VEd1R3krV1RRUmpvZkVvOVF3NXpvY3R4eXJYNkpnWWlwdXQvazFVbWhMMGxB?= =?utf-8?B?REZJcStUM0xtdFFXOWdoYTVsMHhLbHlLT1pNaTNUZUg4SktvcjJqRzR1aUgv?= =?utf-8?B?UlhueStRQWVhUjJrTmFyaGNPOEVJQXlOOERKNm4yTjdUZ0RTSnBUSFVpdEtK?= =?utf-8?B?ZnNVZmZqK3I5Z05heFN1V21rMGFSV0ZtWHVUQjVmRXFDNXZiSmExaW1VLzlm?= =?utf-8?B?YjdkYUd4Z1V4blRqNjNaWkw5Z3AybnhJMWt4K294dlphS2lHcU5aZndrdmF3?= =?utf-8?B?REwzNE51TEhUOTc4cFEzTEFOdEZScXNDQkpkVVNVWmxVQ2tCcHBZR0hDeDlF?= =?utf-8?B?UENWT25tWDc5UURMSVg0NkJHYUlDdTZ3QTBTWWNQVlpkMmVIaDdieXJOcDhw?= =?utf-8?B?bEtjelJ3REltNGdyaDV1NEJPY2FkY05Sd2lOUFFFeFg5cUJ1MEoyZWdhMUZo?= =?utf-8?B?ODBDMVlkK3p6MXplRUM0UTJMM0ljOGFEZ29uL3Z0NGI4THdIVFNQZjRBNVd5?= =?utf-8?B?bk96RTZxUEdSSm9JUFFYd0dvcnJra3NGZk5HWG9FTjkwUTRPb2F3UFJPblBQ?= =?utf-8?B?b3VkaW1ycjB1YnF6UGdqMzhwR2Fjd0NjMkR0UDNITjhCNGl1NS9GRDlkREpa?= =?utf-8?B?ZmEvZXErWEphWVpEdDVMallCckdqM0lOVGhkNml3bm9kTml2Qkk5VWFOTUhp?= =?utf-8?B?eUpzTno4dTI0V1ZlNFNCRmF4dm1CcXhRVTRibUVEYytsTzZqTDY1MlFld0pQ?= =?utf-8?B?d0lGQUFCVjRTYmZsVERmUnNBTlhjdXNpckJJR2N0WENrSDhWVUxFM0FkYVRI?= =?utf-8?B?Q3E5SzRoTTZSUVhzeVNSbXpnOTd6WG03LzFpQVNxNHBqZ1BSeVJlLzFlaUw4?= =?utf-8?B?SnpDOVZDd2IreXJ4amNoVnd0YmdlZHE0WjN0d3BINWZzNCtRRitYL0xwR0hI?= =?utf-8?B?NE1FOXJtSTdGeUNJUEV3RGJrRFIxSmFCZDZxcVZtKzEzUVcyZngwTzUwWTQv?= =?utf-8?B?bkVNL3RiandGMzh3VzNZQmc2OTcwSS9SM2E0cnFQYkgyNkIwajVBVHA4Slkz?= =?utf-8?B?VDVBa0JMZzJZOHRIUDVHNlgydHFObDhqT3lhNFJtS3RMRmQ1cGNqMXo4MFZ4?= =?utf-8?B?dldpaXBGVU9WclJPaTJjRE1sQkVKdkcxYXpLZ21IVUlIMkNaWXZ1bXp6b0JR?= =?utf-8?B?aTBoOHNkN2xzT3doUkxmWUM4alZzcmUvbSsvaEhQQllueUtUWEpvSzBGTFhp?= =?utf-8?B?K0hHR001b3BQZWw4NlB5MVplSzZyTXVKNlYzeWUxR3VCcnNsWHB4YmFCdS9j?= =?utf-8?B?Q2xZb3ZyYnoxS1RxTTBmcmJqVkZZUnhJamdOSHk3aCtUTGVkTFVXa3NHMVNY?= =?utf-8?B?ZkhMejJhbnM2Q3drWkFLWW5MeUlUS0ZsYnlYRWFCNUxyTDAxWmI5SU1oV094?= =?utf-8?B?eGpIdnU2OURURWhNc3NpaHFHL2F3YW81VWRzcnRyMVIzeDBaU1NXbVhxTGJq?= =?utf-8?B?Q3loZnNPUVhnNCs2QUFtRllhOVovd0E5UTErbXNoS1VnUzBEN0k0YjlXSmVY?= =?utf-8?B?TzBrTEhlREFvTmQ3QS9lNTBDeW5KYjNGa0tlb0JVZ3c4dmVOQlh6ckRsWGc3?= =?utf-8?B?Y0JxcTdSTWowQnY5TmgvY2szZlR3aFp5OUozYSt2R1JnVXgzak5Ndz09?= X-OriginatorOrg: est.tech X-MS-Exchange-CrossTenant-Network-Message-Id: d41c520c-fce2-4c5a-d245-08dec197b03d X-MS-Exchange-CrossTenant-AuthSource: AS8P189MB1752.EURP189.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jun 2026 17:43:57.6241 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: d2585e63-66b9-44b6-a76e-4f4b217d97fd X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 24xydKFSLb0ky1BgYVzrbVexjfOV+JcWTNVUaLZl4kPith3HceLugwCQCocaC/Sm+U76MaMyYDIxA8QDH7qNpw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7P189MB0616 Add a per-task recursion guard to kcov_df_write() using the high bit of kcov_dataflow_seq. This prevents infinite recursion when CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL is enabled: functions called by the callback itself (copy_from_kernel_nofault, xadd helpers) are also instrumented and would re-enter kcov_df_write() without this guard. The guard uses the sequence counter's bit 31 as a re-entrancy flag. The low 24 bits (used for TLV record sequence numbers) are unaffected. Also: - Exclude kcov.o, extable.o, softirq.o from dataflow instrumentation (same pattern as KCOV_INSTRUMENT exclusions) - Add Documentation/dev-tools/kcov-dataflow.rst with: - Prerequisites and Kconfig options - Per-module instrumentation instructions - Complete C example for data collection - Ring buffer format specification - Ioctl interface reference - Fork interception example for child process tracing - Rust module support via post-compilation pipeline Signed-off-by: Yunseong Kim --- Documentation/dev-tools/kcov-dataflow.rst | 282 ++++++++++++++++++++++++++= ++++ kernel/Makefile | 3 + kernel/kcov.c | 14 +- 3 files changed, 298 insertions(+), 1 deletion(-) diff --git a/Documentation/dev-tools/kcov-dataflow.rst b/Documentation/dev-= tools/kcov-dataflow.rst new file mode 100644 index 000000000000..5941df9f29e6 --- /dev/null +++ b/Documentation/dev-tools/kcov-dataflow.rst @@ -0,0 +1,282 @@ +KCOV-Dataflow: function argument and return value extraction +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +KCOV-Dataflow captures function arguments and return values =E2=80=94 incl= uding +automatic struct field decomposition =E2=80=94 at instrumented kernel func= tion +boundaries. It provides per-task, lock-free ring buffers accessible via +``mmap()``, enabling data-flow-aware fuzzing and post-mortem contract +verification. + +Unlike KCOV's ``trace-pc`` which reports *which* code executed, +KCOV-Dataflow reports *what values* were passed and returned. This is +a completely separate device from ``/sys/kernel/debug/kcov``. + +Prerequisites +------------- + +KCOV-Dataflow requires Clang/LLVM with the ``dataflow-args`` and +``dataflow-ret`` SanitizerCoverage extensions. Standard (unpatched) +compilers will not expose these Kconfig options. + +To enable KCOV-Dataflow, configure the kernel with:: + + CONFIG_KCOV=3Dy + CONFIG_KCOV_DATAFLOW_ARGS=3Dy + CONFIG_KCOV_DATAFLOW_RET=3Dy + +Optional: instrument the entire kernel (significant overhead):: + + CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL=3Dy + +Coverage data becomes accessible once debugfs is mounted:: + + mount -t debugfs none /sys/kernel/debug + +Per-module instrumentation +-------------------------- + +To instrument a specific module, add to its Makefile:: + + KCOV_DATAFLOW_my_module.o :=3D y + +For example, to instrument the Android binder driver:: + + # drivers/android/Makefile + KCOV_DATAFLOW_binder.o :=3D y + KCOV_DATAFLOW_binder_alloc.o :=3D y + +For Rust modules, add to the crate's Makefile:: + + # drivers/android/binder/Makefile + KCOV_DATAFLOW :=3D y + +To instrument an entire directory, set the variable without a filename:: + + # fs/Makefile + KCOV_DATAFLOW :=3D y + +The build system automatically adds the required compiler flags +(``-fsanitize-coverage=3Ddataflow-args,dataflow-ret -g``). + +Data collection +--------------- + +The following program demonstrates how to collect function argument and +return value data for a single syscall: + +.. code-block:: c + + #include + #include + #include + #include + #include + #include + #include + #include + + #define KCOV_DF_INIT_TRACE _IOR('d', 1, unsigned long) + #define KCOV_DF_ENABLE _IO('d', 100) + #define KCOV_DF_DISABLE _IO('d', 101) + #define BUF_SIZE (64 << 10) /* 64K words =3D 512KB */ + + int main(void) + { + int fd; + uint64_t *buf, n, i; + + fd =3D open("/sys/kernel/debug/kcov_dataflow", O_RDWR); + if (fd =3D=3D -1) + perror("open"), exit(1); + + /* Allocate buffer (size in u64 words). */ + if (ioctl(fd, KCOV_DF_INIT_TRACE, BUF_SIZE)) + perror("ioctl(INIT)"), exit(1); + + /* Map the buffer into user space. */ + buf =3D (uint64_t *)mmap(NULL, BUF_SIZE * sizeof(uint64_t), + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (buf =3D=3D MAP_FAILED) + perror("mmap"), exit(1); + + /* Enable data-flow collection for this task. */ + if (ioctl(fd, KCOV_DF_ENABLE, 0)) + perror("ioctl(ENABLE)"), exit(1); + + /* Reset counter. */ + __atomic_store_n(&buf[0], 0, __ATOMIC_RELAXED); + + /* =3D=3D=3D Trigger syscall(s) here =3D=3D=3D */ + read(-1, NULL, 0); + + /* Read how many words were written. */ + n =3D __atomic_load_n(&buf[0], __ATOMIC_RELAXED); + + /* Parse TLV records. */ + i =3D 1; + while (i < n) { + uint64_t type_seq =3D buf[i]; + uint64_t pc =3D buf[i + 1]; + uint64_t meta =3D buf[i + 2]; + uint32_t type =3D (type_seq >> 28) & 0xF; + uint32_t seq =3D type_seq & 0x00FFFFFF; + uint32_t arg_idx =3D (meta >> 56) & 0xFF; + uint32_t size =3D (meta >> 48) & 0xFF; + + printf("[%s] seq=3D%u pc=3D0x%lx arg_idx=3D%u size=3D%u val=3D= 0x%lx\n", + type =3D=3D 0xE ? "ENTRY" : "RET", + seq, pc, arg_idx, size, buf[i + 3]); + i +=3D 4; /* minimum record size: 3 header + 1 value */ + } + + if (ioctl(fd, KCOV_DF_DISABLE, 0)) + perror("ioctl(DISABLE)"), exit(1); + + munmap(buf, BUF_SIZE * sizeof(uint64_t)); + close(fd); + return 0; + } + +Ring buffer format +------------------ + +The buffer is an array of ``u64`` words:: + + buf[0]: atomic counter =E2=80=94 total words written + +Each record occupies 3 + N words: + ++--------+------------------+---------------------------------------------+ +| Offset | Field | Description | ++=3D=3D=3D=3D=3D=3D=3D=3D+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ +| 0 | type_and_seq | bits[31:28] =3D 0xE (entry) or 0xF (return),= | +| | | bits[23:0] =3D per-task sequence number = | ++--------+------------------+---------------------------------------------+ +| 1 | pc | Instrumented function address = | ++--------+------------------+---------------------------------------------+ +| 2 | meta | bits[63:56] =3D arg_idx (0 for return), = | +| | | bits[55:48] =3D size in bytes, = | +| | | bits[47:0] =3D raw pointer value = | ++--------+------------------+---------------------------------------------+ +| 3..N | field_val[0..N] | Struct field values or single scalar = | ++--------+------------------+---------------------------------------------+ + +Magic values: + +- ``0xBADADD85``: field read failed (pointer was invalid/freed/poisoned) + +Safety +------ + +- Callbacks are ``notrace``, ``__no_sanitize_coverage``, ``noinline`` + to prevent recursion. +- All pointer reads use ``copy_from_kernel_nofault()`` =E2=80=94 survives + freed, poisoned, or unmapped memory. +- An ``in_task()`` guard rejects calls from hardirq/softirq/NMI context, + preventing reentrant buffer corruption. +- No ``printk`` or allocation in the data path. +- When not enabled for a task, overhead is a single boolean check. + +Ioctl interface +--------------- + ++---------------------+----------------------------+----------------------= -----+ +| Command | Value | Description = | ++=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D+ +| KCOV_DF_INIT_TRACE | ``_IOR('d', 1, unsigned | Allocate buffer = | +| | long)`` | (size in u64 words) = | ++---------------------+----------------------------+----------------------= -----+ +| KCOV_DF_ENABLE | ``_IO('d', 100)`` | Start collection for = | +| | | current task = | ++---------------------+----------------------------+----------------------= -----+ +| KCOV_DF_DISABLE | ``_IO('d', 101)`` | Stop collection = | ++---------------------+----------------------------+----------------------= -----+ + +Compatibility +------------- + +KCOV-Dataflow is completely independent from legacy KCOV: + +- Separate device: ``/sys/kernel/debug/kcov_dataflow`` +- Separate ioctl namespace (``'d'`` vs ``'c'``) +- Separate per-task buffer +- Both can be used simultaneously without interference +- syzkaller and other KCOV users are unaffected + +Rust module support +------------------- + +Rust kernel modules are supported via a post-compilation pipeline:: + + rustc --emit=3Dllvm-ir -g module.rs + opt -passes=3Dsancov-module \ + -sanitizer-coverage-dataflow-args \ + -sanitizer-coverage-dataflow-ret module.ll -S -o module_inst.ll + llc -filetype=3Dobj module_inst.ll -o module.o + +This is the good method for capturing Rust function arguments at runtime. + + +Tracing child processes (fork interception) +------------------------------------------- + +KCOV-Dataflow is per-task: after ``fork()``, the child does not inherit +the enabled state. To trace child processes, re-enable on the inherited +file descriptor in the child before ``exec()``. The ``mmap``'d buffer is +shared (``MAP_SHARED``), so both parent and child write to the same ring +buffer atomically. + +.. code-block:: c + + #include + #include + #include + #include + #include + #include + #include + #include + + #define KCOV_DF_INIT_TRACE _IOR('d', 1, unsigned long) + #define KCOV_DF_ENABLE _IO('d', 100) + #define KCOV_DF_DISABLE _IO('d', 101) + #define BUF_SIZE (64 << 10) + + int main(int argc, char **argv) + { + int fd =3D open("/sys/kernel/debug/kcov_dataflow", O_RDWR); + ioctl(fd, KCOV_DF_INIT_TRACE, BUF_SIZE); + uint64_t *buf =3D mmap(NULL, BUF_SIZE * 8, + PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + + /* Enable for parent task */ + ioctl(fd, KCOV_DF_ENABLE, 0); + __atomic_store_n(&buf[0], 0, __ATOMIC_RELAXED); + + pid_t pid =3D fork(); + if (pid =3D=3D 0) { + /* Child: re-enable on inherited fd. + * The shared mmap buffer receives records from both tasks. + */ + ioctl(fd, KCOV_DF_ENABLE, 0); + execvp(argv[1], &argv[1]); + _exit(1); + } + + waitpid(pid, NULL, 0); + ioctl(fd, KCOV_DF_DISABLE, 0); + + uint64_t n =3D __atomic_load_n(&buf[0], __ATOMIC_RELAXED); + printf("Captured %lu words from parent + child\n", n); + + munmap(buf, BUF_SIZE * 8); + close(fd); + return 0; + } + +Note: the child's ``ioctl(fd, KCOV_DF_ENABLE)`` will fail if the parent +has not yet called ``KCOV_DF_DISABLE``, because only one task can be +associated with a descriptor at a time. For true multi-process tracing, +open a separate ``kcov_dataflow`` fd per child, or disable in the parent +before the child enables (as shown above =E2=80=94 the parent is blocked in +``waitpid`` so it generates no records during that time anyway). diff --git a/kernel/Makefile b/kernel/Makefile index 1e1a31673577..9c56421c5390 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -37,6 +37,7 @@ KCOV_INSTRUMENT_extable.o :=3D n KCOV_INSTRUMENT_stacktrace.o :=3D n # Don't self-instrument. KCOV_INSTRUMENT_kcov.o :=3D n +KCOV_DATAFLOW_kcov.o :=3D n # If sanitizers detect any issues in kcov, it may lead to recursion # via printk, etc. KASAN_SANITIZE_kcov.o :=3D n @@ -207,3 +208,5 @@ $(obj)/kheaders.md5: $(obj)/kheaders-srclist FORCE $(call filechk,kheaders_md5sum) =20 clean-files :=3D kheaders.md5 kheaders-srclist kheaders-objlist +KCOV_DATAFLOW_extable.o :=3D n +KCOV_DATAFLOW_softirq.o :=3D n diff --git a/kernel/kcov.c b/kernel/kcov.c index 373b8034ca5c..8d9d5e33549f 100644 --- a/kernel/kcov.c +++ b/kernel/kcov.c @@ -413,6 +413,16 @@ kcov_df_write(u64 type_marker, u64 pc, u64 meta, void = *ptr, if (!in_task()) return; =20 + /* + * Prevent recursion: functions called by this callback + * (copy_from_kernel_nofault, xadd helpers) may be instrumented + * with INSTRUMENT_ALL. Use a per-task guard via the sequence + * counter's high bit. + */ + if (t->kcov_dataflow_seq & (1U << 31)) + return; + t->kcov_dataflow_seq |=3D (1U << 31); + area =3D (u64 *)t->kcov_df_area; if (!area) return; @@ -449,7 +459,7 @@ kcov_df_write(u64 type_marker, u64 pc, u64 meta, void *= ptr, if (KCOV_DF_IS_ERR(ptr)) { for (i =3D 0; i < num_fields; i++) area[pos + 3 + i] =3D KCOV_DF_MAGIC_BAD; - return; + goto out; } for (i =3D 0; i < num_fields; i++) { u64 off, sz, val =3D KCOV_DF_MAGIC_BAD; @@ -469,6 +479,8 @@ kcov_df_write(u64 type_marker, u64 pc, u64 meta, void *= ptr, area[pos + 3 + i] =3D val; } } +out: + t->kcov_dataflow_seq &=3D ~(1U << 31); } =20 #ifdef CONFIG_KCOV_DATAFLOW_ARGS --=20 2.43.0