Stack unwinding produces large amounts of uninteresting coverage.
It's called from KASAN kmalloc/kfree hooks, fault injection, etc.
It's not particularly useful and is not a function of system call args.
Ignore that code.

Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Alexander Potapenko <glider@google.com>
Reviewed-by: Marco Elver <elver@google.com>
Cc: x86@kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: syzkaller@googlegroups.com
---
 arch/x86/kernel/Makefile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 20a0dd51700a..cd49ebfae984 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -39,6 +39,14 @@ KMSAN_SANITIZE_sev.o					:= n
 # first second.
 KCOV_INSTRUMENT_head$(BITS).o				:= n
 KCOV_INSTRUMENT_sev.o					:= n
+# These are called from save_stack_trace() on debug paths,
+# and produce large amounts of uninteresting coverage.
+KCOV_INSTRUMENT_stacktrace.o				:= n
+KCOV_INSTRUMENT_dumpstack.o				:= n
+KCOV_INSTRUMENT_dumpstack_$(BITS).o			:= n
+KCOV_INSTRUMENT_unwind_orc.o				:= n
+KCOV_INSTRUMENT_unwind_frame.o				:= n
+KCOV_INSTRUMENT_unwind_guess.o				:= n
 
 CFLAGS_irq.o := -I $(src)/../include/asm/trace
 
-- 
2.45.2.505.gda0bf45e8d-goog

On Tue, Jun 11, 2024 at 09:50:33AM +0200, Dmitry Vyukov wrote:
> Stack unwinding produces large amounts of uninteresting coverage.
> It's called from KASAN kmalloc/kfree hooks, fault injection, etc.
> It's not particularly useful and is not a function of system call args.
> Ignore that code.

This stems from KCOV's purpose being guiding syzkaller as opposed to it
being a more general coverage tool, right?

Is that spelled out anywhere?

Anyway,

Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Reviewed-by: Alexander Potapenko <glider@google.com>
> Reviewed-by: Marco Elver <elver@google.com>
> Cc: x86@kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: syzkaller@googlegroups.com
> ---
>  arch/x86/kernel/Makefile | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> index 20a0dd51700a..cd49ebfae984 100644
> --- a/arch/x86/kernel/Makefile
> +++ b/arch/x86/kernel/Makefile
> @@ -39,6 +39,14 @@ KMSAN_SANITIZE_sev.o					:= n
>  # first second.
>  KCOV_INSTRUMENT_head$(BITS).o				:= n
>  KCOV_INSTRUMENT_sev.o					:= n
> +# These are called from save_stack_trace() on debug paths,
> +# and produce large amounts of uninteresting coverage.
> +KCOV_INSTRUMENT_stacktrace.o				:= n
> +KCOV_INSTRUMENT_dumpstack.o				:= n
> +KCOV_INSTRUMENT_dumpstack_$(BITS).o			:= n
> +KCOV_INSTRUMENT_unwind_orc.o				:= n
> +KCOV_INSTRUMENT_unwind_frame.o				:= n
> +KCOV_INSTRUMENT_unwind_guess.o				:= n
>  
>  CFLAGS_irq.o := -I $(src)/../include/asm/trace
>  
> -- 
> 2.45.2.505.gda0bf45e8d-goog
>

On Wed, 19 Jun 2024 at 13:23, Peter Zijlstra <peterz@infradead.org> wrote:
>
> On Tue, Jun 11, 2024 at 09:50:33AM +0200, Dmitry Vyukov wrote:
> > Stack unwinding produces large amounts of uninteresting coverage.
> > It's called from KASAN kmalloc/kfree hooks, fault injection, etc.
> > It's not particularly useful and is not a function of system call args.
> > Ignore that code.
>
> This stems from KCOV's purpose being guiding syzkaller as opposed to it
> being a more general coverage tool, right?
>
> Is that spelled out anywhere?

It may be used for other similar purposes as well, e.g. collecting
unit test coverage (not the whole kernel, but a single specific test
provided that even other tests can run and collect their own coverage
in parallel).

It's spelled explicitly in the docs:

https://elixir.bootlin.com/linux/latest/source/Documentation/dev-tools/kcov.rst

"""
KCOV collects and exposes kernel code coverage information in a form suitable
for coverage-guided fuzzing .... Coverage collection is enabled on a
task basis, and
thus KCOV can capture precise coverage of a single system call.

Note that KCOV does not aim to collect as much coverage as possible. It aims
to collect more or less stable coverage that is a function of syscall inputs.
To achieve this goal, it does not collect coverage in soft/hard interrupts...
"""



> Anyway,
>
> Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>

Thanks for your reviews, Peter!


> > Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> > Reviewed-by: Alexander Potapenko <glider@google.com>
> > Reviewed-by: Marco Elver <elver@google.com>
> > Cc: x86@kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > Cc: syzkaller@googlegroups.com
> > ---
> >  arch/x86/kernel/Makefile | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> >
> > diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> > index 20a0dd51700a..cd49ebfae984 100644
> > --- a/arch/x86/kernel/Makefile
> > +++ b/arch/x86/kernel/Makefile
> > @@ -39,6 +39,14 @@ KMSAN_SANITIZE_sev.o                                       := n
> >  # first second.
> >  KCOV_INSTRUMENT_head$(BITS).o                                := n
> >  KCOV_INSTRUMENT_sev.o                                        := n
> > +# These are called from save_stack_trace() on debug paths,
> > +# and produce large amounts of uninteresting coverage.
> > +KCOV_INSTRUMENT_stacktrace.o                         := n
> > +KCOV_INSTRUMENT_dumpstack.o                          := n
> > +KCOV_INSTRUMENT_dumpstack_$(BITS).o                  := n
> > +KCOV_INSTRUMENT_unwind_orc.o                         := n
> > +KCOV_INSTRUMENT_unwind_frame.o                               := n
> > +KCOV_INSTRUMENT_unwind_guess.o                               := n
> >
> >  CFLAGS_irq.o := -I $(src)/../include/asm/trace
> >
> > --
> > 2.45.2.505.gda0bf45e8d-goog
> >
>
> --
> You received this message because you are subscribed to the Google Groups "syzkaller" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to syzkaller+unsubscribe@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/syzkaller/20240619112332.GL31592%40noisy.programming.kicks-ass.net.

On Tue, Jun 11, 2024 at 9:50 AM 'Dmitry Vyukov' via syzkaller
<syzkaller@googlegroups.com> wrote:
>
> Stack unwinding produces large amounts of uninteresting coverage.
> It's called from KASAN kmalloc/kfree hooks, fault injection, etc.
> It's not particularly useful and is not a function of system call args.
> Ignore that code.
>
> Signed-off-by: Dmitry Vyukov <dvyukov@google.com>
> Reviewed-by: Alexander Potapenko <glider@google.com>
> Reviewed-by: Marco Elver <elver@google.com>
> Cc: x86@kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: syzkaller@googlegroups.com
> ---
>  arch/x86/kernel/Makefile | 8 ++++++++
>  1 file changed, 8 insertions(+)
>
> diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
> index 20a0dd51700a..cd49ebfae984 100644
> --- a/arch/x86/kernel/Makefile
> +++ b/arch/x86/kernel/Makefile
> @@ -39,6 +39,14 @@ KMSAN_SANITIZE_sev.o                                 := n
>  # first second.
>  KCOV_INSTRUMENT_head$(BITS).o                          := n
>  KCOV_INSTRUMENT_sev.o                                  := n
> +# These are called from save_stack_trace() on debug paths,
> +# and produce large amounts of uninteresting coverage.
> +KCOV_INSTRUMENT_stacktrace.o                           := n
> +KCOV_INSTRUMENT_dumpstack.o                            := n
> +KCOV_INSTRUMENT_dumpstack_$(BITS).o                    := n
> +KCOV_INSTRUMENT_unwind_orc.o                           := n
> +KCOV_INSTRUMENT_unwind_frame.o                         := n
> +KCOV_INSTRUMENT_unwind_guess.o                         := n
>
>  CFLAGS_irq.o := -I $(src)/../include/asm/trace
>
> --

Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>