docs: various updates all over

3 files changed, 42 insertions, 3 deletions

diff --git a/docs/linux/coverage.md b/docs/linux/coverage.md
new file mode 100644
index 000000000..75be28d3f
--- /dev/null
+++ b/docs/linux/coverage.md
@@ -0,0 +1,32 @@
+# Coverage
+
+Syzkaller uses [kcov](https://www.kernel.org/doc/html/latest/dev-tools/kcov.html) to collect coverage from the kernel. kcov exports the address of each executed basic block, and syzkaller runtime uses tools from `binutils` (`objdump`, `nm`, `addr2line` and `readelf`) to map these addresses to lines and functions in the source code.
+
+## Binutils
+
+Note that if you are fuzzing in cross-arch environment you need to provide correct `binutils` cross-tools to syzkaller before starting `syz-manager`:
+
+``` bash
+mkdir -p ~/bin/mips64le
+ln -s `which mips64el-linux-gnuabi64-addr2line` ~/bin/mips64le/addr2line
+ln -s `which mips64el-linux-gnuabi64-nm` ~/bin/mips64le/nm
+ln -s `which mips64el-linux-gnuabi64-objdump` ~/bin/mips64le/objdump
+ln -s `which mips64el-linux-gnuabi64-readelf` ~/bin/mips64le/readelf
+export PATH=~/bin/mips64le:$PATH
+```
+
+### objdump
+
+`objdump` is used to parse PC value of each call to `__sanitizer_cov_trace_pc` in the kernel image. These PC values are representing all code that is built into kernel image. PC values exported by kcov are compared against these to determine coverage.
+
+### nm
+
+`nm` is used to parse address and size of each function in the kernel image. This information is used to map coverage data to functions. This is needed to find out whether certain functions are called at all.
+
+### addr2line
+
+`addr2line` is used for mapping PC values exported by kcov and parsed by `objdump` to source code files and lines.
+
+### readelf
+
+`readelf` is used to detect virtual memory offset. Executor truncates PC values into `uint32` before sending them to `syz-manager` and `syz-manager` has to detect the offset.
diff --git a/docs/linux/setup.md b/docs/linux/setup.md
index 8f25e9529..80fbf9e7a 100644
--- a/docs/linux/setup.md
+++ b/docs/linux/setup.md
@@ -1,14 +1,15 @@
 # How to set up syzkaller
 
-Below are the generic instructions for how to set up syzkaller to fuzz the Linux kernel.
-Instructions for a particular VM type or kernel arch can be found on these pages:
+Generic instructions on how to set up Linux kernel fuzzing with syzkaller are [below](setup.md#install).
+
+Instructions for a particular VM type or kernel architecture can be found on these pages:
 
 - [Setup: Ubuntu host, QEMU vm, x86-64 kernel](setup_ubuntu-host_qemu-vm_x86-64-kernel.md)
 - [Setup: Linux host, QEMU vm, arm64 kernel](setup_linux-host_qemu-vm_arm64-kernel.md)
 - [Setup: Linux host, QEMU vm, arm kernel](setup_linux-host_qemu-vm_arm-kernel.md)
 - [Setup: Linux host, Android device, arm32/64 kernel](setup_linux-host_android-device_arm-kernel.md)
 - [Setup: Linux isolated host](setup_linux-host_isolated.md)
-- [Setup: Ubuntu host, Odroid C2 board, arm64 kernel](setup_ubuntu-host_odroid-c2-board_arm64-kernel.md)
+- [Setup: Ubuntu host, Odroid C2 board, arm64 kernel](setup_ubuntu-host_odroid-c2-board_arm64-kernel.md) [outdated]
 
 ## Install
 
@@ -57,6 +58,10 @@ Note: older versions of Go toolchain formatted code in a slightly
 So if you are seeing unrelated code formatting diffs after running `make generate`
 or `make format`, you may be using `Go 1.10` or older. In such case update to `Go 1.13+`.
 
+### Environment
+
+You might need to properly setup `binutils` if you're fuzzing in a cross-arch environment as described [here](coverage.md#binutils).
+
 ### C Compiler
 
 Syzkaller is a coverage-guided fuzzer and therefore it needs the kernel to be built with coverage support, which requires a recent GCC version.
diff --git a/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md b/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md
index b9d61e9f6..99de2e450 100644
--- a/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md
+++ b/docs/linux/setup_ubuntu-host_odroid-c2-board_arm64-kernel.md
@@ -1,5 +1,7 @@
 # Setup: Ubuntu host, Odroid C2 board, arm64 kernel
 
+Note: these instructions are currently outdated, but can still be used as a reference.
+
 These are the instructions on how to fuzz the kernel on an [Odroid C2](http://www.hardkernel.com/main/products/prdt_info.php) board using Ubuntu 14.04 on the host machine and Ubuntu on the Odroid.
 
 ## Hardware setup