diff options
| author | Victor Chibotaru <tchibo@google.com> | 2017-08-16 14:09:58 +0200 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2017-08-30 18:40:14 +0200 |
| commit | 1336586b42f6118b19c3da932fd615e85a47c0b5 (patch) | |
| tree | 9dca68f389bc47373ff9b82981c33ffa1a0c41d7 /docs/linux_kernel_reporting_bugs.md | |
| parent | 1d0002255d805442ff43c5c4265950179aac77c9 (diff) | |
executor, fuzzer: change the way Syzkaller opens the KCOV device
We have implemented a new version of KCOV, which is able to dump
comparison operands' data, obtained from Clang's instrumentation hooks
__sanitizer_cov_trace_cmp[1248], __sanitizer_cov_trace_const_cmp[1248]
and __sanitizer_cov_trace_switch.
Current KCOV implementation can work in two modes: "Dump only the PCs"
or "Dump only comparisons' data". Mode selection is done by the
following series of calls:
fd = open(KCOV_PATH, ...); // works as previous
ioctl(fd, KCOV_INIT_TRACE, ...); // works as previous
mmap(fd, ...); // works as previous
ioctl(fd, KCOV_ENABLE, mode);
// mode = KCOV_MODE_TRACE_CMP or mode = KCOV_MODE_TRACE_PC
Note that this new interface is backwards compatible, as old KCOV
devices will just return -EINVAL for the last ioctl. This way we can
distinguish if the KCOV device is able to dump the comparisons.
Main changes in this commit:
1. Fuzzer now checks at startup which type (new/old) of KCOV device
is running.
2. Executor now receives an additional flag, which indicates if
executor should read the comparisons data from KCOV. The flag works on
per-call basis, so executor can collect PCs or Comps for each
individual syscall.
Diffstat (limited to 'docs/linux_kernel_reporting_bugs.md')
0 files changed, 0 insertions, 0 deletions