diff options
| author | Alexander Potapenko <glider@google.com> | 2025-07-30 10:44:47 +0200 |
|---|---|---|
| committer | Alexander Potapenko <glider@google.com> | 2025-07-31 12:27:19 +0000 |
| commit | 9a518853aaea13e0a60411b7be7d3ff1f05962de (patch) | |
| tree | 646ae2c9dc6f44b86ddf90fe2c90a89b7236fe06 /executor/executor.cc | |
| parent | dc769bad4c765a3c7b54150be90664e7a01caf40 (diff) | |
pkg/flatrpc, pkg/vminfo, executor: introduce readonly coverage
Add a new vminfo feature, FeatureKcovResetIoctl, that is true if the
kernel supports ioctl(KCOV_RESET_TRACE) making it possible to reset the
coverage buffer on the kernel side. This, in turn, allows us to map the
coverage buffer read-only, which will prevent all sorts of
userspace-generated corruptions at a cost of an extra syscall per program
execution.
The corresponding exec env flag, ExecEnv::ReadOnlyCoverage, turns on
read-only coverage in the executor. It is enabled by default
if FeatureKcovResetIoctl is on.
Diffstat (limited to 'executor/executor.cc')
| -rw-r--r-- | executor/executor.cc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc index a262bff83..25fba22e7 100644 --- a/executor/executor.cc +++ b/executor/executor.cc @@ -257,6 +257,7 @@ static uint64 start_time_ms = 0; static bool flag_debug; static bool flag_snapshot; static bool flag_coverage; +static bool flag_read_only_coverage; static bool flag_sandbox_none; static bool flag_sandbox_setuid; static bool flag_sandbox_namespace; @@ -777,6 +778,7 @@ void parse_handshake(const handshake_req& req) slowdown_scale = req.slowdown_scale; flag_debug = (bool)(req.flags & rpc::ExecEnv::Debug); flag_coverage = (bool)(req.flags & rpc::ExecEnv::Signal); + flag_read_only_coverage = (bool)(req.flags & rpc::ExecEnv::ReadOnlyCoverage); flag_sandbox_none = (bool)(req.flags & rpc::ExecEnv::SandboxNone); flag_sandbox_setuid = (bool)(req.flags & rpc::ExecEnv::SandboxSetuid); flag_sandbox_namespace = (bool)(req.flags & rpc::ExecEnv::SandboxNamespace); |