From 9a518853aaea13e0a60411b7be7d3ff1f05962de Mon Sep 17 00:00:00 2001 From: Alexander Potapenko Date: Wed, 30 Jul 2025 10:44:47 +0200 Subject: pkg/flatrpc, pkg/vminfo, executor: introduce readonly coverage Add a new vminfo feature, FeatureKcovResetIoctl, that is true if the kernel supports ioctl(KCOV_RESET_TRACE) making it possible to reset the coverage buffer on the kernel side. This, in turn, allows us to map the coverage buffer read-only, which will prevent all sorts of userspace-generated corruptions at a cost of an extra syscall per program execution. The corresponding exec env flag, ExecEnv::ReadOnlyCoverage, turns on read-only coverage in the executor. It is enabled by default if FeatureKcovResetIoctl is on. --- pkg/flatrpc/flatrpc.fbs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'pkg/flatrpc/flatrpc.fbs') diff --git a/pkg/flatrpc/flatrpc.fbs b/pkg/flatrpc/flatrpc.fbs index 58dc7b292..3876af965 100644 --- a/pkg/flatrpc/flatrpc.fbs +++ b/pkg/flatrpc/flatrpc.fbs @@ -16,6 +16,7 @@ enum Feature : uint64 (bit_flags) { Comparisons, ExtraCoverage, DelayKcovMmap, + KcovResetIoctl, SandboxNone, SandboxSetuid, SandboxNamespace, @@ -135,6 +136,7 @@ enum RequestFlag : uint64 (bit_flags) { enum ExecEnv : uint64 (bit_flags) { Debug, // debug output from executor Signal, // collect feedback signals (coverage) + ReadOnlyCoverage, // map coverage as readonly, use an ioctl to reset it ResetState, // fully reset executor state befor executing the test SandboxNone, // minimal sandboxing SandboxSetuid, // impersonate nobody user -- cgit mrf-deployment