Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1077419ybl;
        Thu, 12 Dec 2019 09:17:03 -0800 (PST)
X-Google-Smtp-Source: APXvYqwOKascIO03IAc205HfPRahfnM7v5ZBVG5SEQ3ltSxhliuqH1nrqfZWTc7MNcv0d+95N+GD
X-Received: by 2002:a05:6830:1608:: with SMTP id g8mr8844604otr.169.1576171023225;
        Thu, 12 Dec 2019 09:17:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576171023; cv=none;
        d=google.com; s=arc-20160816;
        b=I3jVIf7obX1AikT1g2LU350d38IOv7359V35NwPKEad3EUbWqDlkg6DGVWzmXA2lmg
         7y4OfTQsgtIrnXril/qlvGgAGyssDiJwqt+rYGh7AJRyEn5XjSh0GP8WozSqLgJohgfy
         3MNIIGmPwpDpW0IAjbTKt2EBy5ilIc2UvBG+msWYaHoW9XiZUdN4CxzW6O5m0zHdkF/c
         q2Sg2+m+iC7XAr5qIK5VLn7oao2G++fdlxWdjVKOhJXlUfmGs9CjV4jaizyvnWL8fzun
         uYwBEI/5dQ7Bl49qWnfJP2FF4ntzYiadludSQMGswjCCUDL5UvRrnhDjsFqmvfNXI+8Q
         7vJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=JRGxEMxXqyLwwq/VLC1I/z+abNsCoEB8oREoiMjCzw4=;
        b=esrPj9oTerjbwsntVzgMM7yOmS3Gy/k4z9j8DeK4adyxHh1VwZxa8JZdhPEdS22HcI
         TomVy1Fkj8oTDzVRbX1S7bU+ZHpJWXa2Uy7h81cI+mWWBIB+tkvNL7Di7cHcApGXt0t9
         5jyWepwX1vJN76U0K/Sh0xFpRBc5ZtLR4ZKrbKeNSbxBtkaDF6sRhdDGXb83KSvqEe69
         HFejQ+dnwk0i+G/+DS2vakLilOLS+BlhCvqrJ0Sn6f/M+cA77U63JH/KE1knB3y3h44v
         Ty6Of6VbPGpXi3ZT0+bTFKn5JdYgr1shuE0pLhcuVMmqsSmfktpKIBB3cbXsSeMJ9RJz
         lgiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=CYurTowC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p3si3385563oih.186.2019.12.12.09.16.49;
        Thu, 12 Dec 2019 09:17:03 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=CYurTowC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730162AbfLLRP5 (ORCPT <rfc822;dafubiji@gmail.com> + 99 others);
        Thu, 12 Dec 2019 12:15:57 -0500
Received: from mail-wr1-f74.google.com ([209.85.221.74]:44250 "EHLO
        mail-wr1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730133AbfLLRP4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Dec 2019 12:15:56 -0500
Received: by mail-wr1-f74.google.com with SMTP id u18so1274616wrn.11
        for <linux-kernel@vger.kernel.org>; Thu, 12 Dec 2019 09:15:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=JRGxEMxXqyLwwq/VLC1I/z+abNsCoEB8oREoiMjCzw4=;
        b=CYurTowCo3NeG9CHGHLholAE9mQNbdbGPDQT49R1Lmtubio4iN/318jMH33rG87Zjx
         wGL2YpYyAP3jue6mIO/AJQdIcqonRk3zhhei52OeHFzo/nLWR/R6NiZ+p7TjFhcXUs35
         KYUhTcdOJS0KnlTq8VdpEcfj3NFzJfosFzgpm2T4Db0U5vyx35ofw0rUWO1/GUc//etY
         zMC+euWL6VwIs/k94lLaKxtupRwAJHx0TUG3xZ44bj/kAJadj4vwGECoJoVdhLhGaEpV
         JtfEpm1Sd5A4a8du8BD++qHOFbFv6yFdbAFnpTuGSJpnk1I7u9RbLoze9dutvq8dzNsp
         ln7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=JRGxEMxXqyLwwq/VLC1I/z+abNsCoEB8oREoiMjCzw4=;
        b=IB1zDJCkpUdPYo1pttkWIBWRIqzl3fAhKrMTmayC+jpca3263T6oPr3FVbKFzGlvyv
         3y0l73FU71ewxlOtdL8RZ+ZIo/F54gdMql1Br/+my8iCJ7Hsbe41ukJokpcZtU6DVETt
         CgOg/YThQCS8nJShddHAH4nPsVRE5RLAhMjX4tq6z1Dbryr5wVrBzDwm2FYaHyGyuDmm
         pDJaxEtxiB7C1/ZTeaHAeI3wo2GjLvzISvudPWHPhUpuJOMQKjBz0G6W7ZNVr1Nv4Yn4
         s9U016PqBknFQ12elRQFn57/+eDYYlDPGh59Lrc8gbCJAvgUqNC6di3zaXc4lBLCTNwF
         UkNA==
X-Gm-Message-State: APjAAAXm0eozELj6p0OMpTGdGeztX+/HaPhY42JdlQzsofDix1A6kOGx
        nG993BwoXnJ7OJbCLwClaZqXIj7iAwvoLb2a
X-Received: by 2002:a5d:6408:: with SMTP id z8mr7658035wru.122.1576170953138;
 Thu, 12 Dec 2019 09:15:53 -0800 (PST)
Date:   Thu, 12 Dec 2019 18:15:39 +0100
In-Reply-To: <cover.1576170740.git.andreyknvl@google.com>
Message-Id: <6b4b598d012d981c0c45fcc9f121ba210bd222f9.1576170740.git.andreyknvl@google.com>
Mime-Version: 1.0
References: <cover.1576170740.git.andreyknvl@google.com>
X-Mailer: git-send-email 2.24.1.735.g03f4e72817-goog
Subject: [PATCH RFC 2/2] HID: usbhid: kcov: add annotations for coverage collection
From:   Andrey Konovalov <andreyknvl@google.com>
To:     Dmitry Vyukov <dvyukov@google.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Alan Stern <stern@rowland.harvard.edu>,
        Jiri Kosina <jikos@kernel.org>,
        Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc:     Andrew Morton <akpm@linux-foundation.org>,
        linux-usb@vger.kernel.org, linux-input@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Alexander Potapenko <glider@google.com>,
        Marco Elver <elver@google.com>,
        Andrey Konovalov <andreyknvl@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This patch adds kcov_remote_start/stop() callbacks into usbhid code that
is executed in interrupt context. As the result, kcov can be used to
collect coverage from those parts of the code, which is used to facilitate
coverage-guided fuzzing with syzkaller.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
---
 drivers/hid/usbhid/hid-core.c | 25 ++++++++++++++++++++-----
 drivers/hid/usbhid/usbkbd.c   | 15 ++++++++++++---
 drivers/hid/usbhid/usbmouse.c |  7 ++++++-
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c
index c7bc9db5b192..3e825f27d882 100644
--- a/drivers/hid/usbhid/hid-core.c
+++ b/drivers/hid/usbhid/hid-core.c
@@ -274,6 +274,8 @@ static void hid_irq_in(struct urb *urb)
 	struct usbhid_device	*usbhid = hid->driver_data;
 	int			status;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	switch (urb->status) {
 	case 0:			/* success */
 		usbhid->retry_delay = 0;
@@ -300,12 +302,12 @@ static void hid_irq_in(struct urb *urb)
 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
 		set_bit(HID_CLEAR_HALT, &usbhid->iofl);
 		schedule_work(&usbhid->reset_work);
-		return;
+		goto out;
 	case -ECONNRESET:	/* unlink */
 	case -ENOENT:
 	case -ESHUTDOWN:	/* unplug */
 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
-		return;
+		goto out;
 	case -EILSEQ:		/* protocol error or unplug */
 	case -EPROTO:		/* protocol error or unplug */
 	case -ETIME:		/* protocol error or unplug */
@@ -313,7 +315,7 @@ static void hid_irq_in(struct urb *urb)
 		usbhid_mark_busy(usbhid);
 		clear_bit(HID_IN_RUNNING, &usbhid->iofl);
 		hid_io_error(hid);
-		return;
+		goto out;
 	default:		/* error */
 		hid_warn(urb->dev, "input irq status %d received\n",
 			 urb->status);
@@ -330,6 +332,9 @@ static void hid_irq_in(struct urb *urb)
 			hid_io_error(hid);
 		}
 	}
+
+out:
+	kcov_remote_stop();
 }
 
 static int hid_submit_out(struct hid_device *hid)
@@ -433,6 +438,8 @@ static void hid_irq_out(struct urb *urb)
 	unsigned long flags;
 	int unplug = 0;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	switch (urb->status) {
 	case 0:			/* success */
 		break;
@@ -459,7 +466,7 @@ static void hid_irq_out(struct urb *urb)
 				hid_submit_out(hid) == 0) {
 			/* Successfully submitted next urb in queue */
 			spin_unlock_irqrestore(&usbhid->lock, flags);
-			return;
+			goto out;
 		}
 	}
 
@@ -467,6 +474,9 @@ static void hid_irq_out(struct urb *urb)
 	spin_unlock_irqrestore(&usbhid->lock, flags);
 	usb_autopm_put_interface_async(usbhid->intf);
 	wake_up(&usbhid->wait);
+
+out:
+	kcov_remote_stop();
 }
 
 /*
@@ -480,6 +490,8 @@ static void hid_ctrl(struct urb *urb)
 	unsigned long flags;
 	int unplug = 0, status = urb->status;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	switch (status) {
 	case 0:			/* success */
 		if (usbhid->ctrl[usbhid->ctrltail].dir == USB_DIR_IN)
@@ -510,7 +522,7 @@ static void hid_ctrl(struct urb *urb)
 				hid_submit_ctrl(hid) == 0) {
 			/* Successfully submitted next urb in queue */
 			spin_unlock_irqrestore(&usbhid->lock, flags);
-			return;
+			goto out;
 		}
 	}
 
@@ -518,6 +530,9 @@ static void hid_ctrl(struct urb *urb)
 	spin_unlock_irqrestore(&usbhid->lock, flags);
 	usb_autopm_put_interface_async(usbhid->intf);
 	wake_up(&usbhid->wait);
+
+out:
+	kcov_remote_stop();
 }
 
 static void __usbhid_submit_report(struct hid_device *hid, struct hid_report *report,
diff --git a/drivers/hid/usbhid/usbkbd.c b/drivers/hid/usbhid/usbkbd.c
index d5b7a696a68c..eae46e51ca6a 100644
--- a/drivers/hid/usbhid/usbkbd.c
+++ b/drivers/hid/usbhid/usbkbd.c
@@ -102,13 +102,15 @@ static void usb_kbd_irq(struct urb *urb)
 	struct usb_kbd *kbd = urb->context;
 	int i;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	switch (urb->status) {
 	case 0:			/* success */
 		break;
 	case -ECONNRESET:	/* unlink */
 	case -ENOENT:
 	case -ESHUTDOWN:
-		return;
+		goto out;
 	/* -EPIPE:  should clear the halt */
 	default:		/* error */
 		goto resubmit;
@@ -148,6 +150,9 @@ static void usb_kbd_irq(struct urb *urb)
 		hid_err(urb->dev, "can't resubmit intr, %s-%s/input0, status %d",
 			kbd->usbdev->bus->bus_name,
 			kbd->usbdev->devpath, i);
+
+out:
+	kcov_remote_stop();
 }
 
 static int usb_kbd_event(struct input_dev *dev, unsigned int type,
@@ -192,6 +197,8 @@ static void usb_kbd_led(struct urb *urb)
 	unsigned long flags;
 	struct usb_kbd *kbd = urb->context;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	if (urb->status)
 		hid_warn(urb->dev, "led urb status %d received\n",
 			 urb->status);
@@ -201,7 +208,7 @@ static void usb_kbd_led(struct urb *urb)
 	if (*(kbd->leds) == kbd->newleds){
 		kbd->led_urb_submitted = false;
 		spin_unlock_irqrestore(&kbd->leds_lock, flags);
-		return;
+		goto out;
 	}
 
 	*(kbd->leds) = kbd->newleds;
@@ -212,7 +219,9 @@ static void usb_kbd_led(struct urb *urb)
 		kbd->led_urb_submitted = false;
 	}
 	spin_unlock_irqrestore(&kbd->leds_lock, flags);
-	
+
+out:
+	kcov_remote_stop();
 }
 
 static int usb_kbd_open(struct input_dev *dev)
diff --git a/drivers/hid/usbhid/usbmouse.c b/drivers/hid/usbhid/usbmouse.c
index 073127e65ac1..f470ffa8fa87 100644
--- a/drivers/hid/usbhid/usbmouse.c
+++ b/drivers/hid/usbhid/usbmouse.c
@@ -53,13 +53,15 @@ static void usb_mouse_irq(struct urb *urb)
 	struct input_dev *dev = mouse->dev;
 	int status;
 
+	kcov_remote_start_usb((u64)urb->dev->bus->busnum);
+
 	switch (urb->status) {
 	case 0:			/* success */
 		break;
 	case -ECONNRESET:	/* unlink */
 	case -ENOENT:
 	case -ESHUTDOWN:
-		return;
+		goto out;
 	/* -EPIPE:  should clear the halt */
 	default:		/* error */
 		goto resubmit;
@@ -83,6 +85,9 @@ static void usb_mouse_irq(struct urb *urb)
 			"can't resubmit intr, %s-%s/input0, status %d\n",
 			mouse->usbdev->bus->bus_name,
 			mouse->usbdev->devpath, status);
+
+out:
+	kcov_remote_stop();
 }
 
 static int usb_mouse_open(struct input_dev *dev)
-- 
2.24.1.735.g03f4e72817-goog