Received: by 2002:a5d:9c59:0:0:0:0:0 with SMTP id 25csp1795978iof; Tue, 7 Jun 2022 11:29:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMLK+fooXuxRj9aQ85rwH7eTSFoDT3cKR4FxfinvbnoN+jF0ISDPo1+WsRlhT6hHrXITNM X-Received: by 2002:a17:90a:a085:b0:1e0:97ee:c263 with SMTP id r5-20020a17090aa08500b001e097eec263mr33611458pjp.110.1654626580152; Tue, 07 Jun 2022 11:29:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1654626580; cv=none; d=google.com; s=arc-20160816; b=Lu8MdLWMk+4zX+/mKnn/vHwmt5Z2Kq45kDpAQYH/2c/6i6bwS7NMfGjGFrSnEwU3TM dHn/G0E7DyuUCY5npi9fDF3QvGaumzPb6PRyeyWfOiKR26OyPH7N6BejBhKSSbg1J84X HLibHdnYbKtbWIXCbZw8ZThGgQ6JSIZrTdRm59ugdufMMeNjorwLQ9aQWTNUasg2PYFZ 9zSNhTLjfo4kSwGo7MNoGKIZIqEjCsoU7NxNh/ZgcRUUVazD0VtOtr90QBXlhykV/zxW z0wzaYPEbUyDq1AQC9RbmB1LYpy9tV4T9m4UjuyVRuWFvzHeK76G+6FQAoo5Wu2lQR/X snnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CC06lgSkGCWh2r8wfAjwA7M8zDgeCJ0ppn5yYsqmoig=; b=lY+mTBybv6zqocMq9804j83UY4nfdTp6Qr3n7t/uyemk2Mqfh35Xj2aNESCJO4OdcK IyXUHBKVEdoh+04WmAuCmtcus+iVgekqx3cBLT7aN/7+f/E8qZdpKa5ahgDj2fy/l1FL X5dGWrBMUlAvV9piNSb+qZKgDe/RXDo6lkqvSfkh0RCWZlmh3ibRKF3GfsRRLP/hq7bW 2YBOGomHy3XYZmZSs2lHOI/d2EepH1daiHzeml9Kgf18Opl4AU5avQKI8fRQTkBlM8k+ nTw9f+uHfrGLg2t3vkPTKVBavVno5kiNKkrsMuTnl1QWFZMa367hbPiChSTpT39idDrK GQ0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HqM5sBfI; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u8-20020a170903124800b0016179fd5795si27841149plh.162.2022.06.07.11.29.13; Tue, 07 Jun 2022 11:29:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=HqM5sBfI; spf=pass (google.com: domain of linux-bluetooth-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S243071AbiFGLoj (ORCPT + 99 others); Tue, 7 Jun 2022 07:44:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51066 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242263AbiFGLoi (ORCPT ); Tue, 7 Jun 2022 07:44:38 -0400 Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 853256D1A9 for ; Tue, 7 Jun 2022 04:44:36 -0700 (PDT) Received: by mail-ot1-x331.google.com with SMTP id 61-20020a9d0bc3000000b0060b9bfcfe76so12716820oth.9 for ; Tue, 07 Jun 2022 04:44:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CC06lgSkGCWh2r8wfAjwA7M8zDgeCJ0ppn5yYsqmoig=; b=HqM5sBfI+Wffho9iQKZFCEXNcdbw+bZ00r50l6VV2zoaRZm3V64sxJZIx0FGeKUUA6 TKzNgYEbcrLQn5eE3KEEGL6HCVLLNpQW+rp0ZuUwlR28dz67wARscmwnXF4ZKfpl3H94 k2/HYjU7+2Xt35P9Qz4g3YixC9T21Bp5z816THKeYPEXa4sJk2GHjN4yyFf5sYDzOFj6 nqzf5QpOOAFNMSo7Tt8b8TD6DYq87i/0uqBpd4nbSmlA9yxw7qOycxFzIOKQj8LPYvIb 30Z6OO0vgjLuXEiJy3ACjdeaBpCDVbw3DtqjlTonVvEx9hjZhYjjuchZVQXP8LoOenWD x6Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CC06lgSkGCWh2r8wfAjwA7M8zDgeCJ0ppn5yYsqmoig=; b=EX6/rjpdOQmraIbqbVpoSbQTitSkAWzPM7JTTuP3HK0ovbl/qUyUuJQFmjX5gZWfnT ndjlyUdfRkt9LRxPSpWeGwNXC744ug48Zfgoa0zOdDVO4t6GgQ9cMrpuwGoXjv9Aj5HP fZorF3VHbxfw5sfONv7Rr7yQk5GtdmFhm5xpCgFuNaBjPN9athVIG/Up/r5WsRqDHU56 2kCqyyPwg0gmO6cEzIUhkN/kbL1iGFIY2ZF9rutS6dKIJda4j/ZEJ7/7DiB9tUByfPvQ nnKQ4+rVemTLi56MWDFulCqPFVO4kDoL/74vslq9Jyw2F7iMNZHvq5FRxpkV44fNfQLf Qvtw== X-Gm-Message-State: AOAM530DTcHZ+jeIOjENj8jZSNkDynMLd03hhvz9wwBZ7JVMknlow+cX 8AQdf4SEPgBnlEXaR0tGk0i2vGCh5al97ARPveGjYg== X-Received: by 2002:a05:6830:1be8:b0:60c:1e7:52d7 with SMTP id k8-20020a0568301be800b0060c01e752d7mr2732437otb.126.1654602275684; Tue, 07 Jun 2022 04:44:35 -0700 (PDT) MIME-Version: 1.0 References: <20220607104015.2126118-1-poprdi@google.com> In-Reply-To: <20220607104015.2126118-1-poprdi@google.com> From: =?UTF-8?Q?Tam=C3=A1s_Koczka?= Date: Tue, 7 Jun 2022 13:44:24 +0200 Message-ID: Subject: Re: [PATCH v2] Bluetooth: Collect kcov coverage from hci_rx_work To: Marcel Holtmann Cc: Johan Hedberg , Luiz Augusto von Dentz , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Andy Nguyen , Aleksandr Nogikh Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-bluetooth@vger.kernel.org Hello Marcel, I added some comments into the code about what the kcov_remote calls do and why they were implemented and I also added some reasoning to the commit message. I did not mention in the commit but these functions only run if the kernel is compiled with CONFIG_KCOV. Thank you again for reviewing the patch! -- Tamas On Tue, Jun 7, 2022 at 12:40 PM Tamas Koczka wrote: > > Annotate hci_rx_work() with kcov_remote_start() and kcov_remote_stop() > calls, so remote KCOV coverage is collected while processing the rx_q > queue which is the main incoming Bluetooth packet queue. > > Coverage is associated with the thread which created the packet skb. > > The collected extra coverage helps kernel fuzzing efforts in finding > vulnerabilities. > > Signed-off-by: Tamas Koczka > --- > Changelog since v1: > - add comment about why kcov_remote functions are called > > v1: https://lore.kernel.org/all/20220517094532.2729049-1-poprdi@google.com/ > > net/bluetooth/hci_core.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c > index 45c2dd2e1590..0af43844c55a 100644 > --- a/net/bluetooth/hci_core.c > +++ b/net/bluetooth/hci_core.c > @@ -29,6 +29,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -3780,7 +3781,14 @@ static void hci_rx_work(struct work_struct *work) > > BT_DBG("%s", hdev->name); > > - while ((skb = skb_dequeue(&hdev->rx_q))) { > + /* The kcov_remote functions used for collecting packet parsing > + * coverage information from this background thread and associate > + * the coverage with the syscall's thread which originally injected > + * the packet. This helps fuzzing the kernel. > + */ > + for (; (skb = skb_dequeue(&hdev->rx_q)); kcov_remote_stop()) { > + kcov_remote_start_common(skb_get_kcov_handle(skb)); > + > /* Send copy to monitor */ > hci_send_to_monitor(hdev, skb); > > -- > 2.36.1.255.ge46751e96f-goog >