Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp2103571pxb; Sat, 21 Nov 2020 08:55:20 -0800 (PST) X-Google-Smtp-Source: ABdhPJxlgONrxKs283pJ3e1liCoAB8d3kItXym9SM81+OLHtpM3vRe+PK+YmkjIeSnoCYOcuLQhY X-Received: by 2002:a17:906:6987:: with SMTP id i7mr40130663ejr.18.1605977719862; Sat, 21 Nov 2020 08:55:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605977719; cv=none; d=google.com; s=arc-20160816; b=Dmfzi8gwKT8yLhGqVsfA4b5lKQEBirsPLU3UlO6+2Rk6gF31RtXQ1yvyaJcy4pfLo7 7SQdxg35gNNhkUzVf0bhPA2Gy6+GQaOQKKmHYADKZg+JB3QwJaDbWsRYmtG2QBorotxN CqElcTYTAKJkTG6y76K4jEH7EnU9XU0G67puE4Aerk0C1qIWzly13TZtT/vPnhirrnIU qrlMJMVWO+qf4X2BL1zs7MgoUiGBzJ6kJQq/ZJuFSk28hoVVZcJLsv54ZV8L0fHkcGiz OVVKiB3y69TftY0Zuxjl4ljIEObSmmNS1kI0Pp28ilFyJ5gKZvgvsjyixrhASXs8iLY+ bzPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=dwqDZ6SnT14kMapAlCeLpRg9xEAg9eC/QTtKch68t50=; b=ut50F9CEIkF3sWqov4+W5DIXmeq1rInxROWv019Can81EwHU1CTWeg2I4+sG6paGXZ 8tPzdnR0Jdm9gKaHpTZP+jYuHhSmC5XP2YDxjKgBo/PCJxqOYtEoT95+JqNDnRho1bF6 EsdbSpvaYQ7gt/lxT8p0TFEacgp1tDpIXqu1l8wRFodueq0cNMcNS3KqCUy8zjDrUN9b myYupW3/vktcfJGfTZaMcEjR0s0aEBJOZSH1Znc2qZL5IEcehzLLkdgxamOs4kGMW+SE csEdJTwnLeDTb3NXINAcukHZGGLSWvraecnEDFm0NjJCyf3dRlT2TdEQ7zFT1ImxlMGB Xcbw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id w8si3713334ejo.321.2020.11.21.08.54.56; Sat, 21 Nov 2020 08:55:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727215AbgKUQwg (ORCPT + 99 others); Sat, 21 Nov 2020 11:52:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50132 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726305AbgKUQwg (ORCPT ); Sat, 21 Nov 2020 11:52:36 -0500 Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [IPv6:2a0a:51c0:0:12e:520::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CC2D6C0613CF; Sat, 21 Nov 2020 08:52:35 -0800 (PST) Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92) (envelope-from ) id 1kgW7f-0006hd-5O; Sat, 21 Nov 2020 17:52:27 +0100 Date: Sat, 21 Nov 2020 17:52:27 +0100 From: Florian Westphal To: Ido Schimmel Cc: Aleksandr Nogikh , fw@strlen.de, davem@davemloft.net, kuba@kernel.org, johannes@sipsolutions.net, edumazet@google.com, andreyknvl@google.com, dvyukov@google.com, elver@google.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org, willemdebruijn.kernel@gmail.com, Aleksandr Nogikh , Willem de Bruijn Subject: Re: [PATCH v5 2/3] net: add kcov handle to skb extensions Message-ID: <20201121165227.GT15137@breakpoint.cc> References: <20201029173620.2121359-1-aleksandrnogikh@gmail.com> <20201029173620.2121359-3-aleksandrnogikh@gmail.com> <20201121160941.GA485907@shredder.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20201121160941.GA485907@shredder.lan> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Ido Schimmel wrote: > On Thu, Oct 29, 2020 at 05:36:19PM +0000, Aleksandr Nogikh wrote: > > From: Aleksandr Nogikh > > > > Remote KCOV coverage collection enables coverage-guided fuzzing of the > > code that is not reachable during normal system call execution. It is > > especially helpful for fuzzing networking subsystems, where it is > > common to perform packet handling in separate work queues even for the > > packets that originated directly from the user space. > > > > Enable coverage-guided frame injection by adding kcov remote handle to > > skb extensions. Default initialization in __alloc_skb and > > __build_skb_around ensures that no socket buffer that was generated > > during a system call will be missed. > > > > Code that is of interest and that performs packet processing should be > > annotated with kcov_remote_start()/kcov_remote_stop(). > > > > An alternative approach is to determine kcov_handle solely on the > > basis of the device/interface that received the specific socket > > buffer. However, in this case it would be impossible to distinguish > > between packets that originated during normal background network > > processes or were intentionally injected from the user space. > > > > Signed-off-by: Aleksandr Nogikh > > Acked-by: Willem de Bruijn > > [...] > > > @@ -249,6 +249,9 @@ struct sk_buff *__alloc_skb(unsigned int size, gfp_t gfp_mask, > > > > fclones->skb2.fclone = SKB_FCLONE_CLONE; > > } > > + > > + skb_set_kcov_handle(skb, kcov_common_handle()); > > Hi, > > This causes skb extensions to be allocated for the allocated skb, but > there are instances that blindly overwrite 'skb->extensions' by invoking > skb_copy_header() after __alloc_skb(). For example, skb_copy(), > __pskb_copy_fclone() and skb_copy_expand(). This results in the skb > extensions being leaked [1]. [..] > Other suggestions? Aleksandr, why was this made into an skb extension in the first place? AFAIU this feature is usually always disabled at build time. For debug builds (test farm /debug kernel etc) its always needed. If thats the case this u64 should be an sk_buff member, not an extension.