LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-13 11:42:38 +03:00
Code Issues Packages Projects Releases Wiki Activity
1ca33598da
ladybird/Userland/Utilities/kcov-example.cpp
Patrick Meyer 83f88df757 Kernel: Add option to build with coverage instrumentation and KCOV 
GCC and Clang allow us to inject a call to a function named
__sanitizer_cov_trace_pc on every edge. This function has to be defined
by us. By noting down the caller in that function we can trace the code
we have encountered during execution. Such information is used by
coverage guided fuzzers like AFL and LibFuzzer to determine if a new
input resulted in a new code path. This makes fuzzing much more
effective.

Additionally this adds a basic KCOV implementation. KCOV is an API that
allows user space to request the kernel to start collecting coverage
information for a given user space thread. Furthermore KCOV then exposes
the collected program counters to user space via a BlockDevice which can
be mmaped from user space.

This work is required to add effective support for fuzzing SerenityOS to
the Syzkaller syscall fuzzer. :^) :^)
2021-07-26 17:40:28 +02:00

60 lines
1.4 KiB
C++
Raw Blame History

/*
* Copyright (c) 2021, Patrick Meyer <git@the-space.agency>
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <fcntl.h>
#include <stdio.h>
#include <sys/ioctl.h>
#include <sys/ioctl_numbers.h>
#include <sys/kcov.h>
#include <sys/mman.h>
#include <unistd.h>
// Note: This program requires serenity to be built with the CMake build option
// ENABLE_KERNEL_COVERAGE_COLLECTION
int main(void)
{
constexpr size_t num_entries = 1024 * 100;
int fd = open("/dev/kcov", O_RDWR);
if (fd == -1) {
perror("open");
return 1;
}
if (ioctl(fd, KCOV_SETBUFSIZE, num_entries) == -1) {
perror("ioctl: KCOV_SETBUFSIZE");
return 1;
}
kcov_pc_t* cover = (kcov_pc_t*)mmap(NULL, num_entries * KCOV_ENTRY_SIZE,
PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (cover == MAP_FAILED) {
perror("mmap");
return 1;
}
if (ioctl(fd, KCOV_ENABLE) == -1) {
perror("ioctl: KCOV_ENABLE");
return 1;
}
cover[0] = 0;
// Example syscall so we actually cover some kernel code.
getppid();
if (ioctl(fd, KCOV_DISABLE) == -1) {
perror("ioctl: KCOV_DISABLE");
return 1;
}
u64 cov_idx = cover[0];
for (size_t idx = 1; idx <= cov_idx; idx++)
printf("%p\n", (void*)cover[idx]);
if (munmap(const_cast<u64*>(cover), num_entries * KCOV_ENTRY_SIZE) == -1) {
perror("munmap");
return 1;
}
close(fd);
return 0;
}
Reference in New Issue View Git Blame Copy Permalink