[PATCH 2/2] mac80211: add KCOV remote annotations to incoming frame processing

From: Aleksandr Nogikh
Date: Wed Oct 07 2020 - 06:18:10 EST


From: Aleksandr Nogikh <nogikh@xxxxxxxxxx>

Add KCOV remote annotations to ieee80211_iface_work and
ieee80211_tasklet_handler. This will enable coverage-guided fuzzing of
mac80211 code that processes incoming 802.11 frames.

Signed-off-by: Aleksandr Nogikh <nogikh@xxxxxxxxxx>
---
net/mac80211/iface.c | 2 ++
net/mac80211/main.c | 2 ++
2 files changed, 4 insertions(+)

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 240862a74a0f..482d2ae46e71 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1377,6 +1377,7 @@ static void ieee80211_iface_work(struct work_struct *work)
while ((skb = skb_dequeue(&sdata->skb_queue))) {
struct ieee80211_mgmt *mgmt = (void *)skb->data;

+ kcov_remote_start_common(skb_get_kcov_handle(skb));
if (ieee80211_is_action(mgmt->frame_control) &&
mgmt->u.action.category == WLAN_CATEGORY_BACK) {
int len = skb->len;
@@ -1486,6 +1487,7 @@ static void ieee80211_iface_work(struct work_struct *work)
}

kfree_skb(skb);
+ kcov_remote_stop();
}

/* then other type-dependent work */
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 523380aed92e..d7eebafc14e0 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -227,6 +227,7 @@ static void ieee80211_tasklet_handler(unsigned long data)

while ((skb = skb_dequeue(&local->skb_queue)) ||
(skb = skb_dequeue(&local->skb_queue_unreliable))) {
+ kcov_remote_start_common(skb_get_kcov_handle(skb));
switch (skb->pkt_type) {
case IEEE80211_RX_MSG:
/* Clear skb->pkt_type in order to not confuse kernel
@@ -244,6 +245,7 @@ static void ieee80211_tasklet_handler(unsigned long data)
dev_kfree_skb(skb);
break;
}
+ kcov_remote_stop();
}
}

--
2.28.0.806.g8561365e88-goog