The KCOV driver implements collection of code coverage inside the kernel.
It can be enabled on a per process basis from userland, allowing the kernel
program counter to be collected during syscalls triggered by the same
process.
The device is oriented towards kernel fuzzers, in particular syzkaller.
Currently the only supported coverage type is -fsanitize-coverage=trace-pc.
The KCOV driver was initially developed in Linux. A driver based on the
same concept was then implemented in FreeBSD and OpenBSD.
Documentation is borrowed from OpenBSD and ATF tests from FreeBSD.
This patch has been prepared by Siddharth Muralee, improved by <maxv>
and polished by myself before importing into the mainline tree.
All ATF tests pass.
instruction would have resulted in Long Mode being enabled, we need to
manually enable Long Mode ourselves. We were already doing that correctly
in setstate, but not in the CR0 trap handler.
Problem initially reported by Aymeric Vincent; ArchLinux wouldn't boot,
now it does and works correctly.
While here, add CR0_ET in the CR0 mask, for the associated shadow to
be taken into account. Normally this shadow bit shouldn't be necessary,
but for now I keep it regardless.
mutexes which can sleep, but their context does not allow it.
Rewrite the TLB handling code to fix that. It becomes a bit complex. In
short, we use a per-VM generation number, which we increase on each TLB
flush, before sending a broadcast IPI to everybody. The IPIs cause a
#VMEXIT of each VCPU, and each VCPU Loop will synchronize the per-VM gen
with a per-VCPU copy, and apply the flushes as neededi lazily.
The behavior differs between AMD and Intel; in short, on Intel we don't
flush the hTLB (EPT cache) if a context switch of a VCPU occurs, so now,
we need to maintain a kcpuset to know which VCPU's hTLBs are active on
which hCPU. This creates some redundancy on Intel, ie there are cases
where we flush the hTLB several times unnecessarily; but hTLB flushes are
very rare, so there is no real performance regression.
The thing is lock-less and non-blocking, so it solves our problem.
instead of the whole ds structure.
besides triggering a recently added assert in netbsd32, this stops
exposing kernel addresses.
copy the mode clamping to 0777 from sem to shm and msg.
while here, make sure that the compat callers to sysv_ipc clear
the contents of the compat structure before setting the result
members to ensure padding bytes are cleared.
don't set/copy _sem_base, _msg_first, _msg_last or _shm_internal.
even if used, which seems very dodgy, they leak KVAs as well.
possibly this may affect linux binaries, in particular, the
comments around _shm_internal ("XXX Oh well.") may mean apps
rely upon these but hopefully not -- the comments date back to
rev 1.1 in 1995.
the _key, _seq and _msg_cbytes members are exported as before as
i found multiple consumers of these (no less than ipcs(1), and
they appear to be useful for debugging and more.
XXX: the naming of compat functions have too many styles. there
are at least 3 different ones changed here.
most accesses to the mount with fstrans mount info.
- Add "fmi_gone" to be true after unmount and add a counter of
outstanding mount infos so fstrans_clear_lwp_info() only runs
if there may be something to do.
- Move lookup of base mounts into per-lwp state.
- Keep a list of valid mounts for DIAGNOSTIC checks.
Don't take a mount reference for fstrans as it gets notified about the release.
Defer the final free of the mount to fstrans_mount_dtor() when fstrans
has released all references to this mount. Prevents the mount's memory
to be reused as a new mount before fstrans released all references.
Address PR kern/53928 modules/t_builtin:disable test case randomly fails.
valid "mnt_transinfo" and remove now unneeded flag IMNT_HAS_TRANS.
Run fstrans_start()/fstrans_done() on dead_rootmount if FSTRANS_DEAD_ENABLED.
Should become the default for DIAGNOSTIC in the future.
The v_mount field for vnodes on the same file system as "from"
is now stable for referenced vnodes.
VFS_RENAMELOCK no longer may use lock from an unreferenced and
freed "struct mount".
itself which controls whether or not we recognize the OCRED options.
Should fix the panic identified in PR kern/53991 (awaiting confirmation
from submitter).
(== 88E1000 with model number 0). It seems the PHY function is almost the
same as 88E1512. When we add 88E1512 related change to makphy.c, I21[01]
should be take into account.
- KNF.
