|
|
@@ -172,6 +172,39 @@ config KERNEL_KASAN_INLINE
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
+config KERNEL_KCOV
|
|
|
+ bool "Compile the kernel with code coverage for fuzzing"
|
|
|
+ select KERNEL_DEBUG_FS
|
|
|
+ help
|
|
|
+ KCOV exposes kernel code coverage information in a form suitable
|
|
|
+ for coverage-guided fuzzing (randomized testing).
|
|
|
+
|
|
|
+ If RANDOMIZE_BASE is enabled, PC values will not be stable across
|
|
|
+ different machines and across reboots. If you need stable PC values,
|
|
|
+ disable RANDOMIZE_BASE.
|
|
|
+
|
|
|
+ For more details, see Documentation/kcov.txt.
|
|
|
+
|
|
|
+config KERNEL_KCOV_ENABLE_COMPARISONS
|
|
|
+ bool "Enable comparison operands collection by KCOV"
|
|
|
+ depends on KERNEL_KCOV
|
|
|
+ help
|
|
|
+ KCOV also exposes operands of every comparison in the instrumented
|
|
|
+ code along with operand sizes and PCs of the comparison instructions.
|
|
|
+ These operands can be used by fuzzing engines to improve the quality
|
|
|
+ of fuzzing coverage.
|
|
|
+
|
|
|
+config KERNEL_KCOV_INSTRUMENT_ALL
|
|
|
+ bool "Instrument all code by default"
|
|
|
+ depends on KERNEL_KCOV
|
|
|
+ default y if KERNEL_KCOV
|
|
|
+ help
|
|
|
+ If you are doing generic system call fuzzing (like e.g. syzkaller),
|
|
|
+ then you will want to instrument the whole kernel and you should
|
|
|
+ say y here. If you are doing more targeted fuzzing (like e.g.
|
|
|
+ filesystem fuzzing with AFL) then you will want to enable coverage
|
|
|
+ for more specific subsets of files, and should say n here.
|
|
|
+
|
|
|
config KERNEL_TASKSTATS
|
|
|
bool "Compile the kernel with task resource/io statistics and accounting"
|
|
|
default n
|
Hauke Mehrtens