On Wed, 2020-10-07 at 10:17 +0000, Aleksandr Nogikh wrote: > From: Aleksandr Nogikh <nogikh@xxxxxxxxxx> > > This patch series enables remote KCOV coverage collection for the > mac80211 code that processes incoming 802.11 frames. These changes > make it possible to perform coverage-guided fuzzing in search of > remotely triggerable bugs. > > > The series consists of two commits. > 1. Remember kcov_handle for each sk_buff. This can later be used to > enable remote coverage for other network subsystems. > 2. Annotate the code that processes incoming 802.11 frames. > > Aleksandr Nogikh (2): > net: store KCOV remote handle in sk_buff Can you explain that a bit better? What is a "remote handle"? What does it do in the SKB? I guess I'd have to know more about "kcov_common_handle()" to understand this bit. > mac80211: add KCOV remote annotations to incoming frame processing This seems fine, but a bit too limited? You tagged only ieee80211_tasklet_handler() which calls ieee80211_rx() or ieee80211_tx_status(), but 1) I'm not even sure ieee80211_tx_status() counts (it's processing locally generated frames after they round-tripped into the driver (although in mesh it could be remote originated but retransmitted frames, so I guess it makes some sense?); and 2) there are many other ways that ieee80211_rx() could get called. It seems to me it'd make more sense to (also) annotate ieee80211_rx() itself? johannes
