[OpenWrt-Devel] [PATCH 3/4] build: Add KCOV kernel code coverage for fuzzing

Hauke Mehrtens hauke.mehrtens at intel.com
Wed Feb 12 05:49:01 EST 2020

The adds an option to activate KCOV (Code coverage for fuzzing).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens at intel.com>
 config/Config-kernel.in | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/config/Config-kernel.in b/config/Config-kernel.in
index 3059a45f48..8e9e3518bf 100644
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -172,6 +172,39 @@ config KERNEL_KASAN_INLINE
+	bool "Compile the kernel with code coverage for fuzzing"
+	help
+	  KCOV exposes kernel code coverage information in a form suitable
+	  for coverage-guided fuzzing (randomized testing).
+	  If RANDOMIZE_BASE is enabled, PC values will not be stable across
+	  different machines and across reboots. If you need stable PC values,
+	  disable RANDOMIZE_BASE.
+	  For more details, see Documentation/kcov.txt.
+	bool "Enable comparison operands collection by KCOV"
+	depends on KERNEL_KCOV
+	help
+	  KCOV also exposes operands of every comparison in the instrumented
+	  code along with operand sizes and PCs of the comparison instructions.
+	  These operands can be used by fuzzing engines to improve the quality
+	  of fuzzing coverage.
+	bool "Instrument all code by default"
+	depends on KERNEL_KCOV
+	default y if KERNEL_KCOV
+	help
+	  If you are doing generic system call fuzzing (like e.g. syzkaller),
+	  then you will want to instrument the whole kernel and you should
+	  say y here. If you are doing more targeted fuzzing (like e.g.
+	  filesystem fuzzing with AFL) then you will want to enable coverage
+	  for more specific subsets of files, and should say n here.
 	bool "Compile the kernel with task resource/io statistics and accounting"
 	default n

