提交 261e411b 编写于 作者: A Aleksandr Nogikh 提交者: Jakub Kicinski

mac80211: add KCOV remote annotations to incoming frame processing

Add KCOV remote annotations to ieee80211_iface_work() and
ieee80211_rx_list(). This will enable coverage-guided fuzzing of
mac80211 code that processes incoming 802.11 frames.
Signed-off-by: NAleksandr Nogikh <nogikh@google.com>
Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: NJakub Kicinski <kuba@kernel.org>
上级 6370cc3b
...@@ -1356,6 +1356,7 @@ static void ieee80211_iface_work(struct work_struct *work) ...@@ -1356,6 +1356,7 @@ static void ieee80211_iface_work(struct work_struct *work)
while ((skb = skb_dequeue(&sdata->skb_queue))) { while ((skb = skb_dequeue(&sdata->skb_queue))) {
struct ieee80211_mgmt *mgmt = (void *)skb->data; struct ieee80211_mgmt *mgmt = (void *)skb->data;
kcov_remote_start_common(skb_get_kcov_handle(skb));
if (ieee80211_is_action(mgmt->frame_control) && if (ieee80211_is_action(mgmt->frame_control) &&
mgmt->u.action.category == WLAN_CATEGORY_BACK) { mgmt->u.action.category == WLAN_CATEGORY_BACK) {
int len = skb->len; int len = skb->len;
...@@ -1465,6 +1466,7 @@ static void ieee80211_iface_work(struct work_struct *work) ...@@ -1465,6 +1466,7 @@ static void ieee80211_iface_work(struct work_struct *work)
} }
kfree_skb(skb); kfree_skb(skb);
kcov_remote_stop();
} }
/* then other type-dependent work */ /* then other type-dependent work */
......
...@@ -4742,6 +4742,8 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta, ...@@ -4742,6 +4742,8 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
status->rx_flags = 0; status->rx_flags = 0;
kcov_remote_start_common(skb_get_kcov_handle(skb));
/* /*
* Frames with failed FCS/PLCP checksum are not returned, * Frames with failed FCS/PLCP checksum are not returned,
* all other frames are returned without radiotap header * all other frames are returned without radiotap header
...@@ -4749,15 +4751,15 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta, ...@@ -4749,15 +4751,15 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
* Also, frames with less than 16 bytes are dropped. * Also, frames with less than 16 bytes are dropped.
*/ */
skb = ieee80211_rx_monitor(local, skb, rate); skb = ieee80211_rx_monitor(local, skb, rate);
if (!skb) if (skb) {
return; ieee80211_tpt_led_trig_rx(local,
((struct ieee80211_hdr *)skb->data)->frame_control,
ieee80211_tpt_led_trig_rx(local, skb->len);
((struct ieee80211_hdr *)skb->data)->frame_control,
skb->len);
__ieee80211_rx_handle_packet(hw, pubsta, skb, list); __ieee80211_rx_handle_packet(hw, pubsta, skb, list);
}
kcov_remote_stop();
return; return;
drop: drop:
kfree_skb(skb); kfree_skb(skb);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册