On Thu, Jun 11, 2026 at 6:21 PM Yunseong Kim <[email protected]> wrote: > > Add a new tracking mechanism that captures function arguments/return > values at instrumented function boundaries via submitted as an LLVM > RFC SanitizerCoverage callbacks: > > __sanitizer_cov_trace_args > __sanitizer_cov_trace_ret > > This requires a custom LLVM/Clang build with the trace-args/ret passes: > > LLVM RFC: > > > https://discourse.llvm.org/t/rfc-sanitizercoverage-add-fsanitize-coverage-trace-args-trace-ret/91026 > > LLVM PR: > > https://github.com/llvm/llvm-project/pull/201410 > > Clone and build toolchain: > > git clone --recursive --depth 1 --shallow-submodules \ > --jobs `nproc` https://github.com/yskzalloc/kcov-dataflow.git > cd kcov-dataflow > > cd llvm-project > cmake -S llvm -B build -G Ninja \ > -DCMAKE_BUILD_TYPE=Release \ > -DCMAKE_C_COMPILER=clang \ > -DCMAKE_CXX_COMPILER=clang++ \ > -DLLVM_ENABLE_LLD=ON \ > -DLLVM_ENABLE_PROJECTS="clang;lld" \ > -DLLVM_TARGETS_TO_BUILD="X86;AArch64" > ninja -C build > cd .. > > Build and boot kernel (using virtme-ng): > > export PATH=$PWD/llvm-project/build/bin:$PATH > cd linux > vng --build \ > --configitem CONFIG_KCOV=y \ > --configitem CONFIG_KCOV_DATAFLOW_ARGS=y \ > --configitem CONFIG_KCOV_DATAFLOW_RET=y \ > --configitem CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL=y \ > --configitem CONFIG_DEBUG_INFO=y \ > --configitem CONFIG_RUST=y # for rust module kselftest > LLVM=1 CC=clang > > Core implementation in kernel/kcov_dataflow.c (separating from kcov.c > as Alexander's request): > - Per-task lock-free ring buffer via debugfs kcov_dataflow device > - READ_ONCE/WRITE_ONCE atomic pattern (tested on arm64) > - copy_from_kernel_nofault() for safe struct field reads > - in_task() guard rejects interrupt context > - Bit-31 recursion guard prevents INSTRUMENT_ALL re-entry > > Build system (scripts/Makefile.kcov, scripts/Makefile.lib): > - CFLAGS_KCOV_DATAFLOW: -fsanitize-coverage=trace-args,trace-ret > - RUSTFLAGS_KCOV_DATAFLOW: -Cllvm-args=-sanitizer-coverage-trace-args/ret > - Per-file opt-in: KCOV_DATAFLOW_file.o := y > - Respects KCOV_INSTRUMENT := n for noinstr exclusion > - CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL for whole-kernel > > Kconfig (lib/Kconfig.debug): > - CONFIG_KCOV_DATAFLOW_ARGS / CONFIG_KCOV_DATAFLOW_RET > - Depends on CONFIG_KCOV and CONFIG_DEBUG_INFO > - CONFIG_KCOV_DATAFLOW_NO_INLINE (default n) > - CONFIG_KCOV_DATAFLOW_INSTRUMENT_ALL > > Also fix rust/kernel/str.rs unused import (flags::* -> flags::GFP_KERNEL) > which newer rustc (1.98-nightly) rejects as a hard error. > > Rust support requires rustc built against the custom LLVM with > trace-args/ret passes compiled in: > > https://github.com/yskzalloc/rust > > Link: https://github.com/yskzalloc/kcov-dataflow/ > Cc: Alexander Potapenko <[email protected]> > Cc: Peter Zijlstra <[email protected]> > Cc: Nicolas Schier <[email protected]> > Signed-off-by: Yunseong Kim <[email protected]> > --- > include/linux/sched.h | 10 ++ > kernel/Makefile | 3 + > kernel/kcov.c | 2 + > kernel/kcov_dataflow.c | 324 > +++++++++++++++++++++++++++++++++++++++++++++++++
I think the total size of kcov_dataflow.c doesn't justify splitting it in multiple patches.
