Commit a4691dea authored by Vegard Nossum's avatar Vegard Nossum Committed by Linus Torvalds

kcov: allow more fine-grained coverage instrumentation

For more targeted fuzzing, it's better to disable kernel-wide
instrumentation and instead enable it on a per-subsystem basis.  This
follows the pattern of UBSAN and allows you to compile in the kcov
driver without instrumenting the whole kernel.

To instrument a part of the kernel, you can use either

    # for a single file in the current directory
    KCOV_INSTRUMENT_filename.o := y


    # for all the files in the current directory (excluding subdirectories)


    # (same as above)
    ccflags-y += $(CFLAGS_KCOV)


    # for all the files in the current directory (including subdirectories)
    subdir-ccflags-y += $(CFLAGS_KCOV)

Link: default avatarVegard Nossum <>
Cc: Dmitry Vyukov <>
Cc: Quentin Casasnovas <>
Signed-off-by: default avatarAndrew Morton <>
Signed-off-by: default avatarLinus Torvalds <>
parent f1cb637e
......@@ -719,6 +719,17 @@ config KCOV
For more details, see Documentation/kcov.txt.
bool "Instrument all code by default"
depends on KCOV
default y if KCOV
If you are doing generic system call fuzzing (like e.g. syzkaller),
then you will want to instrument the whole kernel and you should
say y here. If you are doing more targeted fuzzing (like e.g.
filesystem fuzzing with AFL) then you will want to enable coverage
for more specific subsets of files, and should say n here.
bool "Debug shared IRQ handlers"
depends on DEBUG_KERNEL
......@@ -138,7 +138,7 @@ endif
ifeq ($(CONFIG_KCOV),y)
_c_flags += $(if $(patsubst n%,, \
$(KCOV_INSTRUMENT_$(basetarget).o)$(KCOV_INSTRUMENT)y), \
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment