mac80211: add KCOV remote annotations to incoming frame processing

Add KCOV remote annotations to ieee80211_iface_work() and
ieee80211_rx_list(). This will enable coverage-guided fuzzing of
mac80211 code that processes incoming 802.11 frames.

Signed-off-by: Aleksandr Nogikh <nogikh@google.com>
Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 1be775979132cb28d3c111d42fc7245c5b733b96..56a1bcea2c1cede4e29d511b61d38906e6f9fbe1 100644 (file)
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1356,6 +1356,7 @@ static void ieee80211_iface_work(struct work_struct *work)
        while ((skb = skb_dequeue(&sdata->skb_queue))) {
                struct ieee80211_mgmt *mgmt = (void *)skb->data;
 
+               kcov_remote_start_common(skb_get_kcov_handle(skb));
                if (ieee80211_is_action(mgmt->frame_control) &&
                    mgmt->u.action.category == WLAN_CATEGORY_BACK) {
                        int len = skb->len;
@@ -1465,6 +1466,7 @@ static void ieee80211_iface_work(struct work_struct *work)
                }
 
                kfree_skb(skb);
+               kcov_remote_stop();
        }
 
        /* then other type-dependent work */

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 1e2e5a406d58759433e6f0d3b7e60aaa87744167..09d1c9fb88724c7deace1996502f130cfe257524 100644 (file)
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -4742,6 +4742,8 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
 
        status->rx_flags = 0;
 
+       kcov_remote_start_common(skb_get_kcov_handle(skb));
+
        /*
         * Frames with failed FCS/PLCP checksum are not returned,
         * all other frames are returned without radiotap header
@@ -4749,15 +4751,15 @@ void ieee80211_rx_list(struct ieee80211_hw *hw, struct ieee80211_sta *pubsta,
         * Also, frames with less than 16 bytes are dropped.
         */
        skb = ieee80211_rx_monitor(local, skb, rate);
-       if (!skb)
-               return;
-
-       ieee80211_tpt_led_trig_rx(local,
-                       ((struct ieee80211_hdr *)skb->data)->frame_control,
-                       skb->len);
+       if (skb) {
+               ieee80211_tpt_led_trig_rx(local,
+                                         ((struct ieee80211_hdr *)skb->data)->frame_control,
+                                         skb->len);
 
-       __ieee80211_rx_handle_packet(hw, pubsta, skb, list);
+               __ieee80211_rx_handle_packet(hw, pubsta, skb, list);
+       }
 
+       kcov_remote_stop();
        return;
  drop:
        kfree_skb(skb);