Merge "Merge android-4.4.110 (5cc8c2ec) into msm-4.4"

therefore you will need a GCC version 4.9.2 or later. GCC 5.0 or later is

required for detection of out-of-bounds accesses to stack or global variables.

Currently KASAN is supported only for x86_64 architecture and requires the

kernel to be built with the SLUB allocator.

Currently KASAN is supported only for x86_64 architecture.

1. Usage

========

the latter is 1.1 - 2 times faster. Inline instrumentation requires a GCC

version 5.0 or later.

Currently KASAN works only with the SLUB memory allocator.

KASAN works with both SLUB and SLAB memory allocators.

For better bug detection and nicer reporting, enable CONFIG_STACKTRACE.

To disable instrumentation for specific files or directories, add a line

kcov: code coverage for fuzzing

===============================

kcov exposes kernel code coverage information in a form suitable for coverage-

guided fuzzing (randomized testing). Coverage data of a running kernel is

exported via the "kcov" debugfs file. Coverage collection is enabled on a task

basis, and thus it can capture precise coverage of a single system call.

Note that kcov does not aim to collect as much coverage as possible. It aims

to collect more or less stable coverage that is function of syscall inputs.

To achieve this goal it does not collect coverage in soft/hard interrupts

and instrumentation of some inherently non-deterministic parts of kernel is

disbled (e.g. scheduler, locking).

Usage:

======

Configure kernel with:

        CONFIG_KCOV=y

CONFIG_KCOV requires gcc built on revision 231296 or later.

Profiling data will only become accessible once debugfs has been mounted:

        mount -t debugfs none /sys/kernel/debug

The following program demonstrates kcov usage from within a test program:

#include <stdio.h>

#include <stddef.h>

#include <stdint.h>

#include <stdlib.h>

#include <sys/types.h>

#include <sys/stat.h>

#include <sys/ioctl.h>

#include <sys/mman.h>

#include <unistd.h>

#include <fcntl.h>

#define KCOV_INIT_TRACE			_IOR('c', 1, unsigned long)

#define KCOV_ENABLE			_IO('c', 100)

#define KCOV_DISABLE			_IO('c', 101)

#define COVER_SIZE			(64<<10)

int main(int argc, char **argv)

{

	int fd;

	unsigned long *cover, n, i;

	/* A single fd descriptor allows coverage collection on a single

	 * thread.

	 */

	fd = open("/sys/kernel/debug/kcov", O_RDWR);

	if (fd == -1)

		perror("open"), exit(1);

	/* Setup trace mode and trace size. */

	if (ioctl(fd, KCOV_INIT_TRACE, COVER_SIZE))

		perror("ioctl"), exit(1);

	/* Mmap buffer shared between kernel- and user-space. */

	cover = (unsigned long*)mmap(NULL, COVER_SIZE * sizeof(unsigned long),

				     PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);

	if ((void*)cover == MAP_FAILED)

		perror("mmap"), exit(1);

	/* Enable coverage collection on the current thread. */

	if (ioctl(fd, KCOV_ENABLE, 0))

		perror("ioctl"), exit(1);

	/* Reset coverage from the tail of the ioctl() call. */

	__atomic_store_n(&cover[0], 0, __ATOMIC_RELAXED);

	/* That's the target syscal call. */

	read(-1, NULL, 0);

	/* Read number of PCs collected. */

	n = __atomic_load_n(&cover[0], __ATOMIC_RELAXED);

	for (i = 0; i < n; i++)

		printf("0x%lx\n", cover[i + 1]);

	/* Disable coverage collection for the current thread. After this call

	 * coverage can be enabled for a different thread.

	 */

	if (ioctl(fd, KCOV_DISABLE, 0))

		perror("ioctl"), exit(1);

	/* Free resources. */

	if (munmap(cover, COVER_SIZE * sizeof(unsigned long)))

		perror("munmap"), exit(1);

	if (close(fd))

		perror("close"), exit(1);

	return 0;

}

After piping through addr2line output of the program looks as follows:

SyS_read

fs/read_write.c:562

__fdget_pos

fs/file.c:774

__fget_light

fs/file.c:746

__fget_light

fs/file.c:750

__fget_light

fs/file.c:760

__fdget_pos

fs/file.c:784

SyS_read

fs/read_write.c:562

If a program needs to collect coverage from several threads (independently),

it needs to open /sys/kernel/debug/kcov in each thread separately.

The interface is fine-grained to allow efficient forking of test processes.

That is, a parent process opens /sys/kernel/debug/kcov, enables trace mode,

mmaps coverage buffer and then forks child processes in a loop. Child processes

only need to enable coverage (disable happens automatically on thread end).

	nointroute	[IA-64]

	noinvpcid	[X86] Disable the INVPCID cpu feature.

	nojitter	[IA-64] Disables jitter checking for ITC timers.

	nopti		[X86-64] Disable KAISER isolation of kernel from user.

	no-kvmclock	[X86,KVM] Disable paravirtualized KVM clock driver

	no-kvmapf	[X86,KVM] Disable paravirtualized asynchronous page

	nopat		[X86] Disable PAT (page attribute table extension of

			pagetables) support.

	nopcid		[X86-64] Disable the PCID cpu feature.

	norandmaps	Don't use address space randomization.  Equivalent to

			echo 0 > /proc/sys/kernel/randomize_va_space

	pt.		[PARIDE]

			See Documentation/blockdev/paride.txt.

	pti=		[X86_64]

			Control KAISER user/kernel address space isolation:

			on - enable

			off - disable

			auto - default setting

	pty.legacy_count=

			[KNL] Number of legacy pty's. Overwrites compiled-in

			default number.

F:	Documentation/hwmon/k8temp

F:	drivers/hwmon/k8temp.c

KASAN

M:	Andrey Ryabinin <aryabinin@virtuozzo.com>

R:	Alexander Potapenko <glider@google.com>

R:	Dmitry Vyukov <dvyukov@google.com>

L:	kasan-dev@googlegroups.com

S:	Maintained

F:	arch/*/include/asm/kasan.h

F:	arch/*/mm/kasan_init*

F:	Documentation/kasan.txt

F:	include/linux/kasan*.h

F:	lib/test_kasan.c

F:	mm/kasan/

F:	scripts/Makefile.kasan

KCONFIG

M:	"Yann E. MORIN" <yann.morin.1998@free.fr>

L:	linux-kbuild@vger.kernel.org

VERSION = 4

PATCHLEVEL = 4

SUBLEVEL = 105

SUBLEVEL = 110

EXTRAVERSION =

NAME = Blurry Fish Butt

CFLAGS_KERNEL	=

AFLAGS_KERNEL	=

CFLAGS_GCOV	= -fprofile-arcs -ftest-coverage -fno-tree-loop-im

CFLAGS_KCOV	= -fsanitize-coverage=trace-pc

# Use USERINCLUDE when you must reference the UAPI directories only.

export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS

export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS

export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KASAN CFLAGS_UBSAN

export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KCOV CFLAGS_KASAN CFLAGS_UBSAN

export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE

export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE

export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL

endif

KBUILD_CFLAGS += $(stackp-flag)

ifdef CONFIG_KCOV

  ifeq ($(call cc-option, $(CFLAGS_KCOV)),)

    $(warning Cannot use CONFIG_KCOV: \

             -fsanitize-coverage=trace-pc is not supported by compiler)

    CFLAGS_KCOV =

  endif

endif

ifeq ($(cc-name),clang)

ifneq ($(CROSS_COMPILE),)

CLANG_TRIPLE    ?= $(CROSS_COMPILE)

# disable invalid "can't wrap" optimizations for signed / pointers

KBUILD_CFLAGS	+= $(call cc-option,-fno-strict-overflow)

# Make sure -fstack-check isn't enabled (like gentoo apparently did)

KBUILD_CFLAGS  += $(call cc-option,-fno-stack-check,)

# conserve stack if available

KBUILD_CFLAGS   += $(call cc-option,-fconserve-stack)