#ifndef _KSANCOV_H_
#define _KSANCOV_H_
#include <stdint.h>
#include <stdatomic.h>
#include <sys/ioccom.h>
#define KSANCOV_DEVNODE "ksancov"
#define KSANCOV_PATH "/dev/" KSANCOV_DEVNODE
struct ksancov_buf_desc {
uintptr_t ptr;
size_t sz;
};
#define KSANCOV_IOC_TRACE _IOW('K', 1, size_t)
#define KSANCOV_IOC_COUNTERS _IO('K', 2)
#define KSANCOV_IOC_MAP _IOWR('K', 8, struct ksancov_buf_desc)
#define KSANCOV_IOC_MAP_EDGEMAP _IOWR('K', 9, struct ksancov_buf_desc)
#define KSANCOV_IOC_START _IOW('K', 10, uintptr_t)
#define KSANCOV_IOC_NEDGES _IOR('K', 50, size_t)
#define KSANCOV_IOC_TESTPANIC _IOW('K', 20, uint64_t)
#define KSANCOV_MAX_EDGES 512UL*1024
#define KSANCOV_MAX_HITS UINT8_MAX
#define KSANCOV_TRACE_MAGIC (uint32_t)0x5AD17F5BU
#define KSANCOV_COUNTERS_MAGIC (uint32_t)0x5AD27F6BU
#define KSANCOV_EDGEMAP_MAGIC (uint32_t)0x5AD37F7BU
struct ksancov_header {
uint32_t magic;
_Atomic uint32_t enabled;
};
struct ksancov_trace {
union {
struct ksancov_header hdr;
struct {
uint32_t magic;
_Atomic uint32_t enabled;
};
};
uintptr_t offset;
uint32_t maxpcs;
_Atomic uint32_t head;
uint32_t pcs[];
};
struct ksancov_counters {
union {
struct ksancov_header hdr;
struct {
uint32_t magic;
_Atomic uint32_t enabled;
};
};
uint32_t nedges;
uint8_t hits[];
};
struct ksancov_edgemap {
uint32_t magic;
uint32_t nedges;
uintptr_t offset;
uint32_t addrs[];
};
#if XNU_KERNEL_PRIVATE
#if defined(__x86_64__) || defined(__i386__)
#define KSANCOV_PC_OFFSET VM_MIN_KERNEL_ADDRESS
#elif defined(__arm__) || defined(__arm64__)
#define KSANCOV_PC_OFFSET VM_KERNEL_LINK_ADDRESS
#else
#error "Unsupported platform"
#endif
int ksancov_init_dev(void);
void **__sanitizer_get_thread_data(thread_t);
extern void __sanitizer_cov_trace_pc_guard(uint32_t *guard);
extern void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop);
extern void __sanitizer_cov_pcs_init(uintptr_t *start, uintptr_t *stop);
extern void __sanitizer_cov_trace_pc(void);
extern void __sanitizer_cov_trace_pc_indirect(void *callee);
#endif
#ifndef KERNEL
#include <strings.h>
#include <assert.h>
#include <unistd.h>
static inline int
ksancov_open(void)
{
return open(KSANCOV_PATH, 0);
}
static inline int
ksancov_map(int fd, uintptr_t *buf, size_t *sz)
{
int ret;
struct ksancov_buf_desc mc = {0};
ret = ioctl(fd, KSANCOV_IOC_MAP, &mc);
if (ret == -1) {
return errno;
}
*buf = mc.ptr;
if (sz) {
*sz = mc.sz;
}
struct ksancov_trace *trace = (void *)mc.ptr;
assert(trace->magic == KSANCOV_TRACE_MAGIC ||
trace->magic == KSANCOV_COUNTERS_MAGIC);
return 0;
}
static inline int
ksancov_map_edgemap(int fd, uintptr_t *buf, size_t *sz)
{
int ret;
struct ksancov_buf_desc mc = {0};
ret = ioctl(fd, KSANCOV_IOC_MAP_EDGEMAP, &mc);
if (ret == -1) {
return errno;
}
*buf = mc.ptr;
if (sz) {
*sz = mc.sz;
}
struct ksancov_trace *trace = (void *)mc.ptr;
assert(trace->magic == KSANCOV_EDGEMAP_MAGIC);
return 0;
}
static inline size_t
ksancov_nedges(int fd)
{
size_t nedges;
int ret = ioctl(fd, KSANCOV_IOC_NEDGES, &nedges);
if (ret == -1) {
return SIZE_MAX;
}
return nedges;
}
static inline int
ksancov_mode_trace(int fd, size_t entries)
{
int ret;
ret = ioctl(fd, KSANCOV_IOC_TRACE, &entries);
if (ret == -1) {
return errno;
}
return 0;
}
static inline int
ksancov_mode_counters(int fd)
{
int ret;
ret = ioctl(fd, KSANCOV_IOC_COUNTERS);
if (ret == -1) {
return errno;
}
return 0;
}
static inline int
ksancov_thread_self(int fd)
{
int ret;
uintptr_t th = 0;
ret = ioctl(fd, KSANCOV_IOC_START, &th);
if (ret == -1) {
return errno;
}
return 0;
}
static inline int
ksancov_start(void *buf)
{
struct ksancov_header *hdr = (struct ksancov_header *)buf;
atomic_store_explicit(&hdr->enabled, 1, memory_order_relaxed);
return 0;
}
static inline int
ksancov_stop(void *buf)
{
struct ksancov_header *hdr = (struct ksancov_header *)buf;
atomic_store_explicit(&hdr->enabled, 0, memory_order_relaxed);
return 0;
}
static inline int
ksancov_reset(void *buf)
{
struct ksancov_header *hdr = (struct ksancov_header *)buf;
if (hdr->magic == KSANCOV_TRACE_MAGIC) {
struct ksancov_trace *trace = (struct ksancov_trace *)buf;
atomic_store_explicit(&trace->head, 0, memory_order_relaxed);
} else if (hdr->magic == KSANCOV_COUNTERS_MAGIC) {
struct ksancov_counters *counters = (struct ksancov_counters *)buf;
bzero(counters->hits, counters->nedges);
} else {
return EINVAL;
}
return 0;
}
static inline uintptr_t
ksancov_edge_addr(struct ksancov_edgemap *addrs, size_t idx)
{
assert(addrs);
if (idx >= addrs->nedges) {
return 0;
}
return addrs->addrs[idx] + addrs->offset;
}
static inline size_t
ksancov_trace_max_pcs(struct ksancov_trace *trace)
{
return trace->maxpcs;
}
static inline uintptr_t
ksancov_trace_offset(struct ksancov_trace *trace)
{
assert(trace);
return trace->offset;
}
static inline size_t
ksancov_trace_head(struct ksancov_trace *trace)
{
size_t maxlen = trace->maxpcs;
size_t head = atomic_load_explicit(&trace->head, memory_order_acquire);
return head < maxlen ? head : maxlen;
}
static inline uintptr_t
ksancov_trace_entry(struct ksancov_trace *trace, size_t i)
{
if (i >= trace->head) {
return 0;
}
return trace->pcs[i] + trace->offset;
}
#endif
#endif