This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCHv4] Enable -fsanitize-recover for KASan

From: Jakub Jelinek <jakub at redhat dot com>
To: Andrey Ryabinin <a dot ryabinin at samsung dot com>
Cc: Yury Gribov <y dot gribov at samsung dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, Konstantin Serebryany <konstantin dot s dot serebryany at gmail dot com>, Dmitry Vyukov <dvyukov at google dot com>, Konstantin Khlebnikov <k dot khlebnikov at samsung dot com>
Date: Thu, 23 Oct 2014 12:16:49 +0200
Subject: Re: [PATCHv4] Enable -fsanitize-recover for KASan
Authentication-results: sourceware.org; auth=none
References: <54095E23 dot 6050900 at samsung dot com> <5416B3A2 dot 4050200 at samsung dot com> <54299507 dot 7090800 at samsung dot com> <5448AA21 dot 9080601 at samsung dot com> <20141023071353 dot GY10376 at tucnak dot redhat dot com> <5448AE0D dot 2080207 at samsung dot com> <5448CF90 dot 2040001 at samsung dot com> <20141023095532 dot GD10376 at tucnak dot redhat dot com> <5448D3EB dot 9030402 at samsung dot com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Thu, Oct 23, 2014 at 02:09:47PM +0400, Andrey Ryabinin wrote:
> On 10/23/2014 01:55 PM, Jakub Jelinek wrote:
> > On Thu, Oct 23, 2014 at 01:51:12PM +0400, Andrey Ryabinin wrote:
> >> IMO we don't need different versions of __asan_load* and __asan_load*_noabort, because
> >> -fno-sanitize-recover=kernel-address will never work with the linux kernel.
> >>
> >> I already said this before, and repeat this once again:
> >> There is few places in kernel where we validly touch poisoned memory,
> >> so we need to disable error reporting in runtime for such memory accesses.
> >> I use per-thread flag which is raised before the valid access to poisoned memory.
> >> This flag checked in __asan_report*() function. If it raised then we shouldn't print any error message,
> >> just silently exit from report.
> > 
> > Can't you just use __attribute__((no_sanitize_address)) on the functions
> > that have such a code?  Or you could use special macros for those accesses
> > (which could e.g. call function to read memory or write memory, implemented
> > in assembly or in __attribute__((no_sanitize_address)) function), or
> 
> Those are quite generic functions used from a lot of places. So we want to instrument
> them in general, but there are few call sites which use those functions for poisoned memory.

Actually, -fsanitize=kernel-address forcibly uses function calls (i.e.
__asan_load* etc. rather than __asan_report_load* only if inline shadow
memory test suggested there is a problem).
So, at that point you can include your ugly hacks in __asan_load* logic in
the kernel, the difference between __asan_load4 and __asan_load4_noabort
will be just that the latter will always return, while the former will not
if some error has been reported.
All the __asan_load* and __asan_store* entrypoints, regardless of
-f{,no-}sanitize-recover=kernel-address are by definition not noreturn, they
in the common case (if the code is not buggy) return.

	Jakub

Follow-Ups:
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Yury Gribov

References:
- [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Yury Gribov
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Jakub Jelinek
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Yury Gribov
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Andrey Ryabinin
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Jakub Jelinek
- Re: [PATCHv4] Enable -fsanitize-recover for KASan
  - From: Andrey Ryabinin

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]