[PATCHv4] Enable -fsanitize-recover for KASan

Andrey Ryabinin a.ryabinin@samsung.com
Thu Oct 23 09:55:00 GMT 2014 

On 10/23/2014 11:28 AM, Yury Gribov wrote:
> On 10/23/2014 11:13 AM, Jakub Jelinek wrote:
>> On Thu, Oct 23, 2014 at 11:11:29AM +0400, Yury Gribov wrote:
>>> Hi all,
>>>
>>> On 09/29/2014 09:21 PM, Yury Gribov wrote:
>>>>>> This patch enables -fsanitize-recover for KASan by default. This causes
>>>>>> KASan to continue execution after error in case of inline
>>>>>> instrumentation. This feature is needed because
>>>>>> - reports during early bootstrap won't even be printed
>>>>>> - needed to run all tests w/o rebooting machine for every test
>>>>>> - needed for interactive work on desktop
>>>>
>>>> This is the third version of patch which renames -fsanitize-recover to
>>>> -fubsan-recover and introduces -fasan-recover (enabled by default for
>>>> KASan). It also moves flag handling to finish_options per Jakub's request.
>>>
>>> A new version of patch based upon Jakub's recent changes to
>>> -fsanitize-recover=.  I've renamed __asan_report_recover_load* to
>>> __asan_report_load*_noabort to match UBSan's style.
>>>
>>> Note that currently -fsanitize=kernel-address
>>> -fno-sanitize-recover=kernel-address won't work as expected because we miss
>>> __asan_load*_abort family of functions in libasan.
>>
>> I thought __asan_* functions are provided by the kernel, not libasan, for
>> -fsanitize=kernel-address.  Or is kernel linked with real libasan.a or
>> some stripped down version thereof?
> 
> Hm, right, libasan is not linked to kernel so it indeed does not need any changes.  But now I see that for -fsanitize=kernel-address we need both __asan_load* and __asan_load*_noabort (the latter
> being default) depending on -fsanitize-recover setting.  Let me update the patch for this.
> 

IMO we don't need different versions of __asan_load* and __asan_load*_noabort, because
-fno-sanitize-recover=kernel-address will never work with the linux kernel.

I already said this before, and repeat this once again:
There is few places in kernel where we validly touch poisoned memory,
so we need to disable error reporting in runtime for such memory accesses.
I use per-thread flag which is raised before the valid access to poisoned memory.
This flag checked in __asan_report*() function. If it raised then we shouldn't print any error message,
just silently exit from report.
-fno-sanitize-recover=kernel-address will just cause early kernel crash on boot, so we will never use it.

More information about the Gcc-patches mailing list