Implement kernel sanitizers #2527
Conversation
ThFabba
left a comment
There was a problem hiding this comment.
User mode sanitizers should be implemented in mingw-w64
We generally implement our own runtime and try not to rely on the compiler's so this isn't obvious to me. Can you elaborate?
| * A proper solution would need probably a lock-free bounded queue built | ||
| * with atomic operations with the property of miltiple consumers and | ||
| * multiple producers. Maintaining and validating such code is not | ||
| * worth the effort. |
There was a problem hiding this comment.
Hey we might have such a thing... SLISTs! ;)
Add SANITIZE_UB switch for enabling -fsanitize=undefined on binaries
Do not return STATUS_NOT_IMPLEMENTED on things we actually handle
The usermode runtime for sanitizers is not that easy thing to do, so better reuse what others do. Looking at it a year after, seems like the best option would be to finally adopt LLVM's libc++ and use their sanitizer facilities |
|
Example outputs (these are real messages from current master) |
HBelusca
left a comment
There was a problem hiding this comment.
I was wondering: Isn't it this library that requires the usage of a specific memory area (allocated by the kernel) for doing its job? If so, where is it initialized?
| @@ -1,389 +1,386 @@ | |||
| # Generated from R:\build\master\gcc | |||
| # Generated from /home/victor/Documents/reactos/build/libsan | |||
| # we have too many alignment warnings at the moment | ||
| target_compile_options(${MODULE} PRIVATE "-fsanitize=undefined;-fno-sanitize=alignment") | ||
|
|
||
| # win32k&dependencies require a special version of ksanitize |
There was a problem hiding this comment.
| # win32k&dependencies require a special version of ksanitize | |
| # win32k & dependencies require a special version of ksanitize |
|
|
||
| target_link_libraries(ntoskrnl cportlib csq ${PSEH_LIB} arbiter cmlib ntlsalib rtl ${ROSSYM_LIB} libcntpr wdmguid ioevent) | ||
|
|
||
| # dynamic analysis switches |
There was a problem hiding this comment.
| # dynamic analysis switches | |
| # Dynamic analysis switches |
Not yet, UndefinedBehaviorSanitizer is simple in that regard - doesn't need anything from the kernel. I'm working on AddressSanitizer - that will require a special area to be reserved |
|
|
||
| if(CMAKE_C_COMPILER_ID STREQUAL "GNU") | ||
| target_compile_options(udfs PRIVATE -Wno-unused-but-set-variable) | ||
| target_compile_options(udfs PRIVATE -Wno-unused-but-set-variable -Wno-stringop-overflow) |
There was a problem hiding this comment.
Why for this PR ? Maybe we should fix them.
There was a problem hiding this comment.
Oh, that's the UDF driver, I don't really want to look into it :D
There was a problem hiding this comment.
But that's a general problem - when various optimization levels are enabled, different errors pop up here and there
| #endif | ||
|
|
||
| #ifdef __SANITIZE_UB__ | ||
| #define NO_SANITIZE __attribute__ ((no_sanitize("undefined"))) |
There was a problem hiding this comment.
I'd prefer to have it in crtdefs.h as
/* -fsanitize control */
#if defined(__GNUC__) || defined(__clang__)
# define ATTRIBUTE_NO_SANITIZE(__x) __attribute__((__no_sanitize__(__x)))
#else
# define ATTRIBUTE_NO_SANITIZE(__x)
#endif
This makes it clearer that you want to disable this or that sanitizer, and allows disabling more than one for them with e.g ATTRIBUTE_NO_SANITIZE("thread,undefined")
There was a problem hiding this comment.
Ahemmm... until we see whether there are other functions in our code base that may need the sanitizer to not be applied on them, it might be better to keep that only where it's needed (so far just the kernel), and not pollute our CRT with unrelated stuff. And even if you would want to move that into some global header, a specific separate one might be better.
There was a problem hiding this comment.
until we see whether there are other functions in our code base that may need the sanitizer to not be applied on them
I have some 😄
And even if you would want to move that into some global header, a specific separate one might be better.
crtdefs already has some of those GCC/clang/MSVC enabled/disabled stuff. And this is the point of it: abstract the compiler specific stuff
There was a problem hiding this comment.
Dunno... I see sanitizer stuff as something separate from compiler 🤷
There was a problem hiding this comment.
Well, it is the compiler instrumenting generated binaries in order to make the relevant checks. It can't be closer to compiler than that 😉
There was a problem hiding this comment.
@HBelusca check this article for example - explains how Address Sanitizer works https://lwn.net/Articles/612153/
|
Maybe you want to add object files to import libraries with |
|
This PR is stale because it received no updates in the last 4 months. Without removing the stale label, or commenting on this ticket it will be closed in 2 weeks. |
Add SANITIZE_UB switch for enabling -fsanitize=undefined on binaries PR #2527
Add SANITIZE_UB switch for enabling -fsanitize=undefined on binaries PR #2527
Add SANITIZE_UB switch for enabling -fsanitize=undefined on binaries PR #2527
Add SANITIZE_UB switch for enabling -fsanitize=undefined on binaries PR #2527
Jira issue: CORE-15771
TODO:
-fsanitize=undefined)-fsanitize=nullability*group of checks-fsanitize=address)