Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andrey Ryabinin <a.ryabinin@samsung.com>
To: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Michal Marek <mmarek@suse.cz>,
	Sasha Levin <sasha.levin@oracle.com>,
	x86@kernel.org, linux-kbuild@vger.kernel.org,
	linux-kernel@vger.kernel.org, Theodore Ts'o <tytso@mit.edu>,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	Dmitry Vyukov <dvyukov@google.com>,
	Konstantin Khlebnikov <koct9i@gmail.com>
Subject: Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker
Date: Wed, 22 Oct 2014 15:16:53 +0400	[thread overview]
Message-ID: <54479225.9030507@samsung.com> (raw)
In-Reply-To: <871tq077dt.fsf@rasmusvillemoes.dk>

On 10/22/2014 01:58 PM, Rasmus Villemoes wrote:
> On Mon, Oct 20 2014, Andrey Ryabinin <a.ryabinin@samsung.com> wrote:
> 
>> UBSan uses compile-time instrumentation to catch undefined behavior (UB).
>> Compiler inserts code that perform certain kinds of
>> checks before operations that could cause UB.
>> If check fails (i.e. UB detected) __ubsan_handle_* function called.
>> to print error message.
>>
>> So the most of the work is done by compiler.
>> This patch just implements ubsan handlers printing errors.
>>
>> GCC supports this since 4.9, however upcoming GCC 5.0 has
>> more checkers implemented.
> 
> [...]
> 
>> +
>> +#define REPORTED_BIT 31
>> +#define COLUMN_MASK (~(1U << REPORTED_BIT))
>> +
>> +static bool is_disabled(struct source_location *location)
>> +{
>> +	return test_and_set_bit(REPORTED_BIT,
>> +				(unsigned long *)&location->column);
>> +}
> 
> [...]
> 
>> +struct source_location {
>> +	const char *file_name;
>> +	u32 line;
>> +	u32 column;
>> +};
> 
> 
> AFAICT, this introduces UB and/or memory corruption on big-endian
> systems with BITS_PER_LONG==64. (Also, on both LE and BE 64 bit systems,
> there's the issue of the alignment of location->column, which is likely
> to be 4-but-not-8 byte aligned).
> 

You are right. This should fix it:

diff --git a/lib/ubsan.c b/lib/ubsan.c
index 7788f47..cfdf017 100644
--- a/lib/ubsan.c
+++ b/lib/ubsan.c
@@ -53,18 +53,24 @@ static bool handler_enabled(unsigned int handler)
 }

 #define REPORTED_BIT 31
-#define COLUMN_MASK (~(1U << REPORTED_BIT))
+
+#if (BITS_PER_LONG == 64) && defined(__BIG_ENDIAN)
+#define COLUMN_MASK (~(1U << REPORTED_BIT)
+#define LINE_MASK   (~0U)
+#else
+#define COLUMN_MASK (~0U)
+#define LINE_MASK   (~(1U << REPORTED_BIT))
+#endif

 static bool is_disabled(struct source_location *location)
 {
-	return test_and_set_bit(REPORTED_BIT,
-				(unsigned long *)&location->column);
+	return test_and_set_bit(REPORTED_BIT, &location->reported);
 }

 static void print_source_location(const char *prefix, struct source_location *loc)
 {
 	pr_err("%s %s:%d:%d\n", prefix, loc->file_name,
-		loc->line, loc->column & COLUMN_MASK);
+		loc->line & LINE_MASK, loc->column & COLUMN_MASK);
 }

 static bool type_is_int(struct type_descriptor *type)
diff --git a/lib/ubsan.h b/lib/ubsan.h
index e2d8634..8965591 100644
--- a/lib/ubsan.h
+++ b/lib/ubsan.h
@@ -15,8 +15,13 @@ struct type_descriptor {

 struct source_location {
 	const char *file_name;
-	u32 line;
-	u32 column;
+	union {
+		unsigned long reported;
+		struct {
+			u32 line;
+			u32 column;
+		};
+	};
 };

 struct overflow_data {


> Is the layout of struct source_location dictated by gcc? 
> 

Yes.

> Rasmus
>

next prev parent reply	other threads:[~2014-10-22 11:16 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-20 10:54 [RFC] UBSan: run-time undefined behavior sanity checker Andrey Ryabinin
2014-10-20 10:54 ` [RFC PATCH] " Andrey Ryabinin
2014-10-20 19:35   ` Sasha Levin
2014-10-21  8:03     ` Andrey Ryabinin
2014-10-24  8:31       ` y.gribov
2014-10-24 10:36         ` Andrey Ryabinin
2014-10-21  9:47   ` Peter Zijlstra
2014-10-21 10:09     ` Andrey Ryabinin
2014-10-24 10:30       ` Peter Zijlstra
2014-10-21 17:06   ` Randy Dunlap
2014-10-22  9:58   ` Rasmus Villemoes
2014-10-22 11:16     ` Andrey Ryabinin [this message]
2014-10-20 11:03 ` drivers: random: Shift out-of-bounds in _mix_pool_bytes Andrey Ryabinin
2014-10-20 12:49   ` Theodore Ts'o
2014-10-20 13:58     ` Andrey Ryabinin
2014-10-20 14:08       ` Theodore Ts'o
2014-10-20 14:09       ` Daniel Borkmann
2014-10-20 14:13         ` Sasha Levin
2014-10-20 14:16         ` Theodore Ts'o
2014-10-20 14:42           ` Andrey Ryabinin
2014-10-24 10:01           ` Peter Zijlstra
2014-10-24 10:16             ` Andrey Ryabinin
2014-10-24 13:23             ` Sasha Levin
2014-10-24 13:42               ` Peter Zijlstra
2014-10-24 15:04                 ` Sasha Levin
2014-10-24 15:10                   ` Dmitry Vyukov
2014-10-24 21:05                     ` One Thousand Gnomes
2014-10-24 22:23                       ` H. Peter Anvin
2014-10-24 22:09                     ` Andreas Dilger
2014-10-24 22:22                       ` H. Peter Anvin
2014-10-25  0:50                         ` Sasha Levin
2014-10-25 20:30                           ` One Thousand Gnomes
2014-10-25 20:49                             ` Andrey Ryabinin
2014-10-20 11:07 ` kernel: clockevents: shift out-of-bounds Andrey Ryabinin
2014-10-24 10:25   ` Peter Zijlstra
2014-10-20 11:16 ` fs: ext4: mballoc: negative shift exponent Andrey Ryabinin
2014-10-20 11:23 ` jbd2: revoke: negative shift exponent in hash() Andrey Ryabinin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7788f47 dfblob:cfdf017 dfblob:e2d8634 dfblob:8965591 )
 OR (
bs:"Re: [RFC PATCH] UBSan: run-time undefined behavior sanity checker" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54479225.9030507@samsung.com \
    --to=a.ryabinin@samsung.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=akpm@linux-foundation.org \
    --cc=dvyukov@google.com \
    --cc=hpa@zytor.com \
    --cc=koct9i@gmail.com \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux@rasmusvillemoes.dk \
    --cc=mingo@redhat.com \
    --cc=mmarek@suse.cz \
    --cc=peterz@infradead.org \
    --cc=sasha.levin@oracle.com \
    --cc=tglx@linutronix.de \
    --cc=tytso@mit.edu \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.