From: Daniele Buono <dbuono@linux.vnet.ibm.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
thuth@redhat.com, Tobin Feldman-Fitzthum <tobin@ibm.com>,
qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH 4/4] check-block: Enable iotests with SafeStack
Date: Fri, 22 May 2020 11:35:42 -0400 [thread overview]
Message-ID: <dc422d29-131b-a5a8-ee10-6dccff7caea4@linux.vnet.ibm.com> (raw)
In-Reply-To: <20200521095902.GD251811@stefanha-x1.localdomain>
On 5/21/2020 5:59 AM, Stefan Hajnoczi wrote:
> On Wed, Apr 29, 2020 at 03:44:20PM -0400, Daniele Buono wrote:
>> SafeStack is a stack protection technique implemented in llvm. It is
>> enabled with a -fsanitize flag.
>> iotests are currently disabled when any -fsanitize option is used.
>> Since SafeStack is useful on production environments, and its
>> implementation may break the binary, filter it out when the check is
>> performed, so that if SafeStack was the only -fsanitize option, iotests
>> are still performed.
>
> I can't parse this sentence. What does "its implementation may break the
> binary" mean? Do you mean it's worth running tests with SafeStack
> enabled because it exposes failures that go unnoticed without SafeStack?
What I meant is that, without proper changes, SafeStack breaks
co-routines. Since they are heavily used in the io subsystem, this is
probably the best class of tests to make sure co-routines are working
fine with SafeStack.
I initially re-enabled the iotests for my internal testing.
Since I wasn't seeing any issue, I thought it would be useful to keep
running this to make sure future implementations of SafeStack won't
break co-routines again.
>
>>
>> Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
>> ---
>> tests/check-block.sh | 12 +++++++++++-
>> 1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/tests/check-block.sh b/tests/check-block.sh
>> index ad320c21ba..8e29c868e5 100755
>> --- a/tests/check-block.sh
>> +++ b/tests/check-block.sh
>> @@ -21,7 +21,17 @@ if grep -q "CONFIG_GPROF=y" config-host.mak 2>/dev/null ; then
>> exit 0
>> fi
>>
>> -if grep -q "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ; then
>> +# Disable tests with any sanitizer except for SafeStack
>> +CFLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null )
>> +SANITIZE_FLAGS=""
>> +#Remove all occurrencies of -fsanitize=safe-stack
>> +for i in ${CFLAGS}; do
>> + if [ "${i}" != "-fsanitize=safe-stack" ]; then
>> + SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}"
>> + fi
>> +done
>> +if echo ${SANITIZE_FLAGS} | grep -q "\-fsanitize" 2>/dev/null; then
>> + # Have a sanitize flag that is not allowed, stop
>> echo "Sanitizers are enabled ==> Not running the qemu-iotests."
>> exit 0
>> fi
>
> The commit that disabled check-block.sh with sanitizers said:
>
> The sanitizers (especially the address sanitizer from Clang) are
> sometimes printing out warnings or false positives - this spoils
> the output of the iotests, causing some of the tests to fail.
>
> It seems fine to allow SafeStack if check-block.sh currently passes with
> it enabled. Does it pass and produce no extra output?
>
Yes, that was the idea. SafeStack should pass the tests without extra
output.
It did (pass) on my testing machine. However I don't remember if I did
the full (slow) check or only the partial one.
Will check again before I submit v2
> Stefan
>
next prev parent reply other threads:[~2020-05-22 15:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-29 19:44 [PATCH 0/4] Add support for SafeStack Daniele Buono
2020-04-29 19:44 ` [PATCH 1/4] coroutine: support SafeStack in ucontext backend Daniele Buono
2020-05-21 9:44 ` Stefan Hajnoczi
2020-05-22 15:18 ` Daniele Buono
2020-05-27 10:34 ` Stefan Hajnoczi
2020-04-29 19:44 ` [PATCH 2/4] coroutine: Add check for SafeStack in sigalstack Daniele Buono
2020-05-04 14:56 ` Philippe Mathieu-Daudé
2020-05-21 9:49 ` Stefan Hajnoczi
2020-05-27 17:56 ` Daniele Buono
2020-04-29 19:44 ` [PATCH 3/4] configure: add flag to enable SafeStack Daniele Buono
2020-05-21 9:52 ` Stefan Hajnoczi
2020-05-22 15:24 ` Daniele Buono
2020-05-27 11:12 ` Stefan Hajnoczi
2020-05-27 13:48 ` Daniele Buono
2020-04-29 19:44 ` [PATCH 4/4] check-block: Enable iotests with SafeStack Daniele Buono
2020-05-21 9:59 ` Stefan Hajnoczi
2020-05-22 15:35 ` Daniele Buono [this message]
2020-05-27 11:13 ` Stefan Hajnoczi
2020-05-04 14:55 ` [PATCH 0/4] Add support for SafeStack Philippe Mathieu-Daudé
2020-05-05 13:15 ` Philippe Mathieu-Daudé
2020-05-05 13:31 ` Daniel P. Berrangé
2020-05-05 13:56 ` Philippe Mathieu-Daudé
2020-05-13 14:48 ` Daniele Buono
2020-05-21 10:00 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dc422d29-131b-a5a8-ee10-6dccff7caea4@linux.vnet.ibm.com \
--to=dbuono@linux.vnet.ibm.com \
--cc=kwolf@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
--cc=tobin@ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).