From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, seanga2@gmail.com, Andrew Scull <ascull@google.com>
Subject: [PATCH 04/11] sandbox: Add support for Address Sanitizer
Date: Thu, 7 Apr 2022 09:41:16 +0000 [thread overview]
Message-ID: <20220407094123.1752236-5-ascull@google.com> (raw)
In-Reply-To: <20220407094123.1752236-1-ascull@google.com>
Add CONFIG_ASAN to build with the Address Sanitizer. This only works
with the sandbox so the config is likewise dependent. The resulting
executable will have ASAN instrumentation, including the leak detector
that can be disabled with the ASAN_OPTIONS environment variable:
ASAN_OPTIONS=detect_leaks=0 ./u-boot
Since u-boot uses its own dlmalloc, dynamic allocations aren't
automatically instrumented, but stack variables and globals are.
Instrumentation could be added to dlmalloc to poison and unpoison memory
as it is allocated and deallocated, and to introduce redzones between
allocations. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
Signed-off-by: Andrew Scull <ascull@google.com>
---
Kconfig | 7 +++++++
arch/sandbox/config.mk | 8 ++++++++
configs/sandbox_defconfig | 1 +
3 files changed, 16 insertions(+)
diff --git a/Kconfig b/Kconfig
index 9dd9ec7f6d..ae7e92611d 100644
--- a/Kconfig
+++ b/Kconfig
@@ -137,6 +137,13 @@ config CC_COVERAGE
Enabling this option will pass "--coverage" to gcc to compile
and link code instrumented for coverage analysis.
+config ASAN
+ bool "Enable AddressSanitizer"
+ depends on SANDBOX
+ help
+ Enables AddressSanitizer to discover out-of-bounds accesses,
+ use-after-free, double-free and memory leaks.
+
config CC_HAS_ASM_INLINE
def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
diff --git a/arch/sandbox/config.mk b/arch/sandbox/config.mk
index c42de2ff27..d7ce66fb6c 100644
--- a/arch/sandbox/config.mk
+++ b/arch/sandbox/config.mk
@@ -15,7 +15,14 @@ PLATFORM_LIBS += $(shell $(SDL_CONFIG) --libs)
PLATFORM_CPPFLAGS += $(shell $(SDL_CONFIG) --cflags)
endif
+SANITIZERS :=
+ifdef CONFIG_ASAN
+SANITIZERS += -fsanitize=address
+endif
+KBUILD_CFLAGS += $(SANITIZERS)
+
cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
+ $(SANITIZERS) \
$(LTO_FINAL_LDFLAGS) \
-Wl,--whole-archive \
$(u-boot-main) \
@@ -24,6 +31,7 @@ cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
$(PLATFORM_LIBS) -Wl,-Map -Wl,u-boot.map
cmd_u-boot-spl = (cd $(obj) && $(CC) -o $(SPL_BIN) -Wl,-T u-boot-spl.lds \
+ $(SANITIZERS) \
$(LTO_FINAL_LDFLAGS) \
$(patsubst $(obj)/%,%,$(u-boot-spl-init)) \
-Wl,--whole-archive \
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index 7ebeb89264..4862af07cd 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -1,3 +1,4 @@
+CONFIG_ASAN=y
CONFIG_SYS_TEXT_BASE=0
CONFIG_SYS_MALLOC_LEN=0x2000000
CONFIG_NR_DRAM_BANKS=1
--
2.35.1.1094.g7c7d902a7c-goog
next prev parent reply other threads:[~2022-04-07 9:42 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-07 9:41 [PATCH 00/11] Fuzzing and ASAN for sandbox Andrew Scull
2022-04-07 9:41 ` [PATCH 01/11] sandbox: Set the EFI symbols in linker script Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-11 22:15 ` Heinrich Schuchardt
2022-04-11 22:37 ` Andrew Scull
2022-04-07 9:41 ` [PATCH 02/11] sandbox: Migrate getopt section to linker list Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` [PATCH 03/11] linker_lists: Rename sections to remove . prefix Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` Andrew Scull [this message]
2022-04-11 18:35 ` [PATCH 04/11] sandbox: Add support for Address Sanitizer Simon Glass
2022-04-12 9:26 ` Andrew Scull
2022-04-07 9:41 ` [PATCH 05/11] fuzzing_engine: Add fuzzing engine uclass Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` [PATCH 06/11] test: fuzz: Add framework for fuzzing Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` [PATCH 07/11] sandbox: Decouple program entry from sandbox init Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` [PATCH 08/11] sandbox: Add libfuzzer integration Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-07 9:41 ` [PATCH 09/11] sandbox: Implement fuzzing engine driver Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-14 13:44 ` Andrew Scull
2022-04-07 9:41 ` [PATCH 10/11] fuzz: virtio: Add fuzzer for vring Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-12 14:04 ` Andrew Scull
2022-04-07 9:41 ` [PATCH 11/11] RFC: Hack dlmalloc to poison memory Andrew Scull
2022-04-11 18:35 ` Simon Glass
2022-04-12 10:19 ` Andrew Scull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220407094123.1752236-5-ascull@google.com \
--to=ascull@google.com \
--cc=seanga2@gmail.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox