From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, xypron.glpk@gmx.de, Andrew Scull <ascull@google.com>
Subject: [PATCH v2 05/12] sandbox: Add support for Address Sanitizer
Date: Thu, 14 Apr 2022 13:59:34 +0000 [thread overview]
Message-ID: <20220414135941.1732585-6-ascull@google.com> (raw)
In-Reply-To: <20220414135941.1732585-1-ascull@google.com>
Add CONFIG_ASAN to build with the Address Sanitizer. This only works
with the sandbox so the config is likewise dependent. The resulting
executable will have ASAN instrumentation, including the leak detector
that can be disabled with the ASAN_OPTIONS environment variable:
ASAN_OPTIONS=detect_leaks=0 ./u-boot
Since u-boot uses its own dlmalloc, dynamic allocations aren't
automatically instrumented, but stack variables and globals are.
Instrumentation could be added to dlmalloc to poison and unpoison memory
as it is allocated and deallocated, and to introduce redzones between
allocations. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
Kconfig | 7 +++++++
arch/sandbox/config.mk | 8 ++++++++
configs/sandbox_defconfig | 1 +
3 files changed, 16 insertions(+)
diff --git a/Kconfig b/Kconfig
index 0ee3068b9a..a2577bcce6 100644
--- a/Kconfig
+++ b/Kconfig
@@ -154,6 +154,13 @@ config CC_COVERAGE
Enabling this option will pass "--coverage" to gcc to compile
and link code instrumented for coverage analysis.
+config ASAN
+ bool "Enable AddressSanitizer"
+ depends on SANDBOX
+ help
+ Enables AddressSanitizer to discover out-of-bounds accesses,
+ use-after-free, double-free and memory leaks.
+
config CC_HAS_ASM_INLINE
def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
diff --git a/arch/sandbox/config.mk b/arch/sandbox/config.mk
index c42de2ff27..d7ce66fb6c 100644
--- a/arch/sandbox/config.mk
+++ b/arch/sandbox/config.mk
@@ -15,7 +15,14 @@ PLATFORM_LIBS += $(shell $(SDL_CONFIG) --libs)
PLATFORM_CPPFLAGS += $(shell $(SDL_CONFIG) --cflags)
endif
+SANITIZERS :=
+ifdef CONFIG_ASAN
+SANITIZERS += -fsanitize=address
+endif
+KBUILD_CFLAGS += $(SANITIZERS)
+
cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
+ $(SANITIZERS) \
$(LTO_FINAL_LDFLAGS) \
-Wl,--whole-archive \
$(u-boot-main) \
@@ -24,6 +31,7 @@ cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
$(PLATFORM_LIBS) -Wl,-Map -Wl,u-boot.map
cmd_u-boot-spl = (cd $(obj) && $(CC) -o $(SPL_BIN) -Wl,-T u-boot-spl.lds \
+ $(SANITIZERS) \
$(LTO_FINAL_LDFLAGS) \
$(patsubst $(obj)/%,%,$(u-boot-spl-init)) \
-Wl,--whole-archive \
diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
index cb8d590eb6..462a0afb2e 100644
--- a/configs/sandbox_defconfig
+++ b/configs/sandbox_defconfig
@@ -1,3 +1,4 @@
+CONFIG_ASAN=y
CONFIG_SYS_TEXT_BASE=0
CONFIG_SYS_MALLOC_LEN=0x2000000
CONFIG_NR_DRAM_BANKS=1
--
2.35.1.1178.g4f1659d476-goog
next prev parent reply other threads:[~2022-04-14 14:00 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-14 13:59 [PATCH 00/11] Fuzzing and ASAN for sandbox Andrew Scull
2022-04-14 13:59 ` [PATCH v2 01/12] sandbox: Fix EFI runtime symbol placement Andrew Scull
2022-04-14 13:59 ` [PATCH v2 02/12] sandbox: Rename EFI runtime sections Andrew Scull
2022-04-14 13:59 ` [PATCH v2 03/12] sandbox: Migrate getopt section to linker list Andrew Scull
2022-04-29 15:11 ` Tom Rini
2022-05-02 16:24 ` Andrew Scull
2022-05-02 16:27 ` Tom Rini
2022-05-15 20:37 ` Andrew Scull
2022-05-16 10:47 ` Andrew Scull
2022-04-14 13:59 ` [PATCH v2 04/12] linker_lists: Rename sections to remove . prefix Andrew Scull
2022-05-17 8:06 ` Heinrich Schuchardt
2022-05-18 7:02 ` Andrew Scull
2022-04-14 13:59 ` Andrew Scull [this message]
2022-04-14 13:59 ` [PATCH v2 06/12] fuzzing_engine: Add fuzzing engine uclass Andrew Scull
2022-04-14 13:59 ` [PATCH v2 07/12] test: fuzz: Add framework for fuzzing Andrew Scull
2022-04-14 13:59 ` [PATCH v2 08/12] sandbox: Decouple program entry from sandbox init Andrew Scull
2022-04-14 13:59 ` [PATCH v2 09/12] sandbox: Add libfuzzer integration Andrew Scull
2022-04-14 13:59 ` [PATCH v2 10/12] sandbox: Implement fuzzing engine driver Andrew Scull
2022-04-14 13:59 ` [PATCH v2 11/12] fuzz: virtio: Add fuzzer for vring Andrew Scull
2022-04-14 13:59 ` [PATCH v2 12/12] virtio_ring: Reduce logging noise Andrew Scull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220414135941.1732585-6-ascull@google.com \
--to=ascull@google.com \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox