From: Andrew Scull <ascull@google.com>
To: u-boot@lists.denx.de
Cc: sjg@chromium.org, trini@konsulko.com, xypron.glpk@gmx.de,
jonbottarini@google.com, seanga2@gmail.com,
Andrew Scull <ascull@google.com>
Subject: [PATCH v3 05/13] sandbox: Add support for Address Sanitizer
Date: Mon, 30 May 2022 10:00:05 +0000 [thread overview]
Message-ID: <20220530100013.3753780-6-ascull@google.com> (raw)
In-Reply-To: <20220530100013.3753780-1-ascull@google.com>
Add CONFIG_ASAN to build with the Address Sanitizer. This only works
with the sandbox so the config is likewise dependent. The resulting
executable will have ASAN instrumentation, including the leak detector
that can be disabled with the ASAN_OPTIONS environment variable:
ASAN_OPTIONS=detect_leaks=0 ./u-boot
Since u-boot uses its own dlmalloc, dynamic allocations aren't
automatically instrumented, but stack variables and globals are.
Instrumentation could be added to dlmalloc to poison and unpoison memory
as it is allocated and deallocated, and to introduce redzones between
allocations. Alternatively, the sandbox may be able to play games with
the system allocator and somehow still keep the required memory
abstraction. No effort to address dynamic allocation is made by this
patch.
The config is not yet enabled for any targets by default.
Signed-off-by: Andrew Scull <ascull@google.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
Kconfig | 7 +++++++
arch/sandbox/config.mk | 14 ++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/Kconfig b/Kconfig
index 797038b037..2257aca97f 100644
--- a/Kconfig
+++ b/Kconfig
@@ -154,6 +154,13 @@ config CC_COVERAGE
Enabling this option will pass "--coverage" to gcc to compile
and link code instrumented for coverage analysis.
+config ASAN
+ bool "Enable AddressSanitizer"
+ depends on SANDBOX
+ help
+ Enables AddressSanitizer to discover out-of-bounds accesses,
+ use-after-free, double-free and memory leaks.
+
config CC_HAS_ASM_INLINE
def_bool $(success,echo 'void foo(void) { asm inline (""); }' | $(CC) -x c - -c -o /dev/null)
diff --git a/arch/sandbox/config.mk b/arch/sandbox/config.mk
index f3d3af6611..410603252e 100644
--- a/arch/sandbox/config.mk
+++ b/arch/sandbox/config.mk
@@ -15,8 +15,16 @@ PLATFORM_LIBS += $(shell $(SDL_CONFIG) --libs)
PLATFORM_CPPFLAGS += $(shell $(SDL_CONFIG) --cflags)
endif
+SANITIZERS :=
+ifdef CONFIG_ASAN
+SANITIZERS += -fsanitize=address
+endif
+KBUILD_CFLAGS += $(SANITIZERS)
+
cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
- $(KBUILD_LDFLAGS:%=-Wl,%)$(LTO_FINAL_LDFLAGS) \
+ $(KBUILD_LDFLAGS:%=-Wl,%) \
+ $(SANITIZERS) \
+ $(LTO_FINAL_LDFLAGS) \
-Wl,--whole-archive \
$(u-boot-main) \
$(u-boot-keep-syms-lto) \
@@ -24,7 +32,9 @@ cmd_u-boot__ = $(CC) -o $@ -Wl,-T u-boot.lds $(u-boot-init) \
$(PLATFORM_LIBS) -Wl,-Map -Wl,u-boot.map
cmd_u-boot-spl = (cd $(obj) && $(CC) -o $(SPL_BIN) -Wl,-T u-boot-spl.lds \
- $(KBUILD_LDFLAGS:%=-Wl,%) $(LTO_FINAL_LDFLAGS) \
+ $(KBUILD_LDFLAGS:%=-Wl,%) \
+ $(SANITIZERS) \
+ $(LTO_FINAL_LDFLAGS) \
$(patsubst $(obj)/%,%,$(u-boot-spl-init)) \
-Wl,--whole-archive \
$(patsubst $(obj)/%,%,$(u-boot-spl-main)) \
--
2.36.1.124.g0e6072fb45-goog
next prev parent reply other threads:[~2022-05-30 10:01 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-30 10:00 [PATCH v3 00/13] Fuzzing and ASAN for sandbox Andrew Scull
2022-05-30 10:00 ` [PATCH v3 01/13] serial: sandbox: Fix buffer underflow in puts Andrew Scull
2022-05-31 14:43 ` Sean Anderson
2022-06-23 18:32 ` Tom Rini
2022-05-30 10:00 ` [PATCH v3 02/13] sandbox: Rename EFI runtime sections Andrew Scull
2022-05-30 10:00 ` [PATCH v3 03/13] sandbox: Rename getopt sections Andrew Scull
2022-05-30 10:00 ` [PATCH v3 04/13] linker_lists: Rename sections to remove . prefix Andrew Scull
2022-05-30 10:00 ` Andrew Scull [this message]
2022-05-30 10:00 ` [PATCH v3 06/13] test/py: test_stackprotector: Disable for ASAN Andrew Scull
2022-05-30 10:00 ` [PATCH v3 07/13] CI: Azure: Build with ASAN enabled Andrew Scull
2022-05-30 10:00 ` [PATCH v3 08/13] fuzzing_engine: Add fuzzing engine uclass Andrew Scull
2022-05-30 10:00 ` [PATCH v3 09/13] test: fuzz: Add framework for fuzzing Andrew Scull
2022-05-30 10:00 ` [PATCH v3 10/13] sandbox: Decouple program entry from sandbox init Andrew Scull
2022-05-30 10:00 ` [PATCH v3 11/13] sandbox: Add libfuzzer integration Andrew Scull
2022-05-30 10:00 ` [PATCH v3 12/13] sandbox: Implement fuzzing engine driver Andrew Scull
2022-05-30 10:00 ` [PATCH v3 13/13] fuzz: virtio: Add fuzzer for vring Andrew Scull
2023-08-28 16:20 ` [PATCH v3 00/13] Fuzzing and ASAN for sandbox Simon Glass
2023-08-28 19:56 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220530100013.3753780-6-ascull@google.com \
--to=ascull@google.com \
--cc=jonbottarini@google.com \
--cc=seanga2@gmail.com \
--cc=sjg@chromium.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=xypron.glpk@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox