[PATCH] Add support for KernelAddressSanitizer

[PATCH] Add support for KernelAddressSanitizer

[Yury Gribov]

[-- Attachment #1: Type: text/plain, Size: 676 bytes --]

Hi all,

This tiny patch adds support for KernelASan. KASan brings Asan error 
detection capabilities to Linux kernel 
(https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).

KASan works similar to normal userspace ASan but disables some options 
which are not yet supported by kernel (notably inline instrumentation, 
stack/global protection and UAR). We would prefer to hide all necessary 
tweaks under a user-friendly flag (-fsanitize=kernel-address) instead of 
forcing them directly in kernel's CFLAGS.

Kernel patches are currently under review in LKML 
(https://lkml.org/lkml/2014/7/9/990).

Bootstrapped and regtested on x64.

Ok to commit?

-Y

[-- Attachment #2: kasan_patch-1.diff --]
[-- Type: text/x-diff, Size: 2764 bytes --]

gcc/

2014-07-18  Yury Gribov  <y.gribov@samsung.com>

	* doc/invoke.texi (-fsanitize=kernel-address): Describe new option.
	* flag-types.h (SANITIZE_KERNEL_ADDRESS): New enum.
	* opts.c (common_handle_option): Handle new option.

diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index a83f6c6..70f9c2b 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -5376,6 +5376,11 @@ more details.  The run-time behavior can be influenced using the
 @url{https://code.google.com/p/address-sanitizer/wiki/Flags#Run-time_flags} for
 a list of supported options.
 
+@item -fsanitize=kernel-address
+@opindex fsanitize=kernel-address
+Enable AddressSanitizer for Linux kernel.
+See @uref{http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel} for more details.
+
 @item -fsanitize=thread
 @opindex fsanitize=thread
 Enable ThreadSanitizer, a fast data race detector.
diff --git a/gcc/flag-types.h b/gcc/flag-types.h
index 2849455..04038f6 100644
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -231,6 +231,7 @@ enum sanitize_code {
   SANITIZE_FLOAT_DIVIDE = 1 << 12,
   SANITIZE_FLOAT_CAST = 1 << 13,
   SANITIZE_BOUNDS = 1 << 14,
+  SANITIZE_KERNEL_ADDRESS = 1 << 15,
   SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
 		       | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
 		       | SANITIZE_SI_OVERFLOW | SANITIZE_BOOL | SANITIZE_ENUM
diff --git a/gcc/opts.c b/gcc/opts.c
index 419a074..42fef36 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -1475,6 +1475,7 @@ common_handle_option (struct gcc_options *opts,
 	      { "float-cast-overflow", SANITIZE_FLOAT_CAST,
 		sizeof "float-cast-overflow" - 1 },
 	      { "bounds", SANITIZE_BOUNDS, sizeof "bounds" - 1 },
+	      { "kernel-address", SANITIZE_KERNEL_ADDRESS, sizeof "kernel-address" - 1 },
 	      { NULL, 0, 0 }
 	    };
 	    const char *comma;
@@ -1520,6 +1521,25 @@ common_handle_option (struct gcc_options *opts,
 	   the null pointer checks.  */
 	if (flag_sanitize & SANITIZE_NULL)
 	  opts->x_flag_delete_null_pointer_checks = 0;
+
+	/* Kernel ASan implies normal ASan but does not yet support
+	   all features.  */
+	if (flag_sanitize & SANITIZE_KERNEL_ADDRESS)
+	  {
+	    flag_sanitize |= SANITIZE_ADDRESS;
+	    maybe_set_param_value (PARAM_ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_GLOBALS, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_STACK, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	  }
 	break;
       }
 

Re: [PATCH] Add support for KernelAddressSanitizer

[Dmitry Vyukov]

On Fri, Jul 18, 2014 at 3:40 PM, Yury Gribov <y.gribov@samsung.com> wrote:
> Hi all,
>
> This tiny patch adds support for KernelASan. KASan brings Asan error
> detection capabilities to Linux kernel
> (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).
>
> KASan works similar to normal userspace ASan but disables some options which
> are not yet supported by kernel (notably inline instrumentation,
> stack/global protection and UAR). We would prefer to hide all necessary
> tweaks under a user-friendly flag (-fsanitize=kernel-address) instead of
> forcing them directly in kernel's CFLAGS.
>
> Kernel patches are currently under review in LKML
> (https://lkml.org/lkml/2014/7/9/990).
>
> Bootstrapped and regtested on x64.
>
> Ok to commit?



Thanks for doing this, Yury.

The patch looks good to me FWIW, but please wait for Jakub or somebody
else with stronger gcc-fu.

Re: [PATCH] Add support for KernelAddressSanitizer

[Jakub Jelinek]

On Fri, Jul 18, 2014 at 03:40:15PM +0400, Yury Gribov wrote:
> This tiny patch adds support for KernelASan. KASan brings Asan error
> detection capabilities to Linux kernel
> (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).
> 
> KASan works similar to normal userspace ASan but disables some options which
> are not yet supported by kernel (notably inline instrumentation,
> stack/global protection and UAR). We would prefer to hide all necessary
> tweaks under a user-friendly flag (-fsanitize=kernel-address) instead of
> forcing them directly in kernel's CFLAGS.
> 
> Kernel patches are currently under review in LKML
> (https://lkml.org/lkml/2014/7/9/990).

I thought KAsan used different entry points (__kasan_* etc.), has that
changed?

Also, oring in SANITIZER_ADDRESS means you add -lasan to link flags, I'd
guess that for -fsanitize=kernel-address you don't want to add any libraries
at link time?

Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
Perhaps -fsanitize=kernel-address -fsanitize=address should be invalid too?

	Jakub

Re: [PATCH] Add support for KernelAddressSanitizer

[Dmitry Vyukov]

On Fri, Jul 18, 2014 at 4:26 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> On Fri, Jul 18, 2014 at 03:40:15PM +0400, Yury Gribov wrote:
>> This tiny patch adds support for KernelASan. KASan brings Asan error
>> detection capabilities to Linux kernel
>> (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).
>>
>> KASan works similar to normal userspace ASan but disables some options which
>> are not yet supported by kernel (notably inline instrumentation,
>> stack/global protection and UAR). We would prefer to hide all necessary
>> tweaks under a user-friendly flag (-fsanitize=kernel-address) instead of
>> forcing them directly in kernel's CFLAGS.
>>
>> Kernel patches are currently under review in LKML
>> (https://lkml.org/lkml/2014/7/9/990).
>
> I thought KAsan used different entry points (__kasan_* etc.), has that
> changed?

Yes, we've switched to __asan_.

> Also, oring in SANITIZER_ADDRESS means you add -lasan to link flags, I'd
> guess that for -fsanitize=kernel-address you don't want to add any libraries
> at link time?

I suspect that we don't pass -fsanitize=kernel-address during linking
in kernel today. But I agree that it's better to disable any
processing during linking for now. Later we may want to do something
special during linking if -fsanitize=kernel-address is supplied.

> Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
> Perhaps -fsanitize=kernel-address -fsanitize=address should be invalid too?

Yes, all these combinations are invalid.

Re: [PATCH] Add support for KernelAddressSanitizer

[Yury Gribov]

 >> Also, oring in SANITIZER_ADDRESS means you add -lasan to link flags, I'd
 >> guess that for -fsanitize=kernel-address you don't want to add any 
libraries
 >> at link time?
 >
 > I suspect that we don't pass -fsanitize=kernel-address during linking
 > in kernel today. But I agree that it's better to disable any
 > processing during linking for now. Later we may want to do something
 > special during linking if -fsanitize=kernel-address is supplied.

AFAIK kernel is linked directly with ld so this may not be a big issue.

 >> Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
 >> Perhaps -fsanitize=kernel-address -fsanitize=address should be
 >> invalid too?
 >
 > Yes, all these combinations are invalid.

Ok, I'll add these.

-Y

Re: [PATCH] Add support for KernelAddressSanitizer

[Jakub Jelinek]

On Fri, Jul 18, 2014 at 05:19:39PM +0400, Dmitry Vyukov wrote:
> On Fri, Jul 18, 2014 at 4:26 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> > On Fri, Jul 18, 2014 at 03:40:15PM +0400, Yury Gribov wrote:
> >> This tiny patch adds support for KernelASan. KASan brings Asan error
> >> detection capabilities to Linux kernel
> >> (https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).
> >>
> >> KASan works similar to normal userspace ASan but disables some options which
> >> are not yet supported by kernel (notably inline instrumentation,
> >> stack/global protection and UAR). We would prefer to hide all necessary
> >> tweaks under a user-friendly flag (-fsanitize=kernel-address) instead of
> >> forcing them directly in kernel's CFLAGS.
> >>
> >> Kernel patches are currently under review in LKML
> >> (https://lkml.org/lkml/2014/7/9/990).
> >
> > I thought KAsan used different entry points (__kasan_* etc.), has that
> > changed?
> 
> Yes, we've switched to __asan_.

Ok.

> > Also, oring in SANITIZER_ADDRESS means you add -lasan to link flags, I'd
> > guess that for -fsanitize=kernel-address you don't want to add any libraries
> > at link time?
> 
> I suspect that we don't pass -fsanitize=kernel-address during linking
> in kernel today. But I agree that it's better to disable any
> processing during linking for now. Later we may want to do something
> special during linking if -fsanitize=kernel-address is supplied.
> 
> > Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
> > Perhaps -fsanitize=kernel-address -fsanitize=address should be invalid too?
> 
> Yes, all these combinations are invalid.

But you don't error out on that.
If we want to diagnose the last, IMHO we can't have just SANITIZE_ADDRESS
and SANITIZE_KERNEL_ADDRESS flags, but instead should have
SANITIZE_ADDRESS (used when we don't care about kernel vs. user asan
differences), SANITIZE_USER_ADDRESS and SANITIZE_KERNEL_ADDRESS bits.
"address" would set SANITIZE_ADDRESS | SANITIZE_USER_ADDRESS,
"kernel-address" SANITIZE_ADDRESS | SANITIZE_KERNEL_ADDRESS.
Then in sanitize_spec_function supposedly for "address" check
SANITIZE_USER_ADDRESS bit, for "kernel-address" added there
SANITIZE_KERNEL_ADDRESS, add all the incompatibility diagnostics for the new
invalid combinations.  Plus, toplev.c has e.g.:
  /* Address Sanitizer needs porting to each target architecture.  */
  if ((flag_sanitize & SANITIZE_ADDRESS)
      && (targetm.asan_shadow_offset == NULL
          || !FRAME_GROWS_DOWNWARD))
    {
      warning (0, "-fsanitize=address not supported for this target");
      flag_sanitize &= ~SANITIZE_ADDRESS;
    }
Now, is the same really the case for SANITIZE_KERNEL_ADDRESS?
I guess we still inline the shadow memory accesses to poison/unpoison
stack in function prologue/epilogue, right?  In that case without
asan_shadow_offset we can't do anything.  If it was a function call instead
it would be portable to all architectures.

	Jakub

Re: [PATCH] Add support for KernelAddressSanitizer

[Yury Gribov]

> Then in sanitize_spec_function supposedly for "address" check
> SANITIZE_USER_ADDRESS bit, for "kernel-address" added there
> SANITIZE_KERNEL_ADDRESS, add all the incompatibility diagnostics for the new
> invalid combinations.

Ok.

>Plus, toplev.c has e.g.:
> ...
> Now, is the same really the case for SANITIZE_KERNEL_ADDRESS?

This is a good point, KASan does not use asan_shadow_offset
so this check is redundant.

>I guess we still inline the shadow memory accesses to poison/unpoison
> stack in function prologue/epilogue, right?  In that case without
> asan_shadow_offset we can't do anything.  If it was a function call instead
> it would be portable to all architectures.

Stack is not supported by current KASan. My local version indeed does 
replace
asan_shadow_offset with function call.

-Y

Re: [PATCH] Add support for KernelAddressSanitizer

[Yury Gribov]

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

On 07/18/2014 05:38 PM, Jakub Jelinek wrote:
>>> Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
>>> Perhaps -fsanitize=kernel-address -fsanitize=address should be invalid too?
>>
>> Yes, all these combinations are invalid.
>
> But you don't error out on that.

Ok, fixed.

> Then in sanitize_spec_function supposedly for "address" check
> SANITIZE_USER_ADDRESS bit, for "kernel-address" added there
> SANITIZE_KERNEL_ADDRESS, add all the incompatibility diagnostics for the new
> invalid combinations.

This delayed detection until link phase (and even then was disabled if 
-nostdlib was on)
so I decided to perform this check in finish_options (after passing 
cmdline options).

>Plus, toplev.c has e.g.:

Fixed as well.

-Y


[-- Attachment #2: kasan_patch-2.diff --]
[-- Type: text/x-diff, Size: 7716 bytes --]

commit bd51cdb807c2cf5ada0101ca7db89076b54ed18e
Author: Yury Gribov <y.gribov@samsung.com>
Date:   Tue Jul 22 11:02:03 2014 +0400

    2014-07-23  Yury Gribov  <y.gribov@samsung.com>
    
    	* doc/cpp.texi (__SANITIZE_ADDRESS__): Updated description.
    	* doc/invoke.texi (-fsanitize=kernel-address): Describe new option.
    	* flag-types.h (SANITIZE_USER_ADDRESS, SANITIZE_KERNEL_ADDRESS):
    	New enums.
    	* gcc.c (sanitize_spec_function): Support new option.
    	(SANITIZER_SPEC): Remove now redundant check.
    	* opts.c (common_handle_option): Support new option.
    	(finish_options): Check for incompatibilities.
    	* toplev.c (process_options): Split userspace-specific checks.

diff --git a/gcc/doc/cpp.texi b/gcc/doc/cpp.texi
index aaed739..0a6e50c 100644
--- a/gcc/doc/cpp.texi
+++ b/gcc/doc/cpp.texi
@@ -2354,8 +2354,8 @@ This macro is defined, with value 3, when @option{-fstack-protector-strong} is
 in use.
 
 @item __SANITIZE_ADDRESS__
-This macro is defined, with value 1, when @option{-fsanitize=address} is
-in use.
+This macro is defined, with value 1, when @option{-fsanitize=address}
+or @option{-fsanitize=kernel-address} are in use.
 
 @item __TIMESTAMP__
 This macro expands to a string constant that describes the date and time
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index b5e8d98..391daf8 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -5405,6 +5405,11 @@ more details.  The run-time behavior can be influenced using the
 @url{https://code.google.com/p/address-sanitizer/wiki/Flags#Run-time_flags} for
 a list of supported options.
 
+@item -fsanitize=kernel-address
+@opindex fsanitize=kernel-address
+Enable AddressSanitizer for Linux kernel.
+See @uref{http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel} for more details.
+
 @item -fsanitize=thread
 @opindex fsanitize=thread
 Enable ThreadSanitizer, a fast data race detector.
diff --git a/gcc/flag-types.h b/gcc/flag-types.h
index 2849455..bf813b6 100644
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -214,23 +214,25 @@ enum vect_cost_model {
 enum sanitize_code {
   /* AddressSanitizer.  */
   SANITIZE_ADDRESS = 1 << 0,
+  SANITIZE_USER_ADDRESS = 1 << 1,
+  SANITIZE_KERNEL_ADDRESS = 1 << 2,
   /* ThreadSanitizer.  */
-  SANITIZE_THREAD = 1 << 1,
+  SANITIZE_THREAD = 1 << 3,
   /* LeakSanitizer.  */
-  SANITIZE_LEAK = 1 << 2,
+  SANITIZE_LEAK = 1 << 4,
   /* UndefinedBehaviorSanitizer.  */
-  SANITIZE_SHIFT = 1 << 3,
-  SANITIZE_DIVIDE = 1 << 4,
-  SANITIZE_UNREACHABLE = 1 << 5,
-  SANITIZE_VLA = 1 << 6,
-  SANITIZE_NULL = 1 << 7,
-  SANITIZE_RETURN = 1 << 8,
-  SANITIZE_SI_OVERFLOW = 1 << 9,
-  SANITIZE_BOOL = 1 << 10,
-  SANITIZE_ENUM = 1 << 11,
-  SANITIZE_FLOAT_DIVIDE = 1 << 12,
-  SANITIZE_FLOAT_CAST = 1 << 13,
-  SANITIZE_BOUNDS = 1 << 14,
+  SANITIZE_SHIFT = 1 << 5,
+  SANITIZE_DIVIDE = 1 << 6,
+  SANITIZE_UNREACHABLE = 1 << 7,
+  SANITIZE_VLA = 1 << 8,
+  SANITIZE_NULL = 1 << 9,
+  SANITIZE_RETURN = 1 << 10,
+  SANITIZE_SI_OVERFLOW = 1 << 11,
+  SANITIZE_BOOL = 1 << 12,
+  SANITIZE_ENUM = 1 << 13,
+  SANITIZE_FLOAT_DIVIDE = 1 << 14,
+  SANITIZE_FLOAT_CAST = 1 << 15,
+  SANITIZE_BOUNDS = 1 << 16,
   SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
 		       | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
 		       | SANITIZE_SI_OVERFLOW | SANITIZE_BOOL | SANITIZE_ENUM
diff --git a/gcc/gcc.c b/gcc/gcc.c
index 6cd08ea..c0fde8c 100644
--- a/gcc/gcc.c
+++ b/gcc/gcc.c
@@ -779,8 +779,7 @@ proper position among the other output files.  */
 #ifndef SANITIZER_SPEC
 #define SANITIZER_SPEC "\
 %{!nostdlib:%{!nodefaultlibs:%{%:sanitize(address):" LIBASAN_SPEC "\
-    %{static:%ecannot specify -static with -fsanitize=address}\
-    %{%:sanitize(thread):%e-fsanitize=address is incompatible with -fsanitize=thread}}\
+    %{static:%ecannot specify -static with -fsanitize=address}}\
     %{%:sanitize(thread):" LIBTSAN_SPEC "\
     %{!pie:%{!shared:%e-fsanitize=thread linking must be done with -pie or -shared}}}\
     %{%:sanitize(undefined):" LIBUBSAN_SPEC "}\
@@ -8224,7 +8223,9 @@ sanitize_spec_function (int argc, const char **argv)
     return NULL;
 
   if (strcmp (argv[0], "address") == 0)
-    return (flag_sanitize & SANITIZE_ADDRESS) ? "" : NULL;
+    return (flag_sanitize & SANITIZE_USER_ADDRESS) ? "" : NULL;
+  if (strcmp (argv[0], "kernel-address") == 0)
+    return (flag_sanitize & SANITIZE_KERNEL_ADDRESS) ? "" : NULL;
   if (strcmp (argv[0], "thread") == 0)
     return (flag_sanitize & SANITIZE_THREAD) ? "" : NULL;
   if (strcmp (argv[0], "undefined") == 0)
diff --git a/gcc/opts.c b/gcc/opts.c
index 5fed6f0..4b0af82 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -869,6 +869,20 @@ finish_options (struct gcc_options *opts, struct gcc_options *opts_set,
   /* The -gsplit-dwarf option requires -ggnu-pubnames.  */
   if (opts->x_dwarf_split_debug_info)
     opts->x_debug_generate_pub_sections = 2;
+
+  /* Userspace and kernel ASan conflict with each other and with TSan.  */
+
+  if ((flag_sanitize & SANITIZE_USER_ADDRESS)
+      && (flag_sanitize & SANITIZE_KERNEL_ADDRESS))
+    error_at (loc,
+              "-fsanitize=address is incompatible with "
+              "-fsanitize=kernel-address");
+
+  if ((flag_sanitize & SANITIZE_ADDRESS)
+      && (flag_sanitize & SANITIZE_THREAD))
+    error_at (loc,
+              "-fsanitize=address and -fsanitize=kernel-address "
+              "are incompatible with -fsanitize=thread");
 }
 
 #define LEFT_COLUMN	27
@@ -1454,7 +1468,10 @@ common_handle_option (struct gcc_options *opts,
 	      size_t len;
 	    } spec[] =
 	    {
-	      { "address", SANITIZE_ADDRESS, sizeof "address" - 1 },
+	      { "address", SANITIZE_ADDRESS | SANITIZE_USER_ADDRESS,
+		sizeof "address" - 1 },
+	      { "kernel-address", SANITIZE_ADDRESS | SANITIZE_KERNEL_ADDRESS,
+		sizeof "kernel-address" - 1 },
 	      { "thread", SANITIZE_THREAD, sizeof "thread" - 1 },
 	      { "leak", SANITIZE_LEAK, sizeof "leak" - 1 },
 	      { "shift", SANITIZE_SHIFT, sizeof "shift" - 1 },
@@ -1520,6 +1537,25 @@ common_handle_option (struct gcc_options *opts,
 	   the null pointer checks.  */
 	if (flag_sanitize & SANITIZE_NULL)
 	  opts->x_flag_delete_null_pointer_checks = 0;
+
+	/* Kernel ASan implies normal ASan but does not yet support
+	   all features.  */
+	if (flag_sanitize & SANITIZE_KERNEL_ADDRESS)
+	  {
+	    maybe_set_param_value (PARAM_ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_GLOBALS, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_STACK, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	  }
+
 	break;
       }
 
diff --git a/gcc/toplev.c b/gcc/toplev.c
index 1c9befd..d82244f 100644
--- a/gcc/toplev.c
+++ b/gcc/toplev.c
@@ -1555,9 +1555,18 @@ process_options (void)
     warn_stack_protect = 0;
 
   /* Address Sanitizer needs porting to each target architecture.  */
+
   if ((flag_sanitize & SANITIZE_ADDRESS)
-      && (targetm.asan_shadow_offset == NULL
-	  || !FRAME_GROWS_DOWNWARD))
+      && !FRAME_GROWS_DOWNWARD)
+    {
+      warning (0,
+	       "-fsanitize=address and -fsanitize=kernel-address "
+	       "are not supported for this target");
+      flag_sanitize &= ~SANITIZE_ADDRESS;
+    }
+
+  if ((flag_sanitize & SANITIZE_USER_ADDRESS)
+      && targetm.asan_shadow_offset == NULL)
     {
       warning (0, "-fsanitize=address not supported for this target");
       flag_sanitize &= ~SANITIZE_ADDRESS;

[PATCH][PING] Add support for KernelAddressSanitizer

[Yury Gribov]

[-- Attachment #1: Type: text/plain, Size: 748 bytes --]

On 07/18/2014 05:38 PM, Jakub Jelinek wrote:
>>> Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
>>> Perhaps -fsanitize=kernel-address -fsanitize=address should be invalid too?
>>
>> Yes, all these combinations are invalid.
>
> But you don't error out on that.

Ok, fixed.

> Then in sanitize_spec_function supposedly for "address" check
> SANITIZE_USER_ADDRESS bit, for "kernel-address" added there
> SANITIZE_KERNEL_ADDRESS, add all the incompatibility diagnostics for the new
> invalid combinations.

This delayed detection until link phase (and even then was disabled if
-nostdlib was on)
so I decided to perform this check in finish_options (after passing
cmdline options).

>Plus, toplev.c has e.g.:

Fixed as well.

-Y





[-- Attachment #2: kasan_patch-2.diff --]
[-- Type: text/x-diff, Size: 7717 bytes --]

commit bd51cdb807c2cf5ada0101ca7db89076b54ed18e
Author: Yury Gribov <y.gribov@samsung.com>
Date:   Tue Jul 22 11:02:03 2014 +0400

    2014-07-23  Yury Gribov  <y.gribov@samsung.com>
    
    	* doc/cpp.texi (__SANITIZE_ADDRESS__): Updated description.
    	* doc/invoke.texi (-fsanitize=kernel-address): Describe new option.
    	* flag-types.h (SANITIZE_USER_ADDRESS, SANITIZE_KERNEL_ADDRESS):
    	New enums.
    	* gcc.c (sanitize_spec_function): Support new option.
    	(SANITIZER_SPEC): Remove now redundant check.
    	* opts.c (common_handle_option): Support new option.
    	(finish_options): Check for incompatibilities.
    	* toplev.c (process_options): Split userspace-specific checks.

diff --git a/gcc/doc/cpp.texi b/gcc/doc/cpp.texi
index aaed739..0a6e50c 100644
--- a/gcc/doc/cpp.texi
+++ b/gcc/doc/cpp.texi
@@ -2354,8 +2354,8 @@ This macro is defined, with value 3, when @option{-fstack-protector-strong} is
 in use.
 
 @item __SANITIZE_ADDRESS__
-This macro is defined, with value 1, when @option{-fsanitize=address} is
-in use.
+This macro is defined, with value 1, when @option{-fsanitize=address}
+or @option{-fsanitize=kernel-address} are in use.
 
 @item __TIMESTAMP__
 This macro expands to a string constant that describes the date and time
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index b5e8d98..391daf8 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -5405,6 +5405,11 @@ more details.  The run-time behavior can be influenced using the
 @url{https://code.google.com/p/address-sanitizer/wiki/Flags#Run-time_flags} for
 a list of supported options.
 
+@item -fsanitize=kernel-address
+@opindex fsanitize=kernel-address
+Enable AddressSanitizer for Linux kernel.
+See @uref{http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel} for more details.
+
 @item -fsanitize=thread
 @opindex fsanitize=thread
 Enable ThreadSanitizer, a fast data race detector.
diff --git a/gcc/flag-types.h b/gcc/flag-types.h
index 2849455..bf813b6 100644
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -214,23 +214,25 @@ enum vect_cost_model {
 enum sanitize_code {
   /* AddressSanitizer.  */
   SANITIZE_ADDRESS = 1 << 0,
+  SANITIZE_USER_ADDRESS = 1 << 1,
+  SANITIZE_KERNEL_ADDRESS = 1 << 2,
   /* ThreadSanitizer.  */
-  SANITIZE_THREAD = 1 << 1,
+  SANITIZE_THREAD = 1 << 3,
   /* LeakSanitizer.  */
-  SANITIZE_LEAK = 1 << 2,
+  SANITIZE_LEAK = 1 << 4,
   /* UndefinedBehaviorSanitizer.  */
-  SANITIZE_SHIFT = 1 << 3,
-  SANITIZE_DIVIDE = 1 << 4,
-  SANITIZE_UNREACHABLE = 1 << 5,
-  SANITIZE_VLA = 1 << 6,
-  SANITIZE_NULL = 1 << 7,
-  SANITIZE_RETURN = 1 << 8,
-  SANITIZE_SI_OVERFLOW = 1 << 9,
-  SANITIZE_BOOL = 1 << 10,
-  SANITIZE_ENUM = 1 << 11,
-  SANITIZE_FLOAT_DIVIDE = 1 << 12,
-  SANITIZE_FLOAT_CAST = 1 << 13,
-  SANITIZE_BOUNDS = 1 << 14,
+  SANITIZE_SHIFT = 1 << 5,
+  SANITIZE_DIVIDE = 1 << 6,
+  SANITIZE_UNREACHABLE = 1 << 7,
+  SANITIZE_VLA = 1 << 8,
+  SANITIZE_NULL = 1 << 9,
+  SANITIZE_RETURN = 1 << 10,
+  SANITIZE_SI_OVERFLOW = 1 << 11,
+  SANITIZE_BOOL = 1 << 12,
+  SANITIZE_ENUM = 1 << 13,
+  SANITIZE_FLOAT_DIVIDE = 1 << 14,
+  SANITIZE_FLOAT_CAST = 1 << 15,
+  SANITIZE_BOUNDS = 1 << 16,
   SANITIZE_UNDEFINED = SANITIZE_SHIFT | SANITIZE_DIVIDE | SANITIZE_UNREACHABLE
 		       | SANITIZE_VLA | SANITIZE_NULL | SANITIZE_RETURN
 		       | SANITIZE_SI_OVERFLOW | SANITIZE_BOOL | SANITIZE_ENUM
diff --git a/gcc/gcc.c b/gcc/gcc.c
index 6cd08ea..c0fde8c 100644
--- a/gcc/gcc.c
+++ b/gcc/gcc.c
@@ -779,8 +779,7 @@ proper position among the other output files.  */
 #ifndef SANITIZER_SPEC
 #define SANITIZER_SPEC "\
 %{!nostdlib:%{!nodefaultlibs:%{%:sanitize(address):" LIBASAN_SPEC "\
-    %{static:%ecannot specify -static with -fsanitize=address}\
-    %{%:sanitize(thread):%e-fsanitize=address is incompatible with -fsanitize=thread}}\
+    %{static:%ecannot specify -static with -fsanitize=address}}\
     %{%:sanitize(thread):" LIBTSAN_SPEC "\
     %{!pie:%{!shared:%e-fsanitize=thread linking must be done with -pie or -shared}}}\
     %{%:sanitize(undefined):" LIBUBSAN_SPEC "}\
@@ -8224,7 +8223,9 @@ sanitize_spec_function (int argc, const char **argv)
     return NULL;
 
   if (strcmp (argv[0], "address") == 0)
-    return (flag_sanitize & SANITIZE_ADDRESS) ? "" : NULL;
+    return (flag_sanitize & SANITIZE_USER_ADDRESS) ? "" : NULL;
+  if (strcmp (argv[0], "kernel-address") == 0)
+    return (flag_sanitize & SANITIZE_KERNEL_ADDRESS) ? "" : NULL;
   if (strcmp (argv[0], "thread") == 0)
     return (flag_sanitize & SANITIZE_THREAD) ? "" : NULL;
   if (strcmp (argv[0], "undefined") == 0)
diff --git a/gcc/opts.c b/gcc/opts.c
index 5fed6f0..4b0af82 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -869,6 +869,20 @@ finish_options (struct gcc_options *opts, struct gcc_options *opts_set,
   /* The -gsplit-dwarf option requires -ggnu-pubnames.  */
   if (opts->x_dwarf_split_debug_info)
     opts->x_debug_generate_pub_sections = 2;
+
+  /* Userspace and kernel ASan conflict with each other and with TSan.  */
+
+  if ((flag_sanitize & SANITIZE_USER_ADDRESS)
+      && (flag_sanitize & SANITIZE_KERNEL_ADDRESS))
+    error_at (loc,
+              "-fsanitize=address is incompatible with "
+              "-fsanitize=kernel-address");
+
+  if ((flag_sanitize & SANITIZE_ADDRESS)
+      && (flag_sanitize & SANITIZE_THREAD))
+    error_at (loc,
+              "-fsanitize=address and -fsanitize=kernel-address "
+              "are incompatible with -fsanitize=thread");
 }
 
 #define LEFT_COLUMN	27
@@ -1454,7 +1468,10 @@ common_handle_option (struct gcc_options *opts,
 	      size_t len;
 	    } spec[] =
 	    {
-	      { "address", SANITIZE_ADDRESS, sizeof "address" - 1 },
+	      { "address", SANITIZE_ADDRESS | SANITIZE_USER_ADDRESS,
+		sizeof "address" - 1 },
+	      { "kernel-address", SANITIZE_ADDRESS | SANITIZE_KERNEL_ADDRESS,
+		sizeof "kernel-address" - 1 },
 	      { "thread", SANITIZE_THREAD, sizeof "thread" - 1 },
 	      { "leak", SANITIZE_LEAK, sizeof "leak" - 1 },
 	      { "shift", SANITIZE_SHIFT, sizeof "shift" - 1 },
@@ -1520,6 +1537,25 @@ common_handle_option (struct gcc_options *opts,
 	   the null pointer checks.  */
 	if (flag_sanitize & SANITIZE_NULL)
 	  opts->x_flag_delete_null_pointer_checks = 0;
+
+	/* Kernel ASan implies normal ASan but does not yet support
+	   all features.  */
+	if (flag_sanitize & SANITIZE_KERNEL_ADDRESS)
+	  {
+	    maybe_set_param_value (PARAM_ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_GLOBALS, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_STACK, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	    maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
+				   opts->x_param_values,
+				   opts_set->x_param_values);
+	  }
+
 	break;
       }
 
diff --git a/gcc/toplev.c b/gcc/toplev.c
index 1c9befd..d82244f 100644
--- a/gcc/toplev.c
+++ b/gcc/toplev.c
@@ -1555,9 +1555,18 @@ process_options (void)
     warn_stack_protect = 0;
 
   /* Address Sanitizer needs porting to each target architecture.  */
+
   if ((flag_sanitize & SANITIZE_ADDRESS)
-      && (targetm.asan_shadow_offset == NULL
-	  || !FRAME_GROWS_DOWNWARD))
+      && !FRAME_GROWS_DOWNWARD)
+    {
+      warning (0,
+	       "-fsanitize=address and -fsanitize=kernel-address "
+	       "are not supported for this target");
+      flag_sanitize &= ~SANITIZE_ADDRESS;
+    }
+
+  if ((flag_sanitize & SANITIZE_USER_ADDRESS)
+      && targetm.asan_shadow_offset == NULL)
     {
       warning (0, "-fsanitize=address not supported for this target");
       flag_sanitize &= ~SANITIZE_ADDRESS;

Re: [PATCH][PING] Add support for KernelAddressSanitizer

[Jeff Law]

On 07/30/14 08:34, Yury Gribov wrote:
> On 07/18/2014 05:38 PM, Jakub Jelinek wrote:
>>>> Do you error out on -fsanitize=thread -fsanitize=kernel-address ?
>>>> Perhaps -fsanitize=kernel-address -fsanitize=address should be
>>>> invalid too?
>>>
>>> Yes, all these combinations are invalid.
>>
>> But you don't error out on that.
>
> Ok, fixed.
>
>> Then in sanitize_spec_function supposedly for "address" check
>> SANITIZE_USER_ADDRESS bit, for "kernel-address" added there
>> SANITIZE_KERNEL_ADDRESS, add all the incompatibility diagnostics for
>> the new
>> invalid combinations.
>
> This delayed detection until link phase (and even then was disabled if
> -nostdlib was on)
> so I decided to perform this check in finish_options (after passing
> cmdline options).
>
>> Plus, toplev.c has e.g.:
>
> Fixed as well.
This is fine.  Thanks,
Jeff

Re: [PATCH][PING] Add support for KernelAddressSanitizer

[Yury Gribov]

On 07/31/2014 08:49 AM, Jeff Law wrote:
> This is fine.  Thanks,

Commited in r213367.