From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 70513 invoked by alias); 11 Sep 2019 16:37:39 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 70332 invoked by uid 89); 11 Sep 2019 16:37:39 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-10.7 required=5.0 tests=AWL,BAYES_00,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.1 spammy= X-HELO: FRA01-PR2-obe.outbound.protection.outlook.com Received: from mail-eopbgr120085.outbound.protection.outlook.com (HELO FRA01-PR2-obe.outbound.protection.outlook.com) (40.107.12.85) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 11 Sep 2019 16:37:36 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YtCtTmCc1JP4QjzSzvO8yfYnlPQhEyn+MlSXHKzUo1w=; b=HQf0ugv5l3DGCv7oXTJl9zMopDFqAHPUr967gleyvtXskqPv5b84HdRK9URG6N2i5s/hQM8+sW5CCLa7siBd3irAtjIZMJVGIX/v4apNlWUlirKLOJNuondcjzcrz6yNfLzZwz+aDjH6P/4MKchpIgocHD1aE483Bb9RRm9Uu8g= Received: from DB6PR0801CA0065.eurprd08.prod.outlook.com (2603:10a6:4:2b::33) by PR2PR08MB4860.eurprd08.prod.outlook.com (2603:10a6:101:1c::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Wed, 11 Sep 2019 16:37:31 +0000 Received: from AM5EUR03FT024.eop-EUR03.prod.protection.outlook.com (2a01:111:f400:7e08::202) by DB6PR0801CA0065.outlook.office365.com (2603:10a6:4:2b::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.13 via Frontend Transport; Wed, 11 Sep 2019 16:37:31 +0000 Authentication-Results: spf=temperror (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; gcc.gnu.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;gcc.gnu.org; dmarc=none action=none header.from=arm.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of arm.com: DNS Timeout) Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT024.mail.protection.outlook.com (10.152.16.175) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.14 via Frontend Transport; Wed, 11 Sep 2019 16:37:29 +0000 Received: ("Tessian outbound 8cff886c7edc:v30"); Wed, 11 Sep 2019 16:37:28 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 38d6b2f0d6146073 X-CR-MTA-TID: 64aa7808 Received: from 9e5dfe02ac4c.1 (ip-172-16-0-2.eu-west-1.compute.internal [104.47.6.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com id A852F71F-DDBD-464F-968E-D0127EEBD0AD.1; Wed, 11 Sep 2019 16:37:22 +0000 Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-ve1eur02lp2052.outbound.protection.outlook.com [104.47.6.52]) by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 9e5dfe02ac4c.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 11 Sep 2019 16:37:22 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hHF55PgULoxiHSjYgCW5lxppW2aZDfrKhII04sjCzEMT8zkswqwdmfSoT4hojOlCcrGPtb1wD2nO7G0fzznglbK+wwPdiCC9g8CHXPWIlNzmdvXhVvJUVlpbtZ8awiQZxRyHODZs3yZw+Z6Ge5NUxqDCNsv9CsS5NT9LNcihzO68j5IhvhFsyepSuixl0bhodwL0gsOPJ0/D2CcFWnqk1DTh2caJz44P+hTLFKiTdD1ejdHNSwH6AV1cZK9uYnOHsYH9SA7+1MzvxZipdFTgxEJjIv/zBRMF+AlsaTn0kmNyl8f+lFlVdTcZ4vdl6xPrJF8uIVk8umfvGmVW/W8tNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YtCtTmCc1JP4QjzSzvO8yfYnlPQhEyn+MlSXHKzUo1w=; b=JDPAGeIC5kqemKwM0prrVFKWxXMwRqkauS8Y79nBs9twkayXGTmHoVwqHhWldpjiWA8itRKjcsme2rkig0V0tPQe2NX7CwHrYswQORqRdfmrUnFQ5od8nkjlYOPNcXv6XD0Mx8+NtRrY2GHnjrhLUdjicrGsVyhjzd2Uvg+aTH5PaZZeQAvJyglO/xsvJaR2bOpEkdR6KnZpdghM7p4AHQwmiPmhx/HfjaSbdNXDQaPrAFQgfypkx7HmpgOvbnR6G5N6xcrdzMp5JYdylo9YrzkqrwoXE/aoRpXtj2e8O7rtqe8CF/HvF8IUDXm09kAbkvwxEA4TBPg4wqFqnJH4GA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YtCtTmCc1JP4QjzSzvO8yfYnlPQhEyn+MlSXHKzUo1w=; b=HQf0ugv5l3DGCv7oXTJl9zMopDFqAHPUr967gleyvtXskqPv5b84HdRK9URG6N2i5s/hQM8+sW5CCLa7siBd3irAtjIZMJVGIX/v4apNlWUlirKLOJNuondcjzcrz6yNfLzZwz+aDjH6P/4MKchpIgocHD1aE483Bb9RRm9Uu8g= Received: from VI1PR08MB5471.eurprd08.prod.outlook.com (52.133.246.83) by VI1PR08MB4173.eurprd08.prod.outlook.com (20.178.204.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2263.15; Wed, 11 Sep 2019 16:37:21 +0000 Received: from VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::744e:ba8:d3f9:67e6]) by VI1PR08MB5471.eurprd08.prod.outlook.com ([fe80::744e:ba8:d3f9:67e6%2]) with mapi id 15.20.2263.015; Wed, 11 Sep 2019 16:37:21 +0000 From: Matthew Malcomson To: =?Windows-1252?Q?Martin_Li=9Aka?= , "gcc-patches@gcc.gnu.org" CC: "dodji@redhat.com" , nd , "kcc@google.com" , "jakub@redhat.com" , "dvyukov@google.com" Subject: Re: [Patch 0/X] [WIP][RFC][libsanitizer] Introduce HWASAN to GCC Date: Wed, 11 Sep 2019 16:37:00 -0000 Message-ID: <91529a11-1c59-b9d9-670c-98435bab8611@arm.com> References: <156778058239.16148.17480879484406897649.scripted-patch-series@arm.com> <936e0222-0b05-b4de-7a68-9b91e79a6f76@suse.cz> <8fc78139-481e-6dbc-0996-2cae58627c25@arm.com> <111f6243-834f-9095-274e-f003cf329509@suse.cz> In-Reply-To: <111f6243-834f-9095-274e-f003cf329509@suse.cz> Authentication-Results-Original: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; X-Microsoft-Antispam-Untrusted: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600166)(711020)(4605104)(1401327)(4618075)(2017052603328)(7193020);SRVR:VI1PR08MB4173; X-MS-Exchange-PUrlCount: 4 x-checkrecipientrouted: true x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000; X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(10009020)(4636009)(136003)(346002)(39860400002)(396003)(376002)(366004)(189003)(199004)(229853002)(26005)(3846002)(186003)(31696002)(54906003)(2906002)(31686004)(2501003)(478600001)(14444005)(256004)(36756003)(110136005)(316002)(6116002)(53546011)(14454004)(66066001)(6436002)(66574012)(386003)(6506007)(6486002)(5660300002)(102836004)(966005)(486006)(71200400001)(476003)(66556008)(64756008)(66446008)(2616005)(71190400001)(76176011)(11346002)(52116002)(66946007)(44832011)(86362001)(25786009)(446003)(6512007)(6306002)(99286004)(81156014)(4326008)(81166006)(53936002)(7736002)(305945005)(8676002)(66476007)(6246003)(8936002);DIR:OUT;SFP:1101;SCL:1;SRVR:VI1PR08MB4173;H:VI1PR08MB5471.eurprd08.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Message-Info-Original: e22CdR/glw2FwZ1KF8Xn4KLYfFBlTNXYlpCSxpm9MSXIC50Q5y30cmxf/rBaFyCRF24QK377ytiQ/4aCxLYz7nchuNTSsIE39GKLaC7kxfRQES0EUeiiCsNTbDgTOzebSeaQw49h9uMPujYNt/z6GLOSqEtsx3jiHsdDMIk/W+SJEN+UCxexJFt1QreP0vq+8zn3IEWW3s5Ydw8vnfyWj1KmwmZHlkwE6u3+vXq8MT1DjY1ClVPt7GmbMyBtrWgnZ5o1ASS0IvZwryEGspe/1EAN/Yu5Hc6mWjTvFW3+9tEjTMTh7/enYRGLH+uZ8JISAfLPcJgk62YxwpqiurYlaDabv3ZAcOio3maeQY/WSKi+gYG8KyM8FrmDX8iu6QZOZHvxDO0RUIZiJU5Rs8ZCUZ4KmFm1Ga9Qson6B8rybuw= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="Windows-1252" Content-ID: <003FEECFFCA8594E8F8596ADAD18417F@eurprd08.prod.outlook.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Original-Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Matthew.Malcomson@arm.com; Return-Path: Matthew.Malcomson@arm.com X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT024.eop-EUR03.prod.protection.outlook.com X-MS-Office365-Filtering-Correlation-Id-Prvs: 49f472cc-c6d7-4fa0-5fe0-08d736d65127 X-IsSubscribed: yes X-SW-Source: 2019-09/txt/msg00763.txt.bz2 On 11/09/19 12:53, Martin Li=9Aka wrote: > On 9/9/19 5:54 PM, Matthew Malcomson wrote: >> On 09/09/19 11:47, Martin Li=9Aka wrote: >>> On 9/6/19 4:46 PM, Matthew Malcomson wrote: >>>> Hello, >>>> >> As I understand it, `hwasan-abi=3Dinterceptor` vs `platform` is about >> adding such MTE emulation for "application code" or "platform code (e.g. >> kernel)" respectively. >=20 > Hm, are you sure? Clang also uses -fsanitize=3Dkernel-hwaddress which sho= uld > be equivalent to kernel-address for -fsanitize=3Daddress. >=20 I'm not at all sure it's to do with the kernel ;-} Here's the commit that adds the flag. https://reviews.llvm.org/D56038 From the commit message it seems the point is to distinguish between=20 running on runtimes that natively support HWASAN (named the "platform"=20 abi) and those where functions like malloc and pthread_create have to be=20 intercepted (named the "interceptor" abi). I had assumed that targeting the kernel would be in the "platform"=20 group, but it could easily not be the case. Considering the message form the below commit it seems that this is more=20 targeted at instrumenting things like libc https://reviews.llvm.org/D50922. I'm currently working on writing down the questions I plan to ask the=20 developers of HWASAN in LLVM, I'll put this on the list :-) >> >>> >> There's an even more fundamental problem of accesses within the >> instrumented binary -- I haven't yet figured out how to remove the tag >> before accesses on architectures without the AArch64 TBI feature. >=20 > Which should platforms like x86_64, right? Yes. As yet I haven't gotten anything working for architectures without TBI=20 (everything except AArch64). This particular problem was one I was hoping for suggestions around (my=20 first of the questions in my cover letter). >>>> >>>> The current patch series is far from complete, but I'm posting the cur= rent state >>>> to provide something to discuss at the Cauldron next week. >>>> >>>> In its current state, this sanitizer only works on AArch64 with a cust= om kernel >>>> to allow tagged pointers in system calls. This is discussed in the be= low link >>>> https://source.android.com/devices/tech/debug/hwasan -- the custom ker= nel allows >>>> tagged pointers in syscalls. >>> >>> Can you be please more specific. Is the MTE in upstream linux kernel? I= f so, >>> starting from which version? >> >> I find I can only make complicated statements remotely clear in bullet >> points ;-) >> >> What I was trying to say was: >> - HWASAN from this patch series requires AArch64 TBI. >> (I have not handled architectures without TBI) >> - The upstream kernel does not accept tagged pointers in syscalls. >> (programs that use TBI must currently clear tags before passing >> pointers to the kernel) >=20 > I know that in case of ASAN, the libasan provides wrappers (interceptors)= for various glibc > functions that are often system calls. Similar wrappers are probably used= in HWASAN > and so that one can create the memory pointer tags. >=20 >> - This patch series doesn't include any way to avoid passing tagged >> pointers to syscalls. >=20 > I bet LLVM has the same problem so I would expect a handling in the inter= ceptors. >=20 I'm pretty sure this problem hasn't been solved with interceptors. The android page describing hwasan specifically mentions the requirement=20 of a Linux kernel accepting tagged pointers, and I believe this is the=20 most supported environment. https://source.android.com/devices/tech/debug/hwasan "HWASan requires the Linux kernel to accept tagged pointers in system=20 call arguments." Also, there are surprisingly few interceptors defined in libhwasan. Thanks, Matthew >> - Hence on order to test the sanitizer I'm using a kernel that has been >> patched to accept tagged pointers in many syscalls. >> - The link to the android.com site is just another source describing the >> same requirement. >> >> >> The support for the relaxed ABI (of accepting tagged pointers in various >> syscalls in the kernel) is being discussed on the kernel mailing list, >> the latest patchset I know of is here: >> https://lkml.org/lkml/2019/7/25/725 >=20 > Thanks for pointer. >=20