From: Andrew Pinski <pinskia@gmail.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: Yuri Gribov <tetra2005@gmail.com>,
Florian Weimer <fw@deneb.enyo.de>,
Maxim Ostapenko <m.ostapenko@samsung.com>,
GNU C Library <libc-alpha@sourceware.org>,
Kostya Serebryany <kcc@google.com>
Subject: Re: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time.
Date: Thu, 29 Sep 2016 10:52:00 -0000 [thread overview]
Message-ID: <CA+=Sn1mj83AL=XKinTbJDwOEEVReVFWTsbprKuVVMbsu=OdA7w@mail.gmail.com> (raw)
In-Reply-To: <20160929104408.GR7282@tucnak.redhat.com>
On Thu, Sep 29, 2016 at 6:44 PM, Jakub Jelinek <jakub@redhat.com> wrote:
> On Thu, Sep 29, 2016 at 11:32:19AM +0100, Yuri Gribov wrote:
>> > Ugh, so you want to slow down the performance critical common path of some
>> > of the most often used functions just to avoid adding small code to the
>> > sanitizers and valgrind?
>>
>> Well, I think it's not just ASan and valgrind but rather all (or most
>> of) dynamic instrumentation tools (TSan, MSan, dmalloc, etc.). We
>> suggest to handle forwarding in one place rather than ask all tools
>> developers to re-implement it.
>
> ASan/TSan/MSan can all share the same implementation, like they share
> various other wrappers. And the needs of the different tools are so
> different that adding a preload DSO that just ignores it will not help at
> all, usually you really don't want to ignore it, but complain using your
> tools diagnostic framework, for that you need to know what argument is
> objsz, against what it is compared (some other argument, strlen of some
> argument, something else) etc.
Plus the other argument doing it not in glibc is that some distros are
not going to support this until much later so it will be still broken
on those. Plus what about FreeBSD, etc.
>
>> > Why? There are not many of the __*_chk entrypoints, and it is fairly easy
>> > to handle them.
>>
>> I can only access 2.12 now (yeah...) but it has 90+ *_chk APIs. Surely
>> not all are necessary but that's still a lot of new interceptors.
>
> So what? In most cases with sufficient macros you'll need just one or three
> lines for each. Basically return type, function name, arguments and their
> types, how they map to the underlying non-fortified fn, what is the objsz
> argument and against what it is compared.
> BTW, I only count 80 on my box with glibc 2.21:
> nm -D /lib64/libc.so.6 | awk '/_chk/{print $3}' | sort -u | wc -l
And for 2.23 on ARM64 I get only 81 (well 80 if you don't count
__chk_fail which the above command still counts).
In one year none was added.
Thanks,
Andrew Pinski
>
>> > E.g. asan has hundreds to thousands of wrappers, and most
>> > of the *_chk entrypoints could be easily macrofied and the tool (asan,
>> > valgrind) can then decide what it prefers to do with them (ignore the __bos
>> > supplied argument, or add another diagnostics for the UB, etc.).
>>
>> It's not just about implementing them but also synchronizing when
>> Glibc adds new fortified implementations or changes their interfaces.
>
> It adds them very rarely, and never changes, it has to maintain the ABI.
>
> Jakub
next prev parent reply other threads:[~2016-09-29 10:52 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-05 17:27 Maxim Ostapenko
2016-09-05 19:48 ` Andrew Pinski
2016-09-06 8:39 ` Florian Weimer
2016-09-06 8:58 ` Yuri Gribov
2016-09-06 9:13 ` Florian Weimer
2016-09-06 9:20 ` Yuri Gribov
2016-09-06 9:51 ` Florian Weimer
2016-09-09 22:35 ` Kostya Serebryany
[not found] ` <CAN=P9phe_OP+tU+nnDDPEeZCR77w2ddrSX+LtSnx2-42p9JgUg@mail.gmail.com>
2016-09-12 9:36 ` Florian Weimer
2016-09-06 9:16 ` Maxim Ostapenko
2016-09-06 9:44 ` Florian Weimer
2016-09-09 22:36 ` Kostya Serebryany
2016-09-12 9:31 ` Florian Weimer
2016-09-12 18:54 ` Kostya Serebryany
2016-09-17 9:00 ` Yuri Gribov
2016-09-29 8:08 ` Florian Weimer
2016-09-29 9:47 ` Yuri Gribov
2016-09-29 10:04 ` Jakub Jelinek
2016-09-29 10:32 ` Yuri Gribov
2016-09-29 10:44 ` Jakub Jelinek
2016-09-29 10:52 ` Andrew Pinski [this message]
2016-09-29 21:23 ` Kostya Serebryany
2016-10-01 21:38 ` Andrew Pinski
2016-10-01 21:50 ` Jakub Jelinek
2016-10-02 7:51 ` Florian Weimer
2016-10-02 9:40 ` Jakub Jelinek
2016-10-02 9:43 ` Florian Weimer
2016-10-02 14:02 ` Yuri Gribov
2016-10-04 0:53 ` Kostya Serebryany
2016-10-04 6:46 ` Jakub Jelinek
2016-10-04 12:15 ` fortification and valgrind/memcheck (Was: [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify@the same time) Mark Wielaard
2016-10-05 11:49 ` Florian Weimer
2016-10-05 12:02 ` Mark Wielaard
2016-10-05 14:27 ` [PATCH BZ#20422] Do not allow asan/msan/tsan and fortify at the same time Florian Weimer
2016-10-05 15:46 ` Maxim Ostapenko
2016-10-05 16:01 ` Kostya Serebryany
2016-10-05 16:01 ` Maxim Ostapenko
2016-10-05 16:06 ` Zack Weinberg
2016-10-05 16:11 ` Kostya Serebryany
2016-10-05 16:46 ` Zack Weinberg
2016-10-05 17:58 ` Yuri Gribov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+=Sn1mj83AL=XKinTbJDwOEEVReVFWTsbprKuVVMbsu=OdA7w@mail.gmail.com' \
--to=pinskia@gmail.com \
--cc=fw@deneb.enyo.de \
--cc=jakub@redhat.com \
--cc=kcc@google.com \
--cc=libc-alpha@sourceware.org \
--cc=m.ostapenko@samsung.com \
--cc=tetra2005@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).