Re: Auxiliary header and macros for sanitizers in userland programs

To: tech-userlevel%netbsd.org@localhost
Subject: Re: Auxiliary header and macros for sanitizers in userland programs
From: Kamil Rytarowski <n54%gmx.com@localhost>
Date: Wed, 6 Jun 2018 11:23:16 +0200

On 06.06.2018 10:50, Valery Ushakov wrote:
> On Wed, Jun 06, 2018 at 09:09:17 +0200, Kamil Rytarowski wrote:
> 
>>>>> So the issue is that libc is compiled without sanitizer and
>>>>> allocations done inside libc are not known to a sanitizer?  For libc
>>>>> functions that return allocated memory I guess you mark it in the
>>>>> sanitizer's interposed wrapper ("interceptor"?), but in the case of
>>>>> callbacks there is no interceptor between libc and the callback to do
>>>>> that.  Is that about right?
>>>>
>>> [...]
>>>> but in general the sanitizers have no
>>>> information what happens inside libc, treating it as a blackbox.
>>>>
>>> [...]
>>>>
>>>> Interceptos mostly have rules of type PreRead/PostRead and
>>>> PreWrite/PostWrite arguments passed to functions in libc (pthread, ..).
>>>> In the MSan case during PreWrite there is a check whether arguments
>>>> passed to a function are properly initialized, and in PostRead phase
>>>> mark the buffers as initialized.
>>>>
>>>> In the fts_open(3) case there is no stage between the time of being
>>>> aware about initialzed (not just allocated) FTSENT buffers and executing
>>>> callback function that already needs this information. In this case,
>>>> there is need to help to Memory Sanitizer with explicit __msan_unpoison().
>>>
>>> It sounds like sanitizers must use run-time generated closures or
>>> compile-time generated auxiliary functions to wrap libc callbacks.
>>> I.e. when code calls fts_open(..., compare); the sanitizer must
>>> generate code to call fts_open(..., sanitize_compare); where
>>> sanitize_compare does the pre/post checks around a call to the real
>>> compare.
>>
>> Generating runtime wrapper code for compare isn't that simple, and doing
>> it in a portable across CPUs in C/asm is difficult (if possible).
> 
> It doesn't have to be run-time.  Since sanitizer is part of the
> compiler, it can generate a new instance for every callback.
> 
> It's like they are not even trying...
> 

I see, I haven't been investigating a solution on the level of code
generation.

I will keep the __msan_unpoision() patch locally and put research of
this in my TODO list.

> -uwe
>

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- Auxiliary header and macros for sanitizers in userland programs
  - From: Kamil Rytarowski
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Valery Ushakov
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Kamil Rytarowski
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Valery Ushakov
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Kamil Rytarowski
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Valery Ushakov
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Kamil Rytarowski
- Re: Auxiliary header and macros for sanitizers in userland programs
  - From: Valery Ushakov

Prev by Date: Re: Auxiliary header and macros for sanitizers in userland programs
Next by Date: hebrew charset encoding iso-8859-8-i
Previous by Thread: Re: Auxiliary header and macros for sanitizers in userland programs
Next by Thread: hebrew charset encoding iso-8859-8-i
Indexes:

Home | Main Index | Thread Index | Old Index