Re: [PATCH][ASAN] Switch off by default allocas/VLA sanitization for KASAN

2017-07-06 Thread Jakub Jelinek 
On Thu, Jul 06, 2017 at 04:31:49PM +0300, Maxim Ostapenko wrote:
> Hi,
> 
> since kernel doesn't support __asan_alloca_poison and
> __asan_allocas_unpoison runtime calls so far, the allocas/VLAs sanitization
> patch (https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00258.html) will break
> KASan builds.
> So it was decided to introduce an option --param asan-instrument-allocas=0/1
> (on by default for userspace and off for kernel) to avoid the issue.
> 
> Tested on x86_64-unknown-linux-gnu, OK after
> https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00258.html will be applied?
> 
> -Maxim

> gcc/ChangeLog:
> 
> 2017-07-06  Maxim Ostapenko  
> 
>   * asan.h (asan_sanitize_allocas_p): Declare.
>   * asan.c (asan_sanitize_allocas_p): New function.
>   (handle_builtin_stack_restore): Bail out if !asan_sanitize_allocas_p.
>   (handle_builtin_alloca): Likewise.
>   * cfgexpand.c (expand_used_vars): Do not add allocas unpoisoning stuff
>   if !asan_sanitize_allocas_p.
>   * params.def (asan-instrument-allocas): Add new option.
>   * params.h (ASAN_PROTECT_ALLOCAS): Define.
>   * opts.c (common_handle_option): Disable allocas sanitization for
>   KASan by default.
> 
> gcc/testsuite/ChangeLog:
> 
> 2017-07-06  Maxim Ostapenko  
> 
>c-c++-common/asan/kasan-alloca-1.c: New test.
>c-c++-common/asan/kasan-alloca-2.c: Likewise.

Ok.
Jakub

[PATCH][ASAN] Switch off by default allocas/VLA sanitization for KASAN

2017-07-06 Thread Maxim Ostapenko 

Hi,

since kernel doesn't support __asan_alloca_poison and 
__asan_allocas_unpoison runtime calls so far, the allocas/VLAs 
sanitization patch 
(https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00258.html) will break 
KASan builds.
So it was decided to introduce an option --param 
asan-instrument-allocas=0/1 (on by default for userspace and off for 
kernel) to avoid the issue.


Tested on x86_64-unknown-linux-gnu, OK after 
https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00258.html will be applied?


-Maxim
gcc/ChangeLog:

2017-07-06  Maxim Ostapenko  

	* asan.h (asan_sanitize_allocas_p): Declare.
	* asan.c (asan_sanitize_allocas_p): New function.
	(handle_builtin_stack_restore): Bail out if !asan_sanitize_allocas_p.
	(handle_builtin_alloca): Likewise.
	* cfgexpand.c (expand_used_vars): Do not add allocas unpoisoning stuff
	if !asan_sanitize_allocas_p.
	* params.def (asan-instrument-allocas): Add new option.
	* params.h (ASAN_PROTECT_ALLOCAS): Define.
	* opts.c (common_handle_option): Disable allocas sanitization for
	KASan by default.

gcc/testsuite/ChangeLog:

2017-07-06  Maxim Ostapenko  

	 c-c++-common/asan/kasan-alloca-1.c: New test.
	 c-c++-common/asan/kasan-alloca-2.c: Likewise.

diff --git a/gcc/asan.c b/gcc/asan.c
index 3ec7341..5b93bfc 100644
--- a/gcc/asan.c
+++ b/gcc/asan.c
@@ -310,6 +310,12 @@ asan_sanitize_stack_p (void)
   return (sanitize_flags_p (SANITIZE_ADDRESS) && ASAN_STACK);
 }
 
+bool
+asan_sanitize_allocas_p (void)
+{
+  return (asan_sanitize_stack_p () && ASAN_PROTECT_ALLOCAS);
+}
+
 /* Checks whether section SEC should be sanitized.  */
 
 static bool
@@ -569,7 +575,7 @@ get_last_alloca_addr ()
 static void
 handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter)
 {
-  if (!iter)
+  if (!iter || !asan_sanitize_allocas_p ())
 return;
 
   tree last_alloca = get_last_alloca_addr ();
@@ -607,7 +613,7 @@ handle_builtin_stack_restore (gcall *call, gimple_stmt_iterator *iter)
 static void
 handle_builtin_alloca (gcall *call, gimple_stmt_iterator *iter)
 {
-  if (!iter)
+  if (!iter || !asan_sanitize_allocas_p ())
 return;
 
   gassign *g;
diff --git a/gcc/asan.h b/gcc/asan.h
index 4e8120e..c82d4d9 100644
--- a/gcc/asan.h
+++ b/gcc/asan.h
@@ -108,6 +108,8 @@ extern void set_sanitized_sections (const char *);
 
 extern bool asan_sanitize_stack_p (void);
 
+extern bool asan_sanitize_allocas_p (void);
+
 /* Return TRUE if builtin with given FCODE will be intercepted by
libasan.  */
 
diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c
index a6e4ef0..11bd604 100644
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@@ -2241,7 +2241,7 @@ expand_used_vars (void)
   expand_stack_vars (NULL, &data);
 }
 
-  if ((flag_sanitize & SANITIZE_ADDRESS) && cfun->calls_alloca)
+  if (asan_sanitize_allocas_p () && cfun->calls_alloca)
 var_end_seq = asan_emit_allocas_unpoison (virtual_stack_dynamic_rtx,
 	  virtual_stack_vars_rtx,
 	  var_end_seq);
diff --git a/gcc/opts.c b/gcc/opts.c
index 7460c2b..7555ed5 100644
--- a/gcc/opts.c
+++ b/gcc/opts.c
@@ -1909,6 +1909,9 @@ common_handle_option (struct gcc_options *opts,
  opts_set->x_param_values);
 	  maybe_set_param_value (PARAM_ASAN_STACK, 0, opts->x_param_values,
  opts_set->x_param_values);
+	  maybe_set_param_value (PARAM_ASAN_PROTECT_ALLOCAS, 0,
+ opts->x_param_values,
+ opts_set->x_param_values);
 	  maybe_set_param_value (PARAM_ASAN_USE_AFTER_RETURN, 0,
  opts->x_param_values,
  opts_set->x_param_values);
diff --git a/gcc/params.def b/gcc/params.def
index 6b07518..805302b 100644
--- a/gcc/params.def
+++ b/gcc/params.def
@@ -1142,6 +1142,11 @@ DEFPARAM (PARAM_ASAN_STACK,
  "Enable asan stack protection.",
  1, 0, 1)
 
+DEFPARAM (PARAM_ASAN_PROTECT_ALLOCAS,
+	"asan-instrument-allocas",
+	"Enable asan allocas/VLAs protection.",
+	1, 0, 1)
+
 DEFPARAM (PARAM_ASAN_GLOBALS,
  "asan-globals",
  "Enable asan globals protection.",
diff --git a/gcc/params.h b/gcc/params.h
index 8b91660..2188e18 100644
--- a/gcc/params.h
+++ b/gcc/params.h
@@ -232,6 +232,8 @@ extern void init_param_values (int *params);
   PARAM_VALUE (PARAM_ALLOW_PACKED_STORE_DATA_RACES)
 #define ASAN_STACK \
   PARAM_VALUE (PARAM_ASAN_STACK)
+#define ASAN_PROTECT_ALLOCAS \
+  PARAM_VALUE (PARAM_ASAN_PROTECT_ALLOCAS)
 #define ASAN_GLOBALS \
   PARAM_VALUE (PARAM_ASAN_GLOBALS)
 #define ASAN_INSTRUMENT_READS \
diff --git a/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c b/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c
new file mode 100644
index 000..518d190
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/asan/kasan-alloca-1.c
@@ -0,0 +1,11 @@
+/* { dg-do compile } */
+/* { dg-options "-fno-sanitize=address -fsanitize=kernel-address -fdump-tree-sanopt" } */
+/* { dg-skip-if "" { *-*-* } { "*" } { "-O0" } } */
+
+void foo(int index, int len) {
+  char str[len];
+  str[index] = '1'; // BOOM
+}
+
+/* { dg-final { scan-tree-dump-not "__builtin___asan_alloca_poison" "sanopt" } } */
+/* { dg-final { sc