Re: NULL pointer arithmetic issues

2020-02-22 Thread Kamil Rytarowski 
On 22.02.2020 19:39, Joerg Sonnenberger wrote:
> On Sat, Feb 22, 2020 at 05:25:42PM +0100, Kamil Rytarowski wrote:
>> When running the ATF tests under MKLIBCSANITIZER [1], there are many
>> NULL pointer arithmetic issues .
> 
> Which flags are the sanitizers using? Because I wouldn't be surprised if
> they just hit _PSLIST_VALIDATE_PTRS and friends.
> 
> Joerg
> 

This patch did not help. I double checked that this branch is really taken.

Index: sys/sys/pslist.h
===
RCS file: /cvsroot/src/sys/sys/pslist.h,v
retrieving revision 1.7
diff -u -r1.7 pslist.h
--- sys/sys/pslist.h1 Dec 2019 15:28:19 -   1.7
+++ sys/sys/pslist.h22 Feb 2020 20:51:42 -
@@ -32,6 +32,7 @@
 #ifndef_SYS_PSLIST_H
 #define_SYS_PSLIST_H

+#include 
 #include 
 #include 

@@ -288,7 +289,9 @@
  * Type-safe macros for convenience.
  */

-#if defined(__COVERITY__) || defined(__LGTM_BOT__)
+#if defined(__COVERITY__) || defined(__LGTM_BOT__) || \
+   __has_feature(undefined_behavior_sanitizer) || \
+   defined(__SANITIZE_UNDEFINED__)
 #define_PSLIST_VALIDATE_PTRS(P, Q) 0
 #define_PSLIST_VALIDATE_CONTAINER(P, T, F) 0
 #else



signature.asc
Description: OpenPGP digital signature

Re: NULL pointer arithmetic issues

2020-02-22 Thread Joerg Sonnenberger 
On Sat, Feb 22, 2020 at 05:25:42PM +0100, Kamil Rytarowski wrote:
> When running the ATF tests under MKLIBCSANITIZER [1], there are many
> NULL pointer arithmetic issues .

Which flags are the sanitizers using? Because I wouldn't be surprised if
they just hit _PSLIST_VALIDATE_PTRS and friends.

Joerg

NULL pointer arithmetic issues

2020-02-22 Thread Kamil Rytarowski 
When running the ATF tests under MKLIBCSANITIZER [1], there are many
NULL pointer arithmetic issues .

http://netbsd.org/~kamil/mksanitizer-reports/ubsan-2020-02-22-null-pointer.txt

These issues are in macros like:
 - IN_ADDRHASH_READER_FOREACH()
 - IN_ADDRLIST_WRITER_INSERT_TAIL()
 - IFADDR_READER_FOREACH()
 - etc

These macros wrap internally pserialize-safe linked lists.

What's the proper approach to address this issue?

These reports are responsible for around half of all kinds of the
remaining Undefined Behavior unique issues when executing ATF tests.


[1] ./build.sh -N0 -U -V MAKECONF=/dev/null -V HAVE_LLVM=yes -V MKGCC=no
-V MKLLVM=yes -V MKLIBCSANITIZER=yes -j8 -u -O /public/netbsd-llvm
distribution





signature.asc
Description: OpenPGP digital signature

Re: fault(4)

2020-02-22 Thread Kamil Rytarowski 
On 08.02.2020 11:47, Maxime Villard wrote:
>
> Running ATF with kASan+LOCKDEBUG+fault with {N=32 scope=GLOBAL} already
> gives
> an instant crash:
>
> kernel diagnostic assertion "radix_tree_empty_tree_p(>pm_pvtree)"
> failed: file ".../sys/arch/x86/x86/pmap.c"
>

There is a number of similar reports on syzbot.

> Looks like radixtree.c doesn't handle allocation failures very well
> somewhere.
>
> fault(4) seems like the kind of feature that would be useful for
> stress-testing
> and fuzzing. As you can see in the diff, its code is extremely simple.
>
> Maxime
>
> [1] https://m00nbsd.net/garbage/fault/fault.diff

This tool is a must have but I defer review to others.