[PATCH v2 00/10] Add initial support for -fsanitize={ubsan,asan}

[PATCH v2 00/10] Add initial support for -fsanitize={ubsan,asan}

[Ahmad Fatoum]

This series adds undefined behavior and address sanitizer support to
barebox. Both are fully functional on sandbox, where they are also used
to implement dump_stack() now.

I haven't yet read about how Kernel AddressSanitizer works, so this one
only works on sandbox via libasan for now.

The undefined behavior sanitizer depends on the compiler instrumenting
potential pitfalls and then calling the routines in lib/ubsan.c if it
catches something undefined, so that should readily work on other arches
as well. I tested it on sandbox and the i.MX6Q so far.

Eventually, it should be possible to enable it for all the non-PBL stuff
with a single Kconfig option, but for now you need to explicitly add a

	UBSAN_SANITIZE_myfile.o := y

in the respective Makefile. Enabling it wholesale doesn't yet work on
ARM, I suspect it might be due to binary size.

Changes in v2:
	v1 was incomplete and sent our more by mistake,
	so no changelog.

Ahmad Fatoum (10):
  Kconfig: create Kconfig symbol for ARCH_HAS_STACK_DUMP
  Kconfig: create Kconfig symbol for ARCH_HAS_DATA_ABORT_MASK
  blackfin: delete unused <asm/barebox.h> definitions
  Kconfig: retire empty <asm/barebox.h>
  lib: add HAVE_EFFICIENT_UNALIGNED_ACCESS Kconfig option
  common: add generic CONFIG_UBSAN plumbing
  commands: add intentionally UB triggering ubsan command
  sandbox: use sanitizer unwind for dump_stack if available
  common: add generic CONFIG_KASAN option
  sandbox: support Address and UndefinedBehavior sanitizers

 Makefile                            |   4 +
 arch/arm/Kconfig                    |   2 +
 arch/arm/cpu/Kconfig                |   1 +
 arch/arm/include/asm/barebox.h      |  16 -
 arch/blackfin/include/asm/barebox.h |  43 ---
 arch/mips/Kconfig                   |   1 +
 arch/mips/include/asm/barebox.h     |   8 -
 arch/nios2/include/asm/barebox.h    |   4 -
 arch/openrisc/include/asm/barebox.h |   4 -
 arch/ppc/include/asm/barebox.h      |  27 --
 arch/ppc/include/asm/common.h       |   2 -
 arch/riscv/include/asm/barebox.h    |   1 -
 arch/sandbox/Kconfig                |   8 +
 arch/sandbox/Makefile               |  14 +-
 arch/sandbox/include/asm/barebox.h  |   1 -
 arch/sandbox/lib/Makefile           |   1 +
 arch/sandbox/lib/unwind.c           |  11 +
 arch/x86/include/asm/barebox.h      |  17 --
 commands/Kconfig                    |   7 +
 commands/Makefile                   |   3 +
 commands/ubsan.c                    | 152 ++++++++++
 common/Kconfig                      |  12 +
 include/abort.h                     |   4 +-
 include/common.h                    |   4 +-
 lib/Kconfig                         |   9 +
 lib/Kconfig.ubsan                   |  35 +++
 lib/Makefile                        |   2 +
 lib/ubsan.c                         | 442 ++++++++++++++++++++++++++++
 lib/ubsan.h                         |  89 ++++++
 scripts/Makefile.lib                |   8 +
 scripts/Makefile.ubsan              |  19 ++
 31 files changed, 820 insertions(+), 131 deletions(-)
 delete mode 100644 arch/arm/include/asm/barebox.h
 delete mode 100644 arch/blackfin/include/asm/barebox.h
 delete mode 100644 arch/mips/include/asm/barebox.h
 delete mode 100644 arch/nios2/include/asm/barebox.h
 delete mode 100644 arch/openrisc/include/asm/barebox.h
 delete mode 100644 arch/ppc/include/asm/barebox.h
 delete mode 100644 arch/riscv/include/asm/barebox.h
 delete mode 100644 arch/sandbox/include/asm/barebox.h
 create mode 100644 arch/sandbox/lib/Makefile
 create mode 100644 arch/sandbox/lib/unwind.c
 delete mode 100644 arch/x86/include/asm/barebox.h
 create mode 100644 commands/ubsan.c
 create mode 100644 lib/Kconfig.ubsan
 create mode 100644 lib/ubsan.c
 create mode 100644 lib/ubsan.h
 create mode 100644 scripts/Makefile.ubsan

-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 01/10] Kconfig: create Kconfig symbol for ARCH_HAS_STACK_DUMP

[Ahmad Fatoum]

Other arch-specific features are exposed in Kconfig too, so do here
likewise.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/arm/Kconfig               | 1 +
 arch/arm/cpu/Kconfig           | 1 +
 arch/arm/include/asm/barebox.h | 8 --------
 include/common.h               | 2 +-
 lib/Kconfig                    | 3 +++
 5 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 931a16599f46..95ec2d9079ca 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -423,6 +423,7 @@ config ARM_EXCEPTIONS
 config ARM_UNWIND
 	bool "enable stack unwinding support"
 	depends on AEABI
+	select ARCH_HAS_STACK_DUMP
 	help
 	  This option enables stack unwinding support in barebox
 	  using the information automatically generated by the
diff --git a/arch/arm/cpu/Kconfig b/arch/arm/cpu/Kconfig
index f8abbccfca62..6b4fed526988 100644
--- a/arch/arm/cpu/Kconfig
+++ b/arch/arm/cpu/Kconfig
@@ -87,6 +87,7 @@ config CPU_V8
 	select CPU_SUPPORTS_64BIT_KERNEL
 	select ARM_EXCEPTIONS
 	select GENERIC_FIND_NEXT_BIT
+	select ARCH_HAS_STACK_DUMP
 
 config CPU_XSC3
         bool
diff --git a/arch/arm/include/asm/barebox.h b/arch/arm/include/asm/barebox.h
index 4e89466593be..38d3a0943e18 100644
--- a/arch/arm/include/asm/barebox.h
+++ b/arch/arm/include/asm/barebox.h
@@ -1,14 +1,6 @@
 #ifndef _BAREBOX_H_
 #define _BAREBOX_H_	1
 
-#ifdef CONFIG_ARM_UNWIND
-#define ARCH_HAS_STACK_DUMP
-#endif
-
-#ifdef CONFIG_CPU_V8
-#define ARCH_HAS_STACK_DUMP
-#endif
-
 #ifdef CONFIG_ARM_EXCEPTIONS
 #define ARCH_HAS_DATA_ABORT_MASK
 #endif
diff --git a/include/common.h b/include/common.h
index 8cc8e14fb7fc..ebb2ecef5c2a 100644
--- a/include/common.h
+++ b/include/common.h
@@ -72,7 +72,7 @@ int ctrlc(void);
 int arch_ctrlc(void);
 void ctrlc_handled(void);
 
-#ifdef ARCH_HAS_STACK_DUMP
+#ifdef CONFIG_ARCH_HAS_STACK_DUMP
 void dump_stack(void);
 #else
 static inline void dump_stack(void)
diff --git a/lib/Kconfig b/lib/Kconfig
index f75eba922085..53289e696509 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -165,4 +165,7 @@ config BLOBGEN
 	select BASE64
 	bool "include blob encode/decode support"
 
+config ARCH_HAS_STACK_DUMP
+	bool
+
 endmenu
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 02/10] Kconfig: create Kconfig symbol for ARCH_HAS_DATA_ABORT_MASK

[Ahmad Fatoum]

Other arch-specific features are exposed in Kconfig too, so do here
likewise.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/arm/Kconfig                | 1 +
 arch/arm/include/asm/barebox.h  | 4 ----
 arch/mips/Kconfig               | 1 +
 arch/mips/include/asm/barebox.h | 2 --
 include/abort.h                 | 2 +-
 lib/Kconfig                     | 3 +++
 6 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 95ec2d9079ca..b227bb78b64f 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -417,6 +417,7 @@ config ARM_OPTIMZED_STRING_FUNCTIONS
 	  increase your binary size.
 
 config ARM_EXCEPTIONS
+	select ARCH_HAS_DATA_ABORT_MASK
 	bool "enable arm exception handling support"
 	default y
 
diff --git a/arch/arm/include/asm/barebox.h b/arch/arm/include/asm/barebox.h
index 38d3a0943e18..c1b56432ccfc 100644
--- a/arch/arm/include/asm/barebox.h
+++ b/arch/arm/include/asm/barebox.h
@@ -1,8 +1,4 @@
 #ifndef _BAREBOX_H_
 #define _BAREBOX_H_	1
 
-#ifdef CONFIG_ARM_EXCEPTIONS
-#define ARCH_HAS_DATA_ABORT_MASK
-#endif
-
 #endif	/* _BAREBOX_H_ */
diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 728295d486a6..1395ad4c6f01 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
@@ -10,6 +10,7 @@ config MIPS
 	select HAVE_CONFIGURABLE_TEXT_BASE
 	select HAVE_PBL_MULTI_IMAGES
 	select HAS_DMA
+	select ARCH_HAS_DATA_ABORT_MASK
 	select ELF
 	default y
 
diff --git a/arch/mips/include/asm/barebox.h b/arch/mips/include/asm/barebox.h
index 2d13ee932f20..4c68e3f8354d 100644
--- a/arch/mips/include/asm/barebox.h
+++ b/arch/mips/include/asm/barebox.h
@@ -3,6 +3,4 @@
 #ifndef _ASM_MIPS_BAREBOX_H_
 #define _ASM_MIPS_BAREBOX_H_
 
-#define ARCH_HAS_DATA_ABORT_MASK
-
 #endif /* _ASM_MIPS_BAREBOX_H_ */
diff --git a/include/abort.h b/include/abort.h
index 326467c25f70..3eb7986f41c4 100644
--- a/include/abort.h
+++ b/include/abort.h
@@ -3,7 +3,7 @@
 
 #include <asm/barebox.h>
 
-#if defined ARCH_HAS_DATA_ABORT_MASK && !defined __PBL__
+#if defined CONFIG_ARCH_HAS_DATA_ABORT_MASK && !defined __PBL__
 
 /*
  * data_abort_mask - ignore data aborts
diff --git a/lib/Kconfig b/lib/Kconfig
index 53289e696509..b64885ac93ef 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -168,4 +168,7 @@ config BLOBGEN
 config ARCH_HAS_STACK_DUMP
 	bool
 
+config ARCH_HAS_DATA_ABORT_MASK
+	bool
+
 endmenu
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 03/10] blackfin: delete unused <asm/barebox.h> definitions

[Ahmad Fatoum]

The file currently defines struct bd_info, bd_t, bi_env_data and bi_env_crc,
no of which is used anywhere. Delete them in preparation for getting rid
of <asm/barebox.h> altogether.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/blackfin/include/asm/barebox.h | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/arch/blackfin/include/asm/barebox.h b/arch/blackfin/include/asm/barebox.h
index 2684f60a5ffe..4b1898270a6c 100644
--- a/arch/blackfin/include/asm/barebox.h
+++ b/arch/blackfin/include/asm/barebox.h
@@ -1,6 +1,4 @@
 /*
- * barebox - barebox.h Structure declarations for board specific data
- *
  * Copyright (c) 2005 blackfin.uclinux.org
  *
  * (C) Copyright 2000-2004
@@ -24,20 +22,4 @@
 #ifndef _BAREBOX_H_
 #define _BAREBOX_H_	1
 
-typedef struct bd_info {
-	int bi_baudrate;		/* serial console baudrate */
-	unsigned long bi_ip_addr;	/* IP Address */
-	unsigned char bi_enetaddr[6];	/* Ethernet adress */
-	unsigned long bi_arch_number;	/* unique id for this board */
-	unsigned long bi_boot_params;	/* where this board expects params */
-	unsigned long bi_memstart;	/* start of DRAM memory */
-	unsigned long bi_memsize;	/* size  of DRAM memory in bytes */
-	unsigned long bi_flashstart;	/* start of FLASH memory */
-	unsigned long bi_flashsize;	/* size  of FLASH memory */
-	unsigned long bi_flashoffset;	/* reserved area for startup monitor */
-} bd_t;
-
-#define bi_env_data bi_env->data
-#define bi_env_crc  bi_env->crc
-
 #endif	/* _BAREBOX_H_ */
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 04/10] Kconfig: retire empty <asm/barebox.h>

[Ahmad Fatoum]

With the latest changes, this file is empty on all archs. Drop it.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/arm/include/asm/barebox.h      |  4 ----
 arch/blackfin/include/asm/barebox.h | 25 -------------------------
 arch/mips/include/asm/barebox.h     |  6 ------
 arch/nios2/include/asm/barebox.h    |  4 ----
 arch/openrisc/include/asm/barebox.h |  4 ----
 arch/ppc/include/asm/barebox.h      | 27 ---------------------------
 arch/ppc/include/asm/common.h       |  2 --
 arch/riscv/include/asm/barebox.h    |  1 -
 arch/sandbox/include/asm/barebox.h  |  1 -
 arch/x86/include/asm/barebox.h      | 17 -----------------
 include/abort.h                     |  2 --
 include/common.h                    |  2 --
 12 files changed, 95 deletions(-)
 delete mode 100644 arch/arm/include/asm/barebox.h
 delete mode 100644 arch/blackfin/include/asm/barebox.h
 delete mode 100644 arch/mips/include/asm/barebox.h
 delete mode 100644 arch/nios2/include/asm/barebox.h
 delete mode 100644 arch/openrisc/include/asm/barebox.h
 delete mode 100644 arch/ppc/include/asm/barebox.h
 delete mode 100644 arch/riscv/include/asm/barebox.h
 delete mode 100644 arch/sandbox/include/asm/barebox.h
 delete mode 100644 arch/x86/include/asm/barebox.h

diff --git a/arch/arm/include/asm/barebox.h b/arch/arm/include/asm/barebox.h
deleted file mode 100644
index c1b56432ccfc..000000000000
--- a/arch/arm/include/asm/barebox.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#ifndef _BAREBOX_H_
-#define _BAREBOX_H_	1
-
-#endif	/* _BAREBOX_H_ */
diff --git a/arch/blackfin/include/asm/barebox.h b/arch/blackfin/include/asm/barebox.h
deleted file mode 100644
index 4b1898270a6c..000000000000
--- a/arch/blackfin/include/asm/barebox.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (c) 2005 blackfin.uclinux.org
- *
- * (C) Copyright 2000-2004
- * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
- *
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- */
-
-#ifndef _BAREBOX_H_
-#define _BAREBOX_H_	1
-
-#endif	/* _BAREBOX_H_ */
diff --git a/arch/mips/include/asm/barebox.h b/arch/mips/include/asm/barebox.h
deleted file mode 100644
index 4c68e3f8354d..000000000000
--- a/arch/mips/include/asm/barebox.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0-or-later */
-
-#ifndef _ASM_MIPS_BAREBOX_H_
-#define _ASM_MIPS_BAREBOX_H_
-
-#endif /* _ASM_MIPS_BAREBOX_H_ */
diff --git a/arch/nios2/include/asm/barebox.h b/arch/nios2/include/asm/barebox.h
deleted file mode 100644
index 9dd1df8e329b..000000000000
--- a/arch/nios2/include/asm/barebox.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#ifndef _ASM_BAREBOX_H_
-#define _ASM_BAREBOX_H_
-
-#endif /* _ASM_BAREBOX_H_ */
diff --git a/arch/openrisc/include/asm/barebox.h b/arch/openrisc/include/asm/barebox.h
deleted file mode 100644
index 9dd1df8e329b..000000000000
--- a/arch/openrisc/include/asm/barebox.h
+++ /dev/null
@@ -1,4 +0,0 @@
-#ifndef _ASM_BAREBOX_H_
-#define _ASM_BAREBOX_H_
-
-#endif /* _ASM_BAREBOX_H_ */
diff --git a/arch/ppc/include/asm/barebox.h b/arch/ppc/include/asm/barebox.h
deleted file mode 100644
index 0c608b3079c5..000000000000
--- a/arch/ppc/include/asm/barebox.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * (C) Copyright 2000 - 2002
- * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
- * GNU General Public License for more details.
- *
- *
- ********************************************************************
- * NOTE: This header file defines an interface to barebox. Including
- * this (unmodified) header file in another file is considered normal
- * use of barebox, and does *not* fall under the heading of "derived
- * work".
- ********************************************************************
- */
-
-#ifndef __BAREBOX_H__
-#define __BAREBOX_H__
-
-#endif	/* __BAREBOX_H__ */
diff --git a/arch/ppc/include/asm/common.h b/arch/ppc/include/asm/common.h
index 045817bed226..b91f51e46219 100644
--- a/arch/ppc/include/asm/common.h
+++ b/arch/ppc/include/asm/common.h
@@ -1,8 +1,6 @@
 #ifndef __ASM_COMMON_H
 #define __ASM_COMMON_H
 
-#include <asm/barebox.h>
-
 extern unsigned long _text_base;
 
 unsigned long long get_ticks(void);
diff --git a/arch/riscv/include/asm/barebox.h b/arch/riscv/include/asm/barebox.h
deleted file mode 100644
index 2997587d820c..000000000000
--- a/arch/riscv/include/asm/barebox.h
+++ /dev/null
@@ -1 +0,0 @@
-/* dummy */
diff --git a/arch/sandbox/include/asm/barebox.h b/arch/sandbox/include/asm/barebox.h
deleted file mode 100644
index 2997587d820c..000000000000
--- a/arch/sandbox/include/asm/barebox.h
+++ /dev/null
@@ -1 +0,0 @@
-/* dummy */
diff --git a/arch/x86/include/asm/barebox.h b/arch/x86/include/asm/barebox.h
deleted file mode 100644
index 473edb555cf1..000000000000
--- a/arch/x86/include/asm/barebox.h
+++ /dev/null
@@ -1,17 +0,0 @@
-/*
- * Copyright (C) 2009 Juergen Beisert, Pengutronix
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- *
- */
-
-/* nothing special yet */
diff --git a/include/abort.h b/include/abort.h
index 3eb7986f41c4..89ee549e3452 100644
--- a/include/abort.h
+++ b/include/abort.h
@@ -1,8 +1,6 @@
 #ifndef __ABORT_H
 #define __ABORT_H
 
-#include <asm/barebox.h>
-
 #if defined CONFIG_ARCH_HAS_DATA_ABORT_MASK && !defined __PBL__
 
 /*
diff --git a/include/common.h b/include/common.h
index ebb2ecef5c2a..65630684678c 100644
--- a/include/common.h
+++ b/include/common.h
@@ -51,8 +51,6 @@
 #error "None of __LITTLE_ENDIAN and __BIG_ENDIAN are defined"
 #endif
 
-#include <asm/barebox.h> /* boot information for Linux kernel */
-
 /*
  * Function Prototypes
  */
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 05/10] lib: add HAVE_EFFICIENT_UNALIGNED_ACCESS Kconfig option

[Ahmad Fatoum]

The LZO, LZ4, DEFLATE implementations in lib/ already check against
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS. Define this symbol defaulting to
0. This makes porting Kconfig symbols depending on it easier and in future,
we could select it from different arches.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 lib/Kconfig | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/Kconfig b/lib/Kconfig
index b64885ac93ef..6216fdd6bac0 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -171,4 +171,7 @@ config ARCH_HAS_STACK_DUMP
 config ARCH_HAS_DATA_ABORT_MASK
 	bool
 
+config HAVE_EFFICIENT_UNALIGNED_ACCESS
+	bool
+
 endmenu
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 06/10] common: add generic CONFIG_UBSAN plumbing

[Ahmad Fatoum]

-fsanitize=undefined allows compile-time instrumentation of code to detect
some classes of runtime undefined behavior.

In preparation for allowing arches to provide infrastructure in support
of this feature, add some generic UBSAN options and associated plumbing.

These are only shown in the debug menu when the arch selects the
appropriate symbol. The option is named equally to their Linux counterparts.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 Makefile               |   4 +
 common/Kconfig         |   2 +
 lib/Kconfig.ubsan      |  35 ++++
 lib/Makefile           |   2 +
 lib/ubsan.c            | 442 +++++++++++++++++++++++++++++++++++++++++
 lib/ubsan.h            |  89 +++++++++
 scripts/Makefile.lib   |   8 +
 scripts/Makefile.ubsan |  19 ++
 8 files changed, 601 insertions(+)
 create mode 100644 lib/Kconfig.ubsan
 create mode 100644 lib/ubsan.c
 create mode 100644 lib/ubsan.h
 create mode 100644 scripts/Makefile.ubsan

diff --git a/Makefile b/Makefile
index 0d6fc5f6beca..5cab8d6c58ac 100644
--- a/Makefile
+++ b/Makefile
@@ -329,6 +329,8 @@ export CFLAGS CFLAGS_KERNEL
 export AFLAGS AFLAGS_KERNEL
 export LDFLAGS_barebox
 
+export CFLAGS_UBSAN
+
 # Files to ignore in find ... statements
 
 RCS_FIND_IGNORE := \( -name SCCS -o -name BitKeeper -o -name .svn -o -name CVS -o -name .pc -o -name .hg -o -name .git \) -prune -o
@@ -489,6 +491,8 @@ CFLAGS += $(call cc-option,-Wno-pointer-sign,)
 # change __FILE__ to the relative path from the srctree
 CFLAGS += $(call cc-option,-fmacro-prefix-map=$(srctree)/=)
 
+include scripts/Makefile.ubsan
+
 # KBUILD_IMAGE: Default barebox image to build
 # Depending on the architecture, this can be either compressed or not.
 # It will also include any necessary headers to be bootable.
diff --git a/common/Kconfig b/common/Kconfig
index 8aad5baecdda..16a2aef7c568 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -1295,6 +1295,8 @@ config PBL_BREAK
 	  If this enabled, barebox will be compiled with BKPT instruction
 	  on early pbl init. This option should be used only with JTAG debugger!
 
+source "lib/Kconfig.ubsan"
+
 endmenu
 
 config HAS_DEBUG_LL
diff --git a/lib/Kconfig.ubsan b/lib/Kconfig.ubsan
new file mode 100644
index 000000000000..09f4a0ab8ab8
--- /dev/null
+++ b/lib/Kconfig.ubsan
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: GPL-2.0-only
+config ARCH_HAS_UBSAN_SANITIZE_ALL
+	bool
+
+config UBSAN
+	bool "Undefined behaviour sanity checker"
+	help
+	  This option enables undefined behaviour sanity checker
+	  Compile-time instrumentation is used to detect various undefined
+	  behaviours in runtime.
+
+config UBSAN_SANITIZE_ALL
+	bool "Enable instrumentation for all of barebox"
+	depends on UBSAN
+	depends on ARCH_HAS_UBSAN_SANITIZE_ALL
+	default y
+	help
+	  This option activates instrumentation for all of barebox.
+	  If you don't enable this option, you have to explicitly specify
+	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+	  Enabling this option will get barebox image size increased
+	  significantly.
+
+config UBSAN_NO_ALIGNMENT
+	bool "Disable checking of pointers alignment"
+	depends on UBSAN
+	default y if HAVE_EFFICIENT_UNALIGNED_ACCESS
+	help
+	  This option disables the check of unaligned memory accesses.
+	  This option should be used when building allmodconfig.
+	  Disabling this option on architectures that support unaligned
+	  accesses may produce a lot of false positives.
+
+config UBSAN_ALIGNMENT
+	def_bool !UBSAN_NO_ALIGNMENT
diff --git a/lib/Makefile b/lib/Makefile
index a07ceb15abc2..1a7b2b69f497 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -71,6 +71,7 @@ obj-$(CONFIG_CRC_CCITT) += crc-ccitt.o
 obj-$(CONFIG_CRC8)	+= crc8.o
 obj-$(CONFIG_NLS)	+= nls_base.o
 obj-$(CONFIG_FSL_QE_FIRMWARE) += fsl-qe-firmware.o
+obj-$(CONFIG_UBSAN)	+= ubsan.o
 
 # GCC library routines
 obj-$(CONFIG_GENERIC_LIB_ASHLDI3) += ashldi3.o
@@ -89,3 +90,4 @@ $(foreach file, $(libfdt_files), \
 
 obj-pbl-$(CONFIG_LIBFDT) += $(libfdt_files)
 
+UBSAN_SANITIZE_ubsan.o := n
diff --git a/lib/ubsan.c b/lib/ubsan.c
new file mode 100644
index 000000000000..89ca6e580bce
--- /dev/null
+++ b/lib/ubsan.c
@@ -0,0 +1,442 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * UBSAN error reporting functions
+ *
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd.
+ * Author: Andrey Ryabinin <ryabinin.a.a@gmail.com>
+ */
+
+#include <linux/bitops.h>
+#include <linux/bug.h>
+#include <linux/ctype.h>
+#include <init.h>
+#include <linux/kernel.h>
+#include <linux/types.h>
+
+#include "ubsan.h"
+
+void __ubsan_handle_add_overflow(struct overflow_data *, void *, void *);
+void __ubsan_handle_sub_overflow(struct overflow_data *, void *, void *);
+void __ubsan_handle_mul_overflow(struct overflow_data *, void *, void *);
+void __ubsan_handle_negate_overflow(struct overflow_data *, void *);
+void __ubsan_handle_divrem_overflow(struct overflow_data *, void *, void *);
+void __ubsan_handle_type_mismatch(struct type_mismatch_data *, void *);
+void __ubsan_handle_type_mismatch_v1(struct type_mismatch_data_v1 *, void *);
+void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *, void *);
+void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *, void *, void *);
+void __ubsan_handle_builtin_unreachable(struct unreachable_data *);
+void __ubsan_handle_load_invalid_value(struct invalid_value_data *, void *);
+
+const char *type_check_kinds[] = {
+	"load of",
+	"store to",
+	"reference binding to",
+	"member access within",
+	"member call on",
+	"constructor call on",
+	"downcast of",
+	"downcast of"
+};
+
+#define REPORTED_BIT 31
+
+#if (BITS_PER_LONG == 64) && defined(__BIG_ENDIAN)
+#define COLUMN_MASK (~(1U << REPORTED_BIT))
+#define LINE_MASK   (~0U)
+#else
+#define COLUMN_MASK   (~0U)
+#define LINE_MASK (~(1U << REPORTED_BIT))
+#endif
+
+#define VALUE_LENGTH 40
+
+static unsigned int in_ubsan;
+
+static bool was_reported(struct source_location *location)
+{
+	return test_and_set_bit(REPORTED_BIT, &location->reported);
+}
+
+static void print_source_location(const char *prefix,
+				struct source_location *loc)
+{
+	pr_err("%s %s:%d:%d\n", prefix, loc->file_name,
+		loc->line & LINE_MASK, loc->column & COLUMN_MASK);
+}
+
+static bool suppress_report(struct source_location *loc)
+{
+	return in_ubsan || was_reported(loc);
+}
+
+static bool type_is_int(struct type_descriptor *type)
+{
+	return type->type_kind == type_kind_int;
+}
+
+static bool type_is_signed(struct type_descriptor *type)
+{
+	WARN_ON(!type_is_int(type));
+	return  type->type_info & 1;
+}
+
+static unsigned type_bit_width(struct type_descriptor *type)
+{
+	return 1 << (type->type_info >> 1);
+}
+
+static bool is_inline_int(struct type_descriptor *type)
+{
+	unsigned inline_bits = sizeof(unsigned long)*8;
+	unsigned bits = type_bit_width(type);
+
+	WARN_ON(!type_is_int(type));
+
+	return bits <= inline_bits;
+}
+
+static s_max get_signed_val(struct type_descriptor *type, void *val)
+{
+	if (is_inline_int(type)) {
+		unsigned extra_bits = sizeof(s_max)*8 - type_bit_width(type);
+		unsigned long ulong_val = (unsigned long)val;
+
+		return ((s_max)ulong_val) << extra_bits >> extra_bits;
+	}
+
+	if (type_bit_width(type) == 64)
+		return *(s64 *)val;
+
+	return *(s_max *)val;
+}
+
+static bool val_is_negative(struct type_descriptor *type, void *val)
+{
+	return type_is_signed(type) && get_signed_val(type, val) < 0;
+}
+
+static u_max get_unsigned_val(struct type_descriptor *type, void *val)
+{
+	if (is_inline_int(type))
+		return (unsigned long)val;
+
+	if (type_bit_width(type) == 64)
+		return *(u64 *)val;
+
+	return *(u_max *)val;
+}
+
+static void val_to_string(char *str, size_t size, struct type_descriptor *type,
+			void *value)
+{
+	if (type_is_int(type)) {
+		if (type_bit_width(type) == 128) {
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
+			u_max val = get_unsigned_val(type, value);
+
+			scnprintf(str, size, "0x%08x%08x%08x%08x",
+				(u32)(val >> 96),
+				(u32)(val >> 64),
+				(u32)(val >> 32),
+				(u32)(val));
+#else
+			WARN_ON(1);
+#endif
+		} else if (type_is_signed(type)) {
+			scnprintf(str, size, "%lld",
+				(s64)get_signed_val(type, value));
+		} else {
+			scnprintf(str, size, "%llu",
+				(u64)get_unsigned_val(type, value));
+		}
+	}
+}
+
+static void ubsan_prologue(struct source_location *location,
+			unsigned long *flags)
+{
+	in_ubsan++;
+
+	pr_err("========================================"
+		"========================================\n");
+	print_source_location("UBSAN: Undefined behaviour in", location);
+}
+
+static void ubsan_epilogue(unsigned long *flags)
+{
+	dump_stack();
+	pr_err("========================================"
+		"========================================\n");
+	in_ubsan--;
+}
+
+static void handle_overflow(struct overflow_data *data, void *lhs,
+			void *rhs, char op)
+{
+
+	struct type_descriptor *type = data->type;
+	unsigned long flags;
+	char lhs_val_str[VALUE_LENGTH];
+	char rhs_val_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(lhs_val_str, sizeof(lhs_val_str), type, lhs);
+	val_to_string(rhs_val_str, sizeof(rhs_val_str), type, rhs);
+	pr_err("%s integer overflow:\n",
+		type_is_signed(type) ? "signed" : "unsigned");
+	pr_err("%s %c %s cannot be represented in type %s\n",
+		lhs_val_str,
+		op,
+		rhs_val_str,
+		type->type_name);
+
+	ubsan_epilogue(&flags);
+}
+
+void __ubsan_handle_add_overflow(struct overflow_data *data,
+				void *lhs, void *rhs)
+{
+
+	handle_overflow(data, lhs, rhs, '+');
+}
+EXPORT_SYMBOL(__ubsan_handle_add_overflow);
+
+void __ubsan_handle_sub_overflow(struct overflow_data *data,
+				void *lhs, void *rhs)
+{
+	handle_overflow(data, lhs, rhs, '-');
+}
+EXPORT_SYMBOL(__ubsan_handle_sub_overflow);
+
+void __ubsan_handle_mul_overflow(struct overflow_data *data,
+				void *lhs, void *rhs)
+{
+	handle_overflow(data, lhs, rhs, '*');
+}
+EXPORT_SYMBOL(__ubsan_handle_mul_overflow);
+
+void __ubsan_handle_negate_overflow(struct overflow_data *data,
+				void *old_val)
+{
+	unsigned long flags;
+	char old_val_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(old_val_str, sizeof(old_val_str), data->type, old_val);
+
+	pr_err("negation of %s cannot be represented in type %s:\n",
+		old_val_str, data->type->type_name);
+
+	ubsan_epilogue(&flags);
+}
+EXPORT_SYMBOL(__ubsan_handle_negate_overflow);
+
+
+void __ubsan_handle_divrem_overflow(struct overflow_data *data,
+				void *lhs, void *rhs)
+{
+	unsigned long flags;
+	char rhs_val_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(rhs_val_str, sizeof(rhs_val_str), data->type, rhs);
+
+	if (type_is_signed(data->type) && get_signed_val(data->type, rhs) == -1)
+		pr_err("division of %s by -1 cannot be represented in type %s\n",
+			rhs_val_str, data->type->type_name);
+	else
+		pr_err("division by zero\n");
+
+	ubsan_epilogue(&flags);
+}
+EXPORT_SYMBOL(__ubsan_handle_divrem_overflow);
+
+static void handle_null_ptr_deref(struct type_mismatch_data_common *data)
+{
+	unsigned long flags;
+
+	if (suppress_report(data->location))
+		return;
+
+	ubsan_prologue(data->location, &flags);
+
+	pr_err("%s null pointer of type %s\n",
+		type_check_kinds[data->type_check_kind],
+		data->type->type_name);
+
+	ubsan_epilogue(&flags);
+}
+
+static void handle_misaligned_access(struct type_mismatch_data_common *data,
+				unsigned long ptr)
+{
+	unsigned long flags;
+
+	if (suppress_report(data->location))
+		return;
+
+	ubsan_prologue(data->location, &flags);
+
+	pr_err("%s misaligned address %p for type %s\n",
+		type_check_kinds[data->type_check_kind],
+		(void *)ptr, data->type->type_name);
+	pr_err("which requires %ld byte alignment\n", data->alignment);
+
+	ubsan_epilogue(&flags);
+}
+
+static void handle_object_size_mismatch(struct type_mismatch_data_common *data,
+					unsigned long ptr)
+{
+	unsigned long flags;
+
+	if (suppress_report(data->location))
+		return;
+
+	ubsan_prologue(data->location, &flags);
+	pr_err("%s address %p with insufficient space\n",
+		type_check_kinds[data->type_check_kind],
+		(void *) ptr);
+	pr_err("for an object of type %s\n", data->type->type_name);
+	ubsan_epilogue(&flags);
+}
+
+static void ubsan_type_mismatch_common(struct type_mismatch_data_common *data,
+				unsigned long ptr)
+{
+	if (!ptr)
+		handle_null_ptr_deref(data);
+	else if (data->alignment && !IS_ALIGNED(ptr, data->alignment))
+		handle_misaligned_access(data, ptr);
+	else
+		handle_object_size_mismatch(data, ptr);
+}
+
+void __ubsan_handle_type_mismatch(struct type_mismatch_data *data,
+				void *ptr)
+{
+	struct type_mismatch_data_common common_data = {
+		.location = &data->location,
+		.type = data->type,
+		.alignment = data->alignment,
+		.type_check_kind = data->type_check_kind
+	};
+
+	ubsan_type_mismatch_common(&common_data, (unsigned long)ptr);
+}
+EXPORT_SYMBOL(__ubsan_handle_type_mismatch);
+
+void __ubsan_handle_type_mismatch_v1(struct type_mismatch_data_v1 *data,
+				void *ptr)
+{
+
+	struct type_mismatch_data_common common_data = {
+		.location = &data->location,
+		.type = data->type,
+		.alignment = 1UL << data->log_alignment,
+		.type_check_kind = data->type_check_kind
+	};
+
+	ubsan_type_mismatch_common(&common_data, (unsigned long)ptr);
+}
+EXPORT_SYMBOL(__ubsan_handle_type_mismatch_v1);
+
+void __ubsan_handle_out_of_bounds(struct out_of_bounds_data *data, void *index)
+{
+	unsigned long flags;
+	char index_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(index_str, sizeof(index_str), data->index_type, index);
+	pr_err("index %s is out of range for type %s\n", index_str,
+		data->array_type->type_name);
+	ubsan_epilogue(&flags);
+}
+EXPORT_SYMBOL(__ubsan_handle_out_of_bounds);
+
+void __ubsan_handle_shift_out_of_bounds(struct shift_out_of_bounds_data *data,
+					void *lhs, void *rhs)
+{
+	unsigned long flags;
+	struct type_descriptor *rhs_type = data->rhs_type;
+	struct type_descriptor *lhs_type = data->lhs_type;
+	char rhs_str[VALUE_LENGTH];
+	char lhs_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(rhs_str, sizeof(rhs_str), rhs_type, rhs);
+	val_to_string(lhs_str, sizeof(lhs_str), lhs_type, lhs);
+
+	if (val_is_negative(rhs_type, rhs))
+		pr_err("shift exponent %s is negative\n", rhs_str);
+
+	else if (get_unsigned_val(rhs_type, rhs) >=
+		type_bit_width(lhs_type))
+		pr_err("shift exponent %s is too large for %u-bit type %s\n",
+			rhs_str,
+			type_bit_width(lhs_type),
+			lhs_type->type_name);
+	else if (val_is_negative(lhs_type, lhs))
+		pr_err("left shift of negative value %s\n",
+			lhs_str);
+	else
+		pr_err("left shift of %s by %s places cannot be"
+			" represented in type %s\n",
+			lhs_str, rhs_str,
+			lhs_type->type_name);
+
+	ubsan_epilogue(&flags);
+}
+EXPORT_SYMBOL(__ubsan_handle_shift_out_of_bounds);
+
+
+void __ubsan_handle_builtin_unreachable(struct unreachable_data *data)
+{
+	unsigned long flags;
+
+	ubsan_prologue(&data->location, &flags);
+	pr_err("calling __builtin_unreachable()\n");
+	ubsan_epilogue(&flags);
+	panic("can't return from __builtin_unreachable()");
+}
+EXPORT_SYMBOL(__ubsan_handle_builtin_unreachable);
+
+void __ubsan_handle_load_invalid_value(struct invalid_value_data *data,
+				void *val)
+{
+	unsigned long flags;
+	char val_str[VALUE_LENGTH];
+
+	if (suppress_report(&data->location))
+		return;
+
+	ubsan_prologue(&data->location, &flags);
+
+	val_to_string(val_str, sizeof(val_str), data->type, val);
+
+	pr_err("load of value %s is not a valid value for type %s\n",
+		val_str, data->type->type_name);
+
+	ubsan_epilogue(&flags);
+}
+EXPORT_SYMBOL(__ubsan_handle_load_invalid_value);
diff --git a/lib/ubsan.h b/lib/ubsan.h
new file mode 100644
index 000000000000..7bbedd4b7871
--- /dev/null
+++ b/lib/ubsan.h
@@ -0,0 +1,89 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LIB_UBSAN_H
+#define _LIB_UBSAN_H
+
+enum {
+	type_kind_int = 0,
+	type_kind_float = 1,
+	type_unknown = 0xffff
+};
+
+struct type_descriptor {
+	u16 type_kind;
+	u16 type_info;
+	char type_name[1];
+};
+
+struct source_location {
+	const char *file_name;
+	union {
+		unsigned long reported;
+		struct {
+			u32 line;
+			u32 column;
+		};
+	};
+};
+
+struct overflow_data {
+	struct source_location location;
+	struct type_descriptor *type;
+};
+
+struct type_mismatch_data {
+	struct source_location location;
+	struct type_descriptor *type;
+	unsigned long alignment;
+	unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_v1 {
+	struct source_location location;
+	struct type_descriptor *type;
+	unsigned char log_alignment;
+	unsigned char type_check_kind;
+};
+
+struct type_mismatch_data_common {
+	struct source_location *location;
+	struct type_descriptor *type;
+	unsigned long alignment;
+	unsigned char type_check_kind;
+};
+
+struct nonnull_arg_data {
+	struct source_location location;
+	struct source_location attr_location;
+	int arg_index;
+};
+
+struct out_of_bounds_data {
+	struct source_location location;
+	struct type_descriptor *array_type;
+	struct type_descriptor *index_type;
+};
+
+struct shift_out_of_bounds_data {
+	struct source_location location;
+	struct type_descriptor *lhs_type;
+	struct type_descriptor *rhs_type;
+};
+
+struct unreachable_data {
+	struct source_location location;
+};
+
+struct invalid_value_data {
+	struct source_location location;
+	struct type_descriptor *type;
+};
+
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
+typedef __int128 s_max;
+typedef unsigned __int128 u_max;
+#else
+typedef s64 s_max;
+typedef u64 u_max;
+#endif
+
+#endif
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index fc5fe3d7e8bc..c4d307ae3020 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -120,6 +120,14 @@ _c_flags       = $(CFLAGS) $(EXTRA_CFLAGS) $(CFLAGS_$(basetarget).o)
 _a_flags       = $(AFLAGS) $(EXTRA_AFLAGS) $(AFLAGS_$(basetarget).o)
 _cpp_flags     = $(CPPFLAGS) $(EXTRA_CPPFLAGS) $(CPPFLAGS_$(@F))
 
+ifeq ($(CONFIG_UBSAN),y)
+_CFLAGS_UBSAN   = $(eval _CFLAGS_UBSAN := $(CFLAGS_UBSAN))$(_CFLAGS_UBSAN)
+_c_flags       += $(if $(patsubst n%,, \
+		$(UBSAN_SANITIZE_$(basetarget).o)$(UBSAN_SANITIZE)$(CONFIG_UBSAN_SANITIZE_ALL)), \
+		$(_CFLAGS_UBSAN))
+PBL_CPPFLAGS   += $(call cc-option,-fno-sanitize=all)
+endif
+
 # If building barebox in a separate objtree expand all occurrences
 # of -Idir to -I$(srctree)/dir except for absolute paths (starting with '/').
 
diff --git a/scripts/Makefile.ubsan b/scripts/Makefile.ubsan
new file mode 100644
index 000000000000..019771b845c5
--- /dev/null
+++ b/scripts/Makefile.ubsan
@@ -0,0 +1,19 @@
+# SPDX-License-Identifier: GPL-2.0
+ifdef CONFIG_UBSAN
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=shift)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=integer-divide-by-zero)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=unreachable)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=signed-integer-overflow)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bounds)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=object-size)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=bool)
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=enum)
+
+ifdef CONFIG_UBSAN_ALIGNMENT
+      CFLAGS_UBSAN += $(call cc-option, -fsanitize=alignment)
+endif
+
+      # -fsanitize=* options makes GCC less smart than usual and
+      # increase number of 'maybe-uninitialized false-positives
+      CFLAGS_UBSAN += $(call cc-option, -Wno-maybe-uninitialized)
+endif
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 07/10] commands: add intentionally UB triggering ubsan command

[Ahmad Fatoum]

For testing whether ubsan works, triggering undefined behavior to detect
is a nice development aid. Port the Linux test_ubsan module to barebox
as a command.

barebox@Embest MarS Board i.MX6Dual:/ ubsan shift
ERROR: ================================================================================
ERROR: UBSAN: Undefined behaviour in commands/ubsan.c:53:7
ERROR: shift exponent -1 is negative
WARNING: [<4fd77325>] (unwind_backtrace+0x1/0x68) from [<4fd5bc0f>] (ubsan_epilogue.isra.6+0x7/0x20)
WARNING: [<4fd5bc0f>] (ubsan_epilogue.isra.6+0x7/0x20) from [<4fd5bf8d>] (__ubsan_handle_shift_out_of_bounds+0x49/0xb8)
WARNING: [<4fd5bf8d>] (__ubsan_handle_shift_out_of_bounds+0x49/0xb8) from [<4fd51ed7>] (test_ubsan_shift_out_of_bounds+0x23/0x2c)
WARNING: [<4fd51ed7>] (test_ubsan_shift_out_of_bounds+0x23/0x2c) from [<4fd51fd7>] (do_ubsan+0x3b/0x54)
WARNING: [<4fd51fd7>] (do_ubsan+0x3b/0x54) from [<4fd03a4d>] (execute_command+0x21/0x48)
WARNING: [<4fd03a4d>] (execute_command+0x21/0x48) from [<4fd09591>] (run_list_real+0x5b5/0x610)
WARNING: [<4fd09591>] (run_list_real+0x5b5/0x610) from [<4fd08ed9>] (parse_stream_outer+0x105/0x164)
WARNING: [<4fd08ed9>] (parse_stream_outer+0x105/0x164) from [<4fd097b1>] (run_shell+0x35/0x64)
WARNING: [<4fd097b1>] (run_shell+0x35/0x64) from [<4fd00d43>] (run_init+0x8f/0x168)
WARNING: [<4fd00d43>] (run_init+0x8f/0x168) from [<4fd00e35>] (start_barebox+0x19/0x54)
WARNING: [<4fd00e35>] (start_barebox+0x19/0x54) from [<4fd75843>] (barebox_non_pbl_start+0xc7/0x108)
WARNING: [<4fd75843>] (barebox_non_pbl_start+0xc7/0x108) from [<4fd00005>] (__bare_init_start+0x1/0xc)
ERROR: ================================================================================

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 commands/Kconfig  |   7 +++
 commands/Makefile |   3 +
 commands/ubsan.c  | 152 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 162 insertions(+)
 create mode 100644 commands/ubsan.c

diff --git a/commands/Kconfig b/commands/Kconfig
index 039fd7d1ac74..e03110fd46cb 100644
--- a/commands/Kconfig
+++ b/commands/Kconfig
@@ -2142,6 +2142,13 @@ config CMD_SEED
 	help
 	  Seed the pseudo random number generator (PRNG)
 
+config CMD_UBSAN
+	tristate "ubsan"
+	depends on UBSAN && COMMAND_SUPPORT
+	help
+	  This is a test command for the undefined behavior sanitizer.
+	  It triggers various undefined behavior, and detect it.
+
 # end Miscellaneous commands
 endmenu
 
diff --git a/commands/Makefile b/commands/Makefile
index e69fb5046f59..5cd35b78a735 100644
--- a/commands/Makefile
+++ b/commands/Makefile
@@ -123,3 +123,6 @@ obj-$(CONFIG_CMD_MMC_EXTCSD)	+= mmc_extcsd.o
 obj-$(CONFIG_CMD_NAND_BITFLIP)	+= nand-bitflip.o
 obj-$(CONFIG_CMD_SEED)		+= seed.o
 obj-$(CONFIG_CMD_IP_ROUTE_GET)  += ip-route-get.o
+obj-$(CONFIG_CMD_UBSAN)		+= ubsan.o
+
+UBSAN_SANITIZE_ubsan.o := y
diff --git a/commands/ubsan.c b/commands/ubsan.c
new file mode 100644
index 000000000000..784678d399d9
--- /dev/null
+++ b/commands/ubsan.c
@@ -0,0 +1,152 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <common.h>
+#include <command.h>
+#include <abort.h>
+
+struct test_ubsan {
+	const char *cmd;
+	void(*fun)(void);
+};
+
+static void test_ubsan_add_overflow(void)
+{
+	volatile int val = INT_MAX;
+
+	val += 2;
+}
+
+static void test_ubsan_sub_overflow(void)
+{
+	volatile int val = INT_MIN;
+	volatile int val2 = 2;
+
+	val -= val2;
+}
+
+static void test_ubsan_mul_overflow(void)
+{
+	volatile int val = INT_MAX / 2;
+
+	val *= 3;
+}
+
+static void test_ubsan_negate_overflow(void)
+{
+	volatile int val = INT_MIN;
+
+	val = -val;
+}
+
+static void test_ubsan_divrem_overflow(void)
+{
+	volatile int val = 16;
+	volatile int val2 = 0;
+
+	val /= val2;
+}
+
+static void test_ubsan_shift_out_of_bounds(void)
+{
+	volatile int val = -1;
+	int val2 = 10;
+
+	val2 <<= val;
+}
+
+static void test_ubsan_out_of_bounds(void)
+{
+	volatile int i = 4, j = 5;
+	volatile int arr[4];
+
+	arr[j] = i;
+}
+
+static void test_ubsan_load_invalid_value(void)
+{
+	volatile char *dst, *src;
+	bool val, val2, *ptr;
+	char c = 4;
+
+	dst = (char *)&val;
+	src = &c;
+	*dst = *src;
+
+	ptr = &val2;
+	val2 = val;
+}
+
+static void test_ubsan_null_ptr_deref(void)
+{
+	volatile int *ptr = NULL;
+	int val;
+
+	data_abort_mask();
+	val = *ptr;
+	data_abort_unmask();
+}
+
+static void test_ubsan_misaligned_access(void)
+{
+	volatile char arr[5] __aligned(4) = {1, 2, 3, 4, 5};
+	volatile int *ptr, val = 6;
+
+	ptr = (int *)(arr + 1);
+	*ptr = val;
+}
+
+static void test_ubsan_object_size_mismatch(void)
+{
+	/* "((aligned(8)))" helps this not into be misaligned for ptr-access. */
+	volatile int val __aligned(8) = 4;
+	volatile long long *ptr, val2;
+
+	ptr = (long long *)&val;
+	val2 = *ptr;
+}
+
+static const struct test_ubsan test_ubsan_array[] = {
+	{ .cmd = "add",   .fun = test_ubsan_add_overflow },
+	{ .cmd = "sub",   .fun = test_ubsan_sub_overflow },
+	{ .cmd = "mul",   .fun = test_ubsan_mul_overflow },
+	{ .cmd = "neg",   .fun = test_ubsan_negate_overflow },
+	{ .cmd = "div",   .fun = test_ubsan_divrem_overflow },
+	{ .cmd = "shift", .fun = test_ubsan_shift_out_of_bounds },
+	{ .cmd = "oob",   .fun = test_ubsan_out_of_bounds },
+	{ .cmd = "trap",  .fun = test_ubsan_load_invalid_value },
+	{ .cmd = "null",  .fun = test_ubsan_null_ptr_deref },
+	{ .cmd = "align", .fun = test_ubsan_misaligned_access },
+	{ .cmd = "size",  .fun = test_ubsan_object_size_mismatch },
+	{ /* sentinel */ }
+};
+
+static int do_ubsan(int argc, char *argv[])
+{
+	const struct test_ubsan *test;
+
+	if (argc != 2)
+		return COMMAND_ERROR_USAGE;
+
+	for (test = test_ubsan_array; test->cmd; test++) {
+		if (strcmp(test->cmd, argv[1]) == 0) {
+			test->fun();
+			return 0;
+		}
+	}
+
+	return COMMAND_ERROR_USAGE;
+}
+
+BAREBOX_CMD_HELP_START(ubsan)
+BAREBOX_CMD_HELP_TEXT("trigger undefined behavior for UBSAN to detect")
+BAREBOX_CMD_HELP_TEXT("")
+BAREBOX_CMD_HELP_TEXT("Functions:")
+BAREBOX_CMD_HELP_TEXT("add, sub, mul, neg, div, shift, oob, trap,")
+BAREBOX_CMD_HELP_TEXT("null, align, size")
+BAREBOX_CMD_HELP_END
+
+BAREBOX_CMD_START(ubsan)
+	.cmd		= do_ubsan,
+	BAREBOX_CMD_DESC("trigger undefined behavior for UBSAN to detect")
+	BAREBOX_CMD_GROUP(CMD_GRP_MISC)
+	BAREBOX_CMD_HELP(cmd_ubsan_help)
+BAREBOX_CMD_END
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 08/10] sandbox: use sanitizer unwind for dump_stack if available

[Ahmad Fatoum]

The sanitize unwind looks pretty and is just a function call away if we
are compiling with KASAN or UBSAN. Use it if available.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/sandbox/Kconfig      |  6 ++++++
 arch/sandbox/Makefile     |  2 +-
 arch/sandbox/lib/Makefile |  1 +
 arch/sandbox/lib/unwind.c | 11 +++++++++++
 4 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 arch/sandbox/lib/Makefile
 create mode 100644 arch/sandbox/lib/unwind.c

diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig
index d153846efa0f..1171e4b8f8e3 100644
--- a/arch/sandbox/Kconfig
+++ b/arch/sandbox/Kconfig
@@ -12,3 +12,9 @@ config LINUX
 	bool
 	default y
 	select GENERIC_FIND_NEXT_BIT
+
+config SANDBOX_UNWIND
+	bool
+	default y
+	select ARCH_HAS_STACK_DUMP
+	depends on UBSAN || KASAN
diff --git a/arch/sandbox/Makefile b/arch/sandbox/Makefile
index 780783a1e08c..62f6be745a76 100644
--- a/arch/sandbox/Makefile
+++ b/arch/sandbox/Makefile
@@ -51,7 +51,7 @@ cmd_barebox__ = $(CC) -o $@ -Wl,-T,$(barebox-lds) \
 	-Wl,--start-group $(barebox-common) -Wl,--end-group \
 	-lrt -lpthread $(SDL_LIBS) $(FTDI1_LIBS)
 
-common-y += $(BOARD) arch/sandbox/os/
+common-y += $(BOARD) arch/sandbox/os/ arch/sandbox/lib/
 
 common-$(CONFIG_OFTREE) += arch/sandbox/dts/
 
diff --git a/arch/sandbox/lib/Makefile b/arch/sandbox/lib/Makefile
new file mode 100644
index 000000000000..b32ca6aaf804
--- /dev/null
+++ b/arch/sandbox/lib/Makefile
@@ -0,0 +1 @@
+obj-$(CONFIG_ARCH_HAS_STACK_DUMP) += unwind.o
diff --git a/arch/sandbox/lib/unwind.c b/arch/sandbox/lib/unwind.c
new file mode 100644
index 000000000000..15a2798cc404
--- /dev/null
+++ b/arch/sandbox/lib/unwind.c
@@ -0,0 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0-only
+// Copyright 2019 Ahmad Fatoum
+
+#include <common.h>
+
+void __sanitizer_print_stack_trace(void);
+
+void dump_stack(void)
+{
+		__sanitizer_print_stack_trace();
+}
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 09/10] common: add generic CONFIG_KASAN option

[Ahmad Fatoum]

-fsanitize=[kernel-]address-sanitizer allows compile-time instrumentation
of memory accesses to detect some classes of runtime undefined behavior.

In preparation for allowing arches to provide infrastructure in support
of this feature, add the generic KASAN options.

These are only shown in the debug menu when the arch selects the
appropriate symbol. The option is named equally to their Linux counterparts.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 common/Kconfig | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/common/Kconfig b/common/Kconfig
index 16a2aef7c568..cafaadb3d46f 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -1297,6 +1297,13 @@ config PBL_BREAK
 
 source "lib/Kconfig.ubsan"
 
+config KASAN
+	bool "KASAN: runtime memory debugger"
+	depends on HAVE_ARCH_KASAN
+	help
+	  Enables KASAN (KernelAddressSANitizer) - runtime memory debugger,
+	  designed to find out-of-bounds accesses and use-after-free bugs.
+
 endmenu
 
 config HAS_DEBUG_LL
@@ -1305,3 +1312,6 @@ config HAS_DEBUG_LL
 config DDR_SPD
 	bool
 	select CRC_ITU_T
+
+config HAVE_ARCH_KASAN
+	bool
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

[PATCH v2 10/10] sandbox: support Address and UndefinedBehavior sanitizers

[Ahmad Fatoum]

For the hosted implementation, we just need to pass the appropriate
options at compile and link time. No further arch-specific
code needed.

Because we define our own handlers in lib/ubsan.c, linking against
libubsan isn't strictly required. We do it anyway on sandbox, so we can
use the backtrace functionality within.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 arch/sandbox/Kconfig  |  2 ++
 arch/sandbox/Makefile | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/sandbox/Kconfig b/arch/sandbox/Kconfig
index 1171e4b8f8e3..6ec71a99e53f 100644
--- a/arch/sandbox/Kconfig
+++ b/arch/sandbox/Kconfig
@@ -2,6 +2,8 @@ config SANDBOX
 	bool
 	select OFTREE
 	select GPIOLIB
+	select ARCH_HAS_UBSAN_SANITIZE_ALL
+	select HAVE_ARCH_KASAN
 	default y
 
 config ARCH_TEXT_BASE
diff --git a/arch/sandbox/Makefile b/arch/sandbox/Makefile
index 62f6be745a76..b127560a2b8c 100644
--- a/arch/sandbox/Makefile
+++ b/arch/sandbox/Makefile
@@ -47,9 +47,19 @@ ifeq ($(CONFIG_GPIO_LIBFTDI1),y)
 FTDI1_LIBS := $(shell pkg-config libftdi1 --libs)
 endif
 
+ifeq ($(CONFIG_KASAN),y)
+CPPFLAGS += -fsanitize=address
+SANITIZER_LIBS += -fsanitize=address
+endif
+
+ifeq ($(CONFIG_UBSAN),y)
+SANITIZER_LIBS += -fsanitize=undefined
+endif
+
 cmd_barebox__ = $(CC) -o $@ -Wl,-T,$(barebox-lds) \
 	-Wl,--start-group $(barebox-common) -Wl,--end-group \
-	-lrt -lpthread $(SDL_LIBS) $(FTDI1_LIBS)
+	-lrt -lpthread $(SDL_LIBS) $(FTDI1_LIBS) \
+	$(SANITIZER_LIBS)
 
 common-y += $(BOARD) arch/sandbox/os/ arch/sandbox/lib/
 
-- 
2.20.1


_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2 00/10] Add initial support for -fsanitize={ubsan,asan}

[Sascha Hauer]

On Tue, Aug 27, 2019 at 05:09:08PM +0200, Ahmad Fatoum wrote:
> This series adds undefined behavior and address sanitizer support to
> barebox. Both are fully functional on sandbox, where they are also used
> to implement dump_stack() now.
> 
> I haven't yet read about how Kernel AddressSanitizer works, so this one
> only works on sandbox via libasan for now.
> 
> The undefined behavior sanitizer depends on the compiler instrumenting
> potential pitfalls and then calling the routines in lib/ubsan.c if it
> catches something undefined, so that should readily work on other arches
> as well. I tested it on sandbox and the i.MX6Q so far.
> 
> Eventually, it should be possible to enable it for all the non-PBL stuff
> with a single Kconfig option, but for now you need to explicitly add a
> 
> 	UBSAN_SANITIZE_myfile.o := y
> 
> in the respective Makefile. Enabling it wholesale doesn't yet work on
> ARM, I suspect it might be due to binary size.
> 
> Changes in v2:
> 	v1 was incomplete and sent our more by mistake,
> 	so no changelog.

Applied, thanks

Sascha


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2 00/10] Add initial support for -fsanitize={ubsan,asan}

[Ahmad Fatoum]

On 9/4/19 8:53 AM, Sascha Hauer wrote:
> On Tue, Aug 27, 2019 at 05:09:08PM +0200, Ahmad Fatoum wrote:
>> This series adds undefined behavior and address sanitizer support to
>> barebox. Both are fully functional on sandbox, where they are also used
>> to implement dump_stack() now.
>>
>> I haven't yet read about how Kernel AddressSanitizer works, so this one
>> only works on sandbox via libasan for now.
>>
>> The undefined behavior sanitizer depends on the compiler instrumenting
>> potential pitfalls and then calling the routines in lib/ubsan.c if it
>> catches something undefined, so that should readily work on other arches
>> as well. I tested it on sandbox and the i.MX6Q so far.
>>
>> Eventually, it should be possible to enable it for all the non-PBL stuff
>> with a single Kconfig option, but for now you need to explicitly add a
>>
>> 	UBSAN_SANITIZE_myfile.o := y
>>
>> in the respective Makefile. Enabling it wholesale doesn't yet work on
>> ARM, I suspect it might be due to binary size.
>>
>> Changes in v2:
>> 	v1 was incomplete and sent our more by mistake,
>> 	so no changelog.
> 
> Applied, thanks

Could you swap patch 08 and 09? Patch 08 depends on the KASAN symbol
in the Kconfig option of SANDBOX_UNWIND, but this symbol is introduced
in patch 09..


> 
> Sascha
> 
> 


-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox

Re: [PATCH v2 00/10] Add initial support for -fsanitize={ubsan,asan}

[Sascha Hauer]

On Wed, Sep 04, 2019 at 09:52:52AM +0200, Ahmad Fatoum wrote:
> On 9/4/19 8:53 AM, Sascha Hauer wrote:
> > On Tue, Aug 27, 2019 at 05:09:08PM +0200, Ahmad Fatoum wrote:
> >> This series adds undefined behavior and address sanitizer support to
> >> barebox. Both are fully functional on sandbox, where they are also used
> >> to implement dump_stack() now.
> >>
> >> I haven't yet read about how Kernel AddressSanitizer works, so this one
> >> only works on sandbox via libasan for now.
> >>
> >> The undefined behavior sanitizer depends on the compiler instrumenting
> >> potential pitfalls and then calling the routines in lib/ubsan.c if it
> >> catches something undefined, so that should readily work on other arches
> >> as well. I tested it on sandbox and the i.MX6Q so far.
> >>
> >> Eventually, it should be possible to enable it for all the non-PBL stuff
> >> with a single Kconfig option, but for now you need to explicitly add a
> >>
> >> 	UBSAN_SANITIZE_myfile.o := y
> >>
> >> in the respective Makefile. Enabling it wholesale doesn't yet work on
> >> ARM, I suspect it might be due to binary size.
> >>
> >> Changes in v2:
> >> 	v1 was incomplete and sent our more by mistake,
> >> 	so no changelog.
> > 
> > Applied, thanks
> 
> Could you swap patch 08 and 09? Patch 08 depends on the KASAN symbol
> in the Kconfig option of SANDBOX_UNWIND, but this symbol is introduced
> in patch 09..

Just did that.

Sascha

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox