Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I'm working on porting kernel address sanitizer (KASan) from linux to another os (let's call it OS). This OS compiled with arm-none-eabi toolchain and I pass following asan related flags to compiler:

-fsanitize=kernel-address --param asan-globals=1 --param asan-stack=1 --param asan-instrumentation-with-call-threshold=0

Also I implement different __asan_* functions including __asan_register_globals and __asan_unregister_globals .

My problem is that compiler inserts only __asan_load* , __asan_store* and __asan_handle_no_return functions and ignores global variables and stack.

I made investigation and find out that in Linux compiler inserts instrumentation of globals and stack, but Linux use arm-linux-gnueabi toolchain.

Can anybody explain why --param asan-globals=1 and --param asan-stack=1 don't affect on generated code with arm-none-eabi toolchain? Or just set direction for further searches.

Thanks.

Hi, Have you made the address sanitizer work? If yes, could you please possibly share me the sample code? – Dongguo Aug 27, 2017 at 7:33 Dongguo, hello! Yes, I made it, but I can't send to you OS because it's my work and it don't opened yet. I used Linux implementation as reference. Sorry for waiting – Lakeev Roman Sep 8, 2017 at 11:51

You don't need any special functions calls for stack instrumentation - shadow memory is poisoned via inline stores in function prologue (and unpoisoned in epilogue).

Which GCC version do you use? Instrumentation of globals was done only in GCC 5.0 (in this patch ) and wasn't backported to 4.9 branch. Another option option is that you forgot to use -fno-common which is necessary to instrument common symbols .

I check gcc versions 5.4 and 6.3.1 from gcc-arm-embedded and yesterday I build 7.1 and all the same - __asan_register_globals and __asan_unregister_globals are not used. That about stack instrumentation, how compiler know where shadow memory is located? I don't use -fasan-shadow-offset= option because shadow start address, in my realization, computed depends on configuration params. – Lakeev Roman Jul 19, 2017 at 17:54 @LakeevRoman : Unfortunately variable shadow offset is not supported by GCC. It's quite doable (it has been recently implemented in LLVM), we just didn't need it for Kasan. So for now GCC will always use fixed address, either one specified w/ -fasan-shadow-offset or default. – yugr Jul 19, 2017 at 18:23 @LakeevRoman: Just to double check - do you use -fno-common as advised e.g. here ? Could you check echo 'int x = 1;' | ~/install/gcc/bin/gcc -fsanitize=kernel-address --param asan-globals=1 -x c - -S -o- | grep asan ? This prints call __asan_register_globals but that's 8.0. – yugr Jul 20, 2017 at 3:05 No, I didn't use -fno-common flag. With this flag __asan_register_globals and __asan_unregister_globals appeared. Thanks! Can you add this note to your answer? – Lakeev Roman Jul 20, 2017 at 7:54

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question . Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.
• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .