Message ID | 20210117171036.30931-1-hauke@hauke-m.de |
---|---|
Headers | show |
Series | toolchain: build all user space with sanitizer on glibc | expand |
On Sun, Jan 17, 2021 at 06:10:34PM +0100, Hauke Mehrtens wrote: > This patch allows to build most the OpenWrt user space with address and > undefined behavior sanitizer activated by default. > This only works with glibc and gcc 10 and I only tested this on x86 64 > so far. It is not intended to activate this by default ever, but this is > helpful to detect (security) bugs in our applications. > > The first patch adds a work around for a problem with our Kconfig > system, I did not fully understand the problems and only provided a > workaround for it, if someone has any idea what is going wrong there > this would be helpful. > > I already found some problems like memory leaks and a use after free > problem, will send separate mails for the later. > > When these sanitizers are activated the OpenWrt userspace needs > significant more memory, use at least 256MB for a basic system. > > TODOs: > * Fix the Kconfig recursive dependency problem > * Test this on more than x86 / 64 > * Make it depend on GCC 10 or wait till GCC 10 is the default. > This is a bit of necroposting... But any news with this? Considering we are switching to gcc12 by default i think these feature are now mature enough to be finally introduced. > Hauke Mehrtens (2): > Workaround recursive error > toolchain: Allow building with ASAN and UBSAN > > config/Config-build.in | 22 ++++++++++++++++++++++ > include/hardening.mk | 14 ++++++++++++++ > include/package-defaults.mk | 2 +- > include/toolchain-build.mk | 2 ++ > package/boot/grub2/Makefile | 2 ++ > package/kernel/mac80211/Makefile | 2 +- > package/libs/toolchain/Makefile | 2 ++ > package/network/services/dropbear/Makefile | 2 ++ > package/network/utils/iw/Makefile | 11 ++++++++--- > package/utils/busybox/Makefile | 2 ++ > 10 files changed, 56 insertions(+), 5 deletions(-) > > -- > 2.20.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
On 1/4/23 18:39, Christian Marangi wrote: > On Sun, Jan 17, 2021 at 06:10:34PM +0100, Hauke Mehrtens wrote: >> This patch allows to build most the OpenWrt user space with address and >> undefined behavior sanitizer activated by default. >> This only works with glibc and gcc 10 and I only tested this on x86 64 >> so far. It is not intended to activate this by default ever, but this is >> helpful to detect (security) bugs in our applications. >> >> The first patch adds a work around for a problem with our Kconfig >> system, I did not fully understand the problems and only provided a >> workaround for it, if someone has any idea what is going wrong there >> this would be helpful. >> >> I already found some problems like memory leaks and a use after free >> problem, will send separate mails for the later. >> >> When these sanitizers are activated the OpenWrt userspace needs >> significant more memory, use at least 256MB for a basic system. >> >> TODOs: >> * Fix the Kconfig recursive dependency problem >> * Test this on more than x86 / 64 >> * Make it depend on GCC 10 or wait till GCC 10 is the default. >> > > This is a bit of necroposting... But any news with this? Considering we > are switching to gcc12 by default i think these feature are now mature > enough to be finally introduced. Hi, I was trying it again some days ago with gcc 12. I am still running into a bug with the script which generates the Kconfig. It has some problems with the iw Makefile which has two build variants. I will update my branch in the next days. I do not know if I find the time to look into the Kconfig problem. Hauke