Re: ASN for MIPS with either clang or gcc

Maxim Ostapenko Thu, 24 Nov 2016 00:00:39 -0800

Hi,

вторник, 22 ноября 2016 г., 17:48:21 UTC+3 пользователь Park Kit написал:
>
> Hi Sagar, Maxim,
>
> Appreciated for your try and comments. 
>
> @Sagar, your steps are bit different from what I followed so will give it 
> a try to build. This confirms at least ASAN works for cross-compile on MIPS 
> and which is great.
>
> @Maxim, you're right on 2) and that's what I did. Have you used the 
> buildroot to build cross-compile GCC on MIPS or used GCC package only? What 
> version have you used? Would you mind showing command lines to configure 
> and to build it?
>


Yes, I've used cross buildroot. It can be quite simply built manually, I've 
used this pretty nice instruction: 
http://preshing.com/20141119/how-to-build-a-gcc-cross-compiler/.
The components I used:
* current trunk GCC
* current trunk binutils 
* current trunk Linux headers
* Glibc 2.20

The only difference I've needed is a local patch for Glibc (I used 2.20) to 
fix build error (the patch is attached).

I'm also attaching the patch I used to enable ASan in GCC for MIPS (you can 
apply it on step 7).

Once you've built toolchain, you can simple test:

$ mips-linux-gcc *-fsanitize=address * 
<gcc_tree_location>/gcc/testsuite/c-c++-common/asan/heap-overflow-1.c 
*-fstack-protector*
$ qemu-mips -L $SYSROOT -R 0 ./a.out 

=================================================================
==9453==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x42c007ba 
at pc 0x00400a94 bp 0x407ffca0 sp 0x407ffcc8
READ of size 1 at 0x42c007ba thread T0
    #0 0x400a8c  (/home/max/build/mips/gcc/a.out+0x400a8c)
    #1 0x40e5a36c  (/opt/cross/mips//mips-linux/lib/libc.so.6+0x1936c)

0x42c007ba is located 0 bytes to the right of 10-byte region 
[0x42c007b0,0x42c007ba)
allocated by thread T0 here:
    #0 0x4093fe9c  (/opt/cross/mips//mips-linux/lib/libasan.so.4+0x107e9c)
    #1 0x4009e4  (/home/max/build/mips/gcc/a.out+0x4009e4)
    #2 0x40e5a36c  (/opt/cross/mips//mips-linux/lib/libc.so.6+0x1936c)

SUMMARY: AddressSanitizer: heap-buffer-overflow 
(/home/max/build/mips/gcc/a.out+0x400a8c) 
Shadow bytes around the buggy address:
  0x130200a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x130200b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x130200c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x130200d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x130200e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x130200f0: fa fa fa fa fa fa 00[02]fa fa fa fa fa fa fa fa
  0x13020100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x13020110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x13020120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x13020130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x13020140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==9453==ABORTING

Note that I've added  *-fstack-protector *flag to avoid "*cc1: warning: 
-fsanitize=address and -fsanitize=kernel-address are not supported for this 
target" *error on compilation step. This is weird, but for some reason GCC 
folks use this flag to control *FRAME_GROWS_DOWNWARD *macro om MIPS.
GCC's ASan doesn't support targets with *FRAME_GROWS_DOWNWARD == 0 *so I 
just added *-fstack-protector *as a workaround.

 

>
> Keep you posted on further tries. Many thanks
> Kit
>
> 2016년 11월 19일 토요일 오전 11시 19분 34초 UTC, sagar....@imgtec.com 님의 말:
>>
>> Hi Park,
>>
>> *Following are the steps for building LLVM and compiler-rt for target 
>> MIPS (Host=x86, Target=MIPS):*
>>
>>    1. Install prerequisites with "sudo apt-get install cmake ninja-build 
>>    gcc-5-mipsel-linux-gnu g++-5-mipsel-linux-gnu 
>>    gcc-5-multilib-mipsel-linux-gnu g++-5-multilib-mipsel-linux-gnu 
>>    binutils-mipsel-linux-gnu libgcc1-mipsel-cross libstdc++6-mipsel-cross"
>>    2. Checkout llvm.
>>    3. Checkout clang in /llvm/tools/
>>    4. Build LLVM cross compiler which targets MIPS.
>>       1. Run "cmake -G Ninja ../llvm 
>>       -DCMAKE_INSTALL_PREFIX=<path-to-install-dir> 
>> -DCMAKE_BUILD_TYPE=Release 
>>       -DCMAKE_INSTALL_PREFIX=<install-dir> 
>>       -DLLVM_DEFAULT_TARGET_TRIPLE=mipsel-linux-gnu -DLLVM_TARGET_ARCH=Mips 
>>       -DLLVM_TARGETS_TO_BUILD=Mips" in a build directory.
>>       2. Run "ninja; ninja install"
>>    5. Checkout compiler-rt
>>    6. Build compiler-rt in a separate build directory using the just 
>>    built llvm cross compiler.
>>       1. Run "cmake -G Ninja ../compiler-rt/ 
>>       -DCMAKE_C_COMPILER=<path-to-where-llvm-was-installed>/bin/clang 
>>       -DCMAKE_CXX_COMPILER=<path-to-where-llvm-was-installed>/bin/clang++ 
>>       -DCMAKE_BUILD_TYPE=Release 
>>       -DLLVM_CONFIG_PATH=<path-to-where-llvm-was-installed>//bin/llvm-config 
>>       
>> -DCOMPILER_RT_INSTALL_PATH=<path-to-where-llvm-was-installed>//lib/clang/4.0.0
>>  
>>       -DCMAKE_C_FLAGS="-I/usr/mipsel-linux-gnu/include/ 
>>       -Wl,-L/usr/mipsel-linux-gnu/lib/" 
>>       -DCMAKE_CXX_FLAGS="-I/usr/mipsel-linux-gnu/include/ 
>>       -Wl,-L/usr/mipsel-linux-gnu/lib/"" in a separate build directory.
>>       2. Run "ninja; ninja install"
>>    
>> You can also use the GCC cross tool chain instead of the just built LLVM 
>> cross tool chain to build the compiler-rt sources.
>>
>> *Running a simple test from the ASAN test suite:*
>>
>> $ <path-to-where-llvm-was-installed>/bin/clang -fsanitize=address 
>> -Wl,--dynamic-linker=/usr/mipsel-linux-gnu/lib/ld.so.1 use-after-free.cc
>>
>> $ qemu-mipsel -cpu 74Kf -E LD_LIBRARY_PATH=/usr/mipsel-linux-gnu/lib/ 
>> a.out 
>> =================================================================
>> ==1487==ERROR: AddressSanitizer: heap-use-after-free on address 
>> 0x74d007b5 at pc 0x0052d518 bp 0x76fff5c0 sp 0x76fff5e4
>> READ of size 1 at 0x74d007b5 thread T0
>>     #0 0x52d510  (/home/slt/Tests/a.out+0x52d510)
>>     #1 0x76535bd4  (/usr/mipsel-linux-gnu/lib/libc.so.6+0x19bd4)
>>
>> 0x74d007b5 is located 5 bytes inside of 10-byte region 
>> [0x74d007b0,0x74d007ba)
>> freed by thread T0 here:
>>     #0 0x4f4124  (/home/slt/Tests/a.out+0x4f4124)
>>     #1 0x52d4a8  (/home/slt/Tests/a.out+0x52d4a8)
>>     #2 0x76535bd4  (/usr/mipsel-linux-gnu/lib/libc.so.6+0x19bd4)
>>
>> previously allocated by thread T0 here:
>>     #0 0x4f4580  (/home/slt/Tests/a.out+0x4f4580)
>>     #1 0x52d498  (/home/slt/Tests/a.out+0x52d498)
>>     #2 0x76535bd4  (/usr/mipsel-linux-gnu/lib/libc.so.6+0x19bd4)
>>
>> SUMMARY: AddressSanitizer: heap-use-after-free 
>> (/home/slt/Tests/a.out+0x52d510) 
>> Shadow bytes around the buggy address:
>>   0x194400a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x194400b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x194400c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x194400d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x194400e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>> =>0x194400f0: fa fa fa fa fa fa[fd]fd fa fa fa fa fa fa fa fa
>>   0x19440100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x19440110: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x19440120: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x19440130: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>>   0x19440140: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>> Shadow byte legend (one shadow byte represents 8 application bytes):
>>   Addressable:           00
>>   Partially addressable: 01 02 03 04 05 06 07 
>>   Heap left redzone:       fa
>>   Freed heap region:       fd
>>   Stack left redzone:      f1
>>   Stack mid redzone:       f2
>>   Stack right redzone:     f3
>>   Stack after return:      f5
>>   Stack use after scope:   f8
>>   Global redzone:          f9
>>   Global init order:       f6
>>   Poisoned by user:        f7
>>   Container overflow:      fc
>>   Array cookie:            ac
>>   Intra object redzone:    bb
>>   ASan internal:           fe
>>   Left alloca redzone:     ca
>>   Right alloca redzone:    cb
>> ==1487==ABORTING
>>
>> *To cross build a complete LLVM toolchain which will run on MIPS and 
>> target to MIPS **(Host=MIPS, Target=MIPS):*
>>
>>    1. Install prerequisites with "sudo apt-get install cmake ninja-build 
>>    gcc-5-mipsel-linux-gnu g++-5-mipsel-linux-gnu 
>>    gcc-5-multilib-mipsel-linux-gnu g++-5-multilib-mipsel-linux-gnu 
>>    binutils-mipsel-linux-gnu libgcc1-mipsel-cross libstdc++6-mipsel-cross"
>>    2. Checkout llvm
>>    3. Checkout clang in /llvm/tools/
>>    4. Checkout compiler-rt in /llvm/projects/
>>    5. Run "cmake -G Ninja ../llvm 
>>    -DCMAKE_INSTALL_PREFIX=<path-to-install-dir> -DCMAKE_BUILD_TYPE=Release 
>>    -DCMAKE_CROSSCOMPILING=True  
>> -DLLVM_TABLEGEN=<path-to-host-bin>/llvm-tblgen 
>>    -DCLANG_TABLEGEN=<path-to-host-bin>/clang-tblgen 
>>    -DLLVM_HOST_TRIPLE=mipsel-linux-gnu 
>>    -DLLVM_DEFAULT_TARGET_TRIPLE=mipsel-linux-gnu -DLLVM_TARGET_ARCH=Mips 
>>    -DLLVM_TARGETS_TO_BUILD=Mips 
>>    -DCMAKE_C_COMPILER="/usr/bin/mipsel-linux-gnu-gcc-5" 
>>    -DCMAKE_CXX_COMPILER="/usr/bin/mipsel-linux-gnu-g++-5" 
>>    -DCMAKE_ASM_COMPILER="/usr/bin/mipsel-linux-gnu-gcc-5" 
>>    -DCMAKE_C_FLAGS="-mips32 -mabi=32" -DCMAKE_CXX_FLAGS="-mips32 -mabi=32"" 
>> in 
>>    a build directory.
>>    6. Run "ninja; ninja install"
>>
>> But "ninja install" does not copy the sanitizer runtime libs in the 
>> install directory. So you will have to copy them to the install directory 
>> manually.
>>
>>
>> Regarding GCC's ASAN support for MIPS, as Maxim said we will have to add 
>> support for it following the steps he mentioned.
>>
>>
>> Regards,
>>
>> Sagar
>>
>>
>>
>> On Wednesday, November 16, 2016 at 1:13:06 PM UTC+5:30, Park Kit wrote:
>>>
>>> Hi Sagar,
>>>
>>> Many thanks for a reply. Although I am seeking to have GCC cross compile 
>>> working, it would be great to know that ASAN builds for mips on clang. 
>>>
>>> Looking forward to good news on that.
>>>
>>> Many thanks
>>> Kit
>>>
>>> 2016년 11월 15일 화요일 오후 6시 56분 48초 UTC, sagar....@imgtec.com 님의 말:
>>>>
>>>> Hi Park,
>>>>
>>>> Sorry for the delay.
>>>>
>>>> In order to run ASAN on mips, we always did a native build of 
>>>> compiler-rt on a real mips hardware. We never tried the cross build of 
>>>> compiler-rt.
>>>>
>>>> However, since you need the cross build, I will give it a try and get 
>>>> back to you as soon as I get success.
>>>>
>>>> Regards,
>>>> Sagar
>>>>
>>>> On Tuesday, November 15, 2016 at 1:59:15 PM UTC+5:30, Park Kit wrote:
>>>>>
>>>>> Hi all,
>>>>>
>>>>> Could anyone please give me some pointers to try?
>>>>>
>>>>> 2016년 10월 15일 토요일 오전 1시 21분 6초 UTC+1, kcc 님의 말:
>>>>>>
>>>>>> Sagar, Simon, 
>>>>>> Could you please consult on ASAN  for MIPS? 
>>>>>>
>>>>>> On Fri, Oct 14, 2016 at 3:04 PM, Park Kit <keite...@gmail.com> wrote:
>>>>>>
>>>>>>> Correction. ASN means ASAN of course. :-)
>>>>>>>
>>>>>>> -- 
>>>>>>> You received this message because you are subscribed to the Google 
>>>>>>> Groups "address-sanitizer" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it, 
>>>>>>> send an email to address-saniti...@googlegroups.com.
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>
>>>>>>

-- 
You received this message because you are subscribed to the Google Groups 
"address-sanitizer" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to address-sanitizer+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

diff --git a/gcc/config/mips/linux-common.h b/gcc/config/mips/linux-common.h
index 8429a7c..f28c820 100644
--- a/gcc/config/mips/linux-common.h
+++ b/gcc/config/mips/linux-common.h
@@ -27,6 +27,9 @@ along with GCC; see the file COPYING3.  If not see
     ANDROID_TARGET_OS_CPP_BUILTINS();				\
   } while (0)
 
+#undef  ASAN_CC1_SPEC
+#define ASAN_CC1_SPEC "%{fsanitize=*:-funwind-tables}"
+
 #undef  LINK_SPEC
 #define LINK_SPEC							\
   LINUX_OR_ANDROID_LD (GNU_USER_TARGET_LINK_SPEC,			\
@@ -34,12 +37,12 @@ along with GCC; see the file COPYING3.  If not see
 
 #undef  SUBTARGET_CC1_SPEC
 #define SUBTARGET_CC1_SPEC						\
-  LINUX_OR_ANDROID_CC (GNU_USER_TARGET_CC1_SPEC,			\
-		       GNU_USER_TARGET_CC1_SPEC " " ANDROID_CC1_SPEC)
+  LINUX_OR_ANDROID_CC (GNU_USER_TARGET_CC1_SPEC " " ASAN_CC1_SPEC,		\
+		       GNU_USER_TARGET_CC1_SPEC " " ASAN_CC1_SPEC " " ANDROID_CC1_SPEC)
 
 #undef  CC1PLUS_SPEC
 #define CC1PLUS_SPEC							\
-  LINUX_OR_ANDROID_CC ("", ANDROID_CC1PLUS_SPEC)
+  LINUX_OR_ANDROID_CC (ASAN_CC1_SPEC "", ASAN_CC1_SPEC " " ANDROID_CC1PLUS_SPEC)
 
 #undef  LIB_SPEC
 #define LIB_SPEC							\
diff --git a/gcc/config/mips/linux.h b/gcc/config/mips/linux.h
index dc51c45..7ab6c71 100644
--- a/gcc/config/mips/linux.h
+++ b/gcc/config/mips/linux.h
@@ -50,3 +50,10 @@ along with GCC; see the file COPYING3.  If not see
 #define GNU_USER_DYNAMIC_LINKERN32 \
   CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKERN32, UCLIBC_DYNAMIC_LINKERN32, \
                          BIONIC_DYNAMIC_LINKERN32, MUSL_DYNAMIC_LINKERN32)
+
+#undef  ASAN_CC1_SPEC
+#define ASAN_CC1_SPEC "%{%:sanitize(address):-funwind-tables}"
+
+#undef  CC1_SPEC
+#define CC1_SPEC GNU_USER_TARGET_CC1_SPEC ASAN_CC1_SPEC
+
diff --git a/gcc/config/mips/mips.c b/gcc/config/mips/mips.c
index d6464c5..7eefdfd 100644
--- a/gcc/config/mips/mips.c
+++ b/gcc/config/mips/mips.c
@@ -491,6 +491,7 @@ static int mips_base_move_loop_invariants; /* flag_move_loop_invariants */
 static int mips_base_align_loops; /* align_loops */
 static int mips_base_align_jumps; /* align_jumps */
 static int mips_base_align_functions; /* align_functions */
+static unsigned HOST_WIDE_INT mips_asan_shadow_offset (void);
 
 /* Index [M][R] is true if register R is allowed to hold a value of mode M.  */
 bool mips_hard_regno_mode_ok[(int) MAX_MACHINE_MODE][FIRST_PSEUDO_REGISTER];
@@ -22488,6 +22489,17 @@ mips_promote_function_mode (const_tree type ATTRIBUTE_UNUSED,
 #undef TARGET_HARD_REGNO_SCRATCH_OK
 #define TARGET_HARD_REGNO_SCRATCH_OK mips_hard_regno_scratch_ok
 
+#undef TARGET_ASAN_SHADOW_OFFSET
+#define TARGET_ASAN_SHADOW_OFFSET mips_asan_shadow_offset
+
 struct gcc_target targetm = TARGET_INITIALIZER;
 
+/* Implement the TARGET_ASAN_SHADOW_OFFSET hook.  */
+
+static unsigned HOST_WIDE_INT
+mips_asan_shadow_offset (void)
+{
+  return 0x0aaa0000L;
+}
+
 #include "gt-mips.h"
diff --git a/libsanitizer/configure.tgt b/libsanitizer/configure.tgt
index 8d884f4..db21669 100644
--- a/libsanitizer/configure.tgt
+++ b/libsanitizer/configure.tgt
@@ -34,6 +34,8 @@ case "${target}" in
 	;;
   sparc*-*-linux*)
 	;;
+  mips*-*-linux*)
+	;;
   arm*-*-linux*)
 	;;
   aarch64*-*-linux*)

diff --git a/sysdeps/unix/sysv/linux/mips/vfork.S b/sysdeps/unix/sysv/linux/mips/vfork.S
index 2c1a747..eea8687 100644
--- a/sysdeps/unix/sysv/linux/mips/vfork.S
+++ b/sysdeps/unix/sysv/linux/mips/vfork.S
@@ -106,6 +106,8 @@ L(error):
 #endif
 	END(__vfork)
 
+#if !defined NOT_IN_libc
 libc_hidden_def(__vfork)
 weak_alias (__vfork, vfork)
 strong_alias (__vfork, __libc_vfork)
+#endif
diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S b/sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S
index 549769a..f371fd8 100644
--- a/sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S
+++ b/sysdeps/unix/sysv/linux/sparc/sparc32/vfork.S
@@ -44,6 +44,8 @@ ENTRY(__vfork)
 	 nop
 END(__vfork)
 
+#ifdef IS_IN_libc
 libc_hidden_def (__vfork)
 weak_alias (__vfork, vfork)
 strong_alias (__vfork, __libc_vfork)
+#endif
diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S b/sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S
index 6d0628b..c4ac487 100644
--- a/sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S
+++ b/sysdeps/unix/sysv/linux/sparc/sparc64/vfork.S
@@ -44,6 +44,8 @@ ENTRY(__vfork)
 	 nop
 END(__vfork)
 
+#ifdef IS_IN_libc
 libc_hidden_def (__vfork)
 weak_alias (__vfork, vfork)
 strong_alias (__vfork, __libc_vfork)
+#endif

Re: ASN for MIPS with either clang or gcc

Reply via email to