[Toybox] [PATCH] grep: fix two bugs found by hwasan.
enh
enh at google.com
Fri Aug 2 16:18:40 PDT 2019
On Wed, Jul 17, 2019 at 8:46 PM Rob Landley <rob at landley.net> wrote:
>
> On 7/17/19 11:16 AM, enh wrote:
> >> I committed a fix on top of yours, does it still pass your sanitizer?
> >
> > yes, thanks. (a comment there about alignment would have helped... in
> > 2019 it's rare to see anyone still care about alignment!)
>
> Rare for _you_ to see. Cortex-M0 faults on unaligned access, and I believe ARM
> estimated at launch they expected to sell 4.5 billion cortex-m chips in 2013
> alone? (https://www.arm.com/zh/files/event/20130715_AES_Joseph.pdf) And they're
> one of a dozen players in this space (albeit the biggest).
>
> There are more nommu devices deployed every year than android devices, it's just
> that the range between "high end" and "low end" got big enough there's not
> nearly as much developer overlap as there used to be. Plus a decade and change
> back the embedded community largely seems to have given up on the Linux
> community (too toxic) and stopped trying to interact with them, so they're
> either sticking with old versions (I still see 2.6 out in the wild a lot), using
> forks maintained by companies like https://www.emcraft.com/, or doing posix RTOS
> du jour (yesterday's was https://twitter.com/Sat_U/status/1151342993883815936).
>
> > i'll send a patch that adds an ASAN=1 to the build scripts so it's
> > easier to test like this. whenever hwasan finds a bug (the last one i
> > had to fix was in BSD grep, amusingly enough) i try to reproduce and
> > fix on the host for convenience and although it's not hard to do it's
> > quite a long command line.
>
> This works with the NDK toolchain?
>
> > i was hoping to talk about valgrind -> asan -> hwasan [where we are
> > now] -> ARM MTE [where we want to be] in the Google I/O 2019 C++ talk,
> > so i could send you a link.
>
> Yay link!
lots more links for you:
https://security.googleblog.com/2019/08/adopting-arm-memory-tagging-extension.html
> I'm scheduled to give a "busybox vs toybox" talk at ELC in a month because of
> the 4 talk topics I submitted, that's the one they wanted for some reason?
> (*shrug* Ok.)
>
> > as it was, we only got hwasan into the
> > Pixel 2 kernels for Q
> > [https://source.android.com/devices/tech/debug/hwasan], and i didn't
> > want to spend time on what's effectively still vaporware from an app
> > developer perspective. but there are some slides by the folks doing
> > the actual work from an LLVM conference last year:
> > https://llvm.org/devmtg/2018-10/slides/Serebryany-Stepanov-Tsyrklevich-Memory-Tagging-Slides-LLVM-2018.pdf
> > --- TL;DR: MTE is "always-on asan in production".
>
> Cool.
>
> I tend to be a bit leery of stuff that isn't upstream "yet". The "yet" for
> squashfs dragged on for something like 5 years?
> (https://lwn.net/Articles/563578/) I was all excited about fdpic support for arm
> (https://s3.amazonaws.com/connect.linaro.org/sfo15/Presentations/09-24-Thursday/SFO15-406-%20ARM%20FDPIC%20Toolchains.pdf)
> but as far as I know it still hasn't been merged upstream into gcc.
>
> Everybody else in the embedded world just uses the forks and ignores upstream,
> and are thus stuck on old versions. _I_ don't, but I'm weird in this context.
> Funky hybrid of "the linux way" and "the embedded way" trying to serve two
> masters. And now, of course, Android.
>
> >> Rob
>
> Still Rob
More information about the Toybox
mailing list