LLVM Sanitizers in the NetBSD userland

Presenter Notes

netbsd

EuroBSDcon 2018

Author: Kamil Rytarowski

E-mail: kamil@netbsd.org

Date: September 22th 2018

Place: Bucharest, Romania

Presenter Notes

Bio

Kamil Rytarowski (born 1987)

Krakow, Poland

NetBSD user since 6.1.

The NetBSD Foundation member since 2015.

Work areas: kernel, userland, pkgsrc.

Interest: NetBSD on desktop and in particular NetBSD as a workstation.

The current activity in 3rd party software:

  • LLVM committer.
  • GDB & binutils committer.
  • NetBSD maintainer in qemu.

Presenter Notes

Topics

  • What are sanitizers?
  • Types of sanitizers
  • Characteristics of sanitizers
  • Sanitizers vs Valgrind
  • Types of sanitizer runtimes
  • MKSANITIZER
  • MKLIBCSANITIZER
  • A selection of fixed programs

Presenter Notes

What are sanitizers?

Sanitizer is a programming tool that detects computer program bugs such as:

  • buffer overflows,
  • signed integer overflow,
  • uninitialized memory read,
  • data races etc.

sanitizer

Presenter Notes

Types of sanitizers

The fundamental four sanitizers are supported on NetBSD:

  • Address Sanitizer (Asan) - Finds invalid address usage bugs.
  • Undefined Behavior Sanitizer (UBSan) - Finds unspecified code semantics bugs.
  • Thread Sanitizer (TSan) - Finds threading bugs.
  • Memory Sanitizer (MSan) - Finds uninitialized memory read.

Presenter Notes

Characteristics of sanitizers

  • Checks are performed dynamically in runtime.
  • Compiler (Clang, GCC) emits checks inlined into the generated code.
  • Runtime handles non-trivial validation and reporting of bugs.

Presenter Notes

Sanitizers vs Valgrind

Sanitizers:

  • Compile-time instrumentation
  • Slowdown 2x
  • Decent portability
  • Detects: out-of-bounds heap, out-of-bounds stack, out-of-bounds globals, use-after-free, use-after-return, uninitialized-memory-read, leaks, undefined-behavior, data races

Valgrind:

  • Dynamic-binary instrumentation
  • Slowdown 20x
  • Difficult porting to new platforms and OSes
  • Detects: out-of-bounds heap, use-after-free, uninitialized-memory-read, leaks, data races

Presenter Notes

MKSANITIZER

Build and use almost all of the userland with a selected sanitizer.

1 ./build.sh \
2     -V MKLLVM=yes \
3     -V MKGCC=no \
4     -V HAVE_LLVM=yes \
5     -V MKSANITIZER=yes \
6     -V USE_SANITIZER="address,undefined" \
7     distribution

Unsanitized exceptions: kernel, loadable kernel modules, ramdisks, static libraries, static programs, base libraries (libc, libm, libpthread, librt).

Functional chroot environment: ASan, UBSan, MSan.

Bootable distribution into functional shell: ASan, UBSan.

As of now requires external and patched Clang/LLVM toolchain.

Presenter Notes

MKLIBCSANITIZER

Build and use almost all of the userland with a selected sanitizer linked with libc.

1 ./build.sh \
2     -V MKLIBCSANITIZER=yes \
3     distribution

Unsanitized exceptions: ramdisks, static libraries, static programs.

Restricted to UBSan with a specialized homegrown runtime (µUBSan).

Presenter Notes

A selection of fixed programs

ASan: sh(1), sysinst(8), heimdal krb5, libutil(3), man(1), installboot(8), passwd(8), ...

UBSan: tmux(1), expr(1), ksh(1), ifconfig(8), libc, [gnu]grep(1), gzip(1), [n]awk(1), [n]vi(1), disklabel(8), ...

MSan: sh(1), top(1), ...

... and others that were forgotten to mention.

Presenter Notes

Sanitizers on NetBSD

Further reading

Action needed

Presenter Notes