[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Mon, 24 Jun 2019 11:33:37 +0100
Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>
Delivery-date: Mon, 24 Jun 2019 10:33:53 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Hi Andrew,

On 6/24/19 11:17 AM, Andrew Cooper wrote:

GCC 5 introduced -fsanitize=alignment which is enabled by default by
CONFIG_UBSAN.  This trips a load of wont-fix cases in the ACPI tables and the
hypercall page and stubs writing logic.

It also causes the native Xen boot to crash before the console is set up, for
an as-yet unidentified reason (most likley a wont-fix case earlier on boot).

Disable alignment sanitisation on compilers which would try using it.

Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
CC: Julien Grall <julien.grall@xxxxxxx>

This isn't ideal, but we can't do better without a bit of an overhaul which I
don't have time for now.  Linux uses a whitelist of sanitisers but I'm not
entirely sure we want to go that route.  ARM currently isn't working well with
UBSAN, but AFACIT, all ARM platforms that we support also disable alignment
sanitisation in Linux.

Linux has an option to disable/enable aligment sanitisation. However,IIRC, Linux allows unaligned access for both Arm32 and Arm64.


For Xen:

- On Arm32, alignment check is enabled, so any unaligned access willresult to a crash.- On Arm64, alignment check is disabled, the only reason is becausememcpy is using unaligned access (for performance reason). But we shouldstill not rely on unaligned access as they are not atomic.

The only limitation for using UBSAN on Xen on Arm today is the size ofthe binary (we only support up to 2MB). So my preference here would beto make the new flag x86 only.

Ideally longer plan would be to make a per-file decision on thesanitization to use.


Cheers,

--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers
  - From: Andrew Cooper

References:
- [Xen-devel] [PATCH 0/2] xen/ubsan: Multiple fixes
  - From: Andrew Cooper
- [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers
  - From: Andrew Cooper

Prev by Date: Re: [Xen-devel] [PATCH v5 2/2] xen/arm: fix mask calculation in pdx_init_mask
Next by Date: Re: [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers
Previous by thread: [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers
Next by thread: Re: [Xen-devel] [PATCH 1/2] xen/ubsan: Don't perform alignment checking on supporting compilers
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.