[RFC PATCH 0/2] toolchain: build all user space with sanitizer on glibc
Hauke Mehrtens
hauke at hauke-m.de
Sun Jan 17 12:10:34 EST 2021
This patch allows to build most the OpenWrt user space with address and
undefined behavior sanitizer activated by default.
This only works with glibc and gcc 10 and I only tested this on x86 64
so far. It is not intended to activate this by default ever, but this is
helpful to detect (security) bugs in our applications.
The first patch adds a work around for a problem with our Kconfig
system, I did not fully understand the problems and only provided a
workaround for it, if someone has any idea what is going wrong there
this would be helpful.
I already found some problems like memory leaks and a use after free
problem, will send separate mails for the later.
When these sanitizers are activated the OpenWrt userspace needs
significant more memory, use at least 256MB for a basic system.
TODOs:
* Fix the Kconfig recursive dependency problem
* Test this on more than x86 / 64
* Make it depend on GCC 10 or wait till GCC 10 is the default.
Hauke Mehrtens (2):
Workaround recursive error
toolchain: Allow building with ASAN and UBSAN
config/Config-build.in | 22 ++++++++++++++++++++++
include/hardening.mk | 14 ++++++++++++++
include/package-defaults.mk | 2 +-
include/toolchain-build.mk | 2 ++
package/boot/grub2/Makefile | 2 ++
package/kernel/mac80211/Makefile | 2 +-
package/libs/toolchain/Makefile | 2 ++
package/network/services/dropbear/Makefile | 2 ++
package/network/utils/iw/Makefile | 11 ++++++++---
package/utils/busybox/Makefile | 2 ++
10 files changed, 56 insertions(+), 5 deletions(-)
--
2.20.1
More information about the openwrt-devel
mailing list