diff options
author | Manoj Gupta <manojgupta@google.com> | 2018-02-01 19:23:22 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-02-02 13:19:23 -0800 |
commit | 91944f28f4685f6fcf46720339b1834717b8a23e (patch) | |
tree | 77fb7a5599e4b9ccbcd4db9dad0d23bcead27e1c | |
parent | c794a05538bb87a9e18f744d893475ded1b973e2 (diff) | |
download | platform_external_libbrillo-91944f28f4685f6fcf46720339b1834717b8a23e.tar.gz platform_external_libbrillo-91944f28f4685f6fcf46720339b1834717b8a23e.tar.bz2 platform_external_libbrillo-91944f28f4685f6fcf46720339b1834717b8a23e.zip |
libbrillo: Disable asan on SecureMemset.
SecureMemset is used to overwrite beyond string size() but not
beyond capacity().
As this behavior is intentional, disable it from asan analysis.
Also provide a new asan.h header file to hold all asan specific
definitions.
BUG=chromium:808243
TEST=libbrillo/cryptohome unit tests pass with asan.
Change-Id: Idfabe15614299312be35beb64eae10e5acb07e1b
Reviewed-on: https://chromium-review.googlesource.com/898605
Commit-Ready: Manoj Gupta <manojgupta@chromium.org>
Tested-by: Manoj Gupta <manojgupta@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
-rw-r--r-- | brillo/asan.h | 21 | ||||
-rw-r--r-- | brillo/secure_blob.cc | 2 | ||||
-rw-r--r-- | brillo/secure_blob.h | 6 | ||||
-rw-r--r-- | brillo/secure_blob_unittest.cc | 7 |
4 files changed, 29 insertions, 7 deletions
diff --git a/brillo/asan.h b/brillo/asan.h new file mode 100644 index 0000000..9a73202 --- /dev/null +++ b/brillo/asan.h @@ -0,0 +1,21 @@ +// Copyright 2018 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. +// +// This header provides Address Sanitizer specific macros. +// +#ifndef LIBBRILLO_BRILLO_ASAN_H_ +#define LIBBRILLO_BRILLO_ASAN_H_ + +#if defined(__has_feature) && __has_feature(address_sanitizer) +// ASan is enabled. +#define BRILLO_ASAN_BUILD 1 +// Provide BRILLO_DISABLE_ASAN hook to disable ASan. +// Put this in front on functions or global variables where required. +#define BRILLO_DISABLE_ASAN __attribute__((no_sanitize("address"))) +#else +#define BRILLO_DISABLE_ASAN +#endif + +#endif + diff --git a/brillo/secure_blob.cc b/brillo/secure_blob.cc index 9e6d570..58cd594 100644 --- a/brillo/secure_blob.cc +++ b/brillo/secure_blob.cc @@ -49,7 +49,7 @@ SecureBlob SecureBlob::Combine(const SecureBlob& blob1, return result; } -void* SecureMemset(void* v, int c, size_t n) { +BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n) { volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(v); while (n--) *p++ = c; diff --git a/brillo/secure_blob.h b/brillo/secure_blob.h index b6111c7..86f43eb 100644 --- a/brillo/secure_blob.h +++ b/brillo/secure_blob.h @@ -8,6 +8,7 @@ #include <string> #include <vector> +#include <brillo/asan.h> #include <brillo/brillo_export.h> namespace brillo { @@ -46,7 +47,10 @@ class BRILLO_EXPORT SecureBlob : public Blob { // While memset() can be optimized out in certain situations (since most // compilers implement this function as intrinsic and know of its side effects), // this function will not be optimized out. -BRILLO_EXPORT void* SecureMemset(void* v, int c, size_t n); +// +// SecureMemset is used to write beyond the size() in several functions. +// Since this is intentional, disable address sanitizer from analying it. +BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n); // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match, // 1 if they don't. Time taken to perform the comparison is only dependent on diff --git a/brillo/secure_blob_unittest.cc b/brillo/secure_blob_unittest.cc index f68ac24..aa2684e 100644 --- a/brillo/secure_blob_unittest.cc +++ b/brillo/secure_blob_unittest.cc @@ -4,6 +4,7 @@ // Unit tests for SecureBlob. +#include "brillo/asan.h" #include "brillo/secure_blob.h" #include <algorithm> @@ -78,11 +79,7 @@ TEST_F(SecureBlobTest, IteratorConstructorTest) { // Disable ResizeTest with address sanitizer. // https://crbug.com/806013 -#if defined(__has_feature) && __has_feature(address_sanitizer) -#define BRILLO_DISABLE_RESIZETEST 1 -#endif - -#ifndef BRILLO_DISABLE_RESIZETEST +#ifndef BRILLO_ASAN_BUILD TEST_F(SecureBlobTest, ResizeTest) { // Check that resizing a SecureBlob wipes the excess memory. The test assumes // that resize() down by one will not re-allocate the memory, so the last byte |