[dpdk-dev] [PATCH] Enable AddressSanitizer feature on DPDK

[David Christensen]

>>> If you want to use this feature,
>>> you need to add below compilation options when compiling code:
>>> -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address
>>> "-Dbuildtype=debug": Display code information when coredump occurs in
>>> the program.
>>> "-Db_lundef=false": It is enabled by default, and needs to be disabled
>>> when using asan.
>>
>> On initial inspection, it appears ASAN functionality doesn't work with DPDK
>> on PPC architecture.  I tested the patch with several compiler versions (gcc
>> 8.3.1 from RHEL 8.3 through gcc 11.2.1 from the IBM Advanced Toolchain 15.0)
>> and observed the following error when running testpmd with ASAN enabled:
>>
>> AddressSanitizer:DEADLYSIGNAL
>> ==========================================================
>> =======
>> ==49246==ERROR: AddressSanitizer: SEGV on unknown address
>> 0x0000a0077bd0 (pc 0x000010b4eca4 bp 0x7fffffffe150 sp 0x7fffffffe150 T0)
>> ==49246==The signal is caused by a UNKNOWN memory access.
>>       #0 0x10b4eca4 in asan_set_shadow ../lib/eal/common/malloc_elem.h:120
>>       #1 0x10b4ed68 in asan_set_zone ../lib/eal/common/malloc_elem.h:135
>>       #2 0x10b4ee90 in asan_clear_split_alloczone
>> ../lib/eal/common/malloc_elem.h:162
>>       #3 0x10b51f84 in malloc_elem_alloc ../lib/eal/common/malloc_elem.c:477
>> ...
>>
>> Can you incorporate an exception for PPC architecture with this patch while I
>> look into the problem further?
>>
>> Dave
> 
> We do not have a ppc platform, so there is no adaptation. doc/guides/prog_guide/asan.rst
> has stated that we currently only support Linux x86_64. You can adapt according to the
> following documents, the main work is to modify the base address according to the platform.
> Documents:
> https://github.com/google/sanitizers/wiki/AddressSanitizer
> https://github.com/llvm/llvm-project/tree/main/compiler-rt

Understand you don't have such a platform.  I looked into it and suggest 
the following change in lib/eal/common/malloc_elem.h:

#define ASAN_SHADOW_GRAIN_SIZE  8
#define ASAN_SHADOW_SCALE       3
#ifdef RTE_ARCH_PPC_64
#define ASAN_SHADOW_OFFSET 0x020000000000
#else
#define ASAN_SHADOW_OFFSET 0x00007fff8000
#endif
#define ASAN_MEM_FREE_FLAG      0xfd
#define ASAN_MEM_REDZONE_FLAG   0xfa
#define ASAN_MEM_TO_SHADOW(mem) (((mem) >> ASAN_SHADOW_SCALE) + 
ASAN_SHADOW_OFFSET)


This resolves the segmentation error I receive.

Dave

P.S. FYI, here's the ASAN mapping I observe on x86 vs. POWER:

x86 results:
-----------------------------------------------------------------------------------
ASAN_OPTIONS=verbosity=1 ./a.out
==141271==AddressSanitizer: libc interceptors initialized
|| `[0x1000_7fff_8000, 0x7fff_ffff_ffff]` || HighMem    ||
|| `[0x0200_8fff_7000, 0x1000_7fff_7fff]` || HighShadow ||
|| `[0x0000_8fff_7000, 0x0200_8fff_6fff]` || ShadowGap  ||
|| `[0x0000_7fff_8000, 0x0000_8fff_6fff]` || LowShadow  ||
|| `[0x0000_0000_0000, 0x0000_7fff_7fff]` || LowMem     ||
MemToShadow(shadow): 0x0000_8fff_7000 0x0000_91ff_6dff 0x0040_91ff_6e00 
0x0200_8fff_6fff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
thread_local_quarantine_size_kb=1024K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x7fff_8000

POWER results:
-----------------------------------------------------------------------------------
ASAN_OPTIONS=verbosity=1 ./a.out
...
==93284==AddressSanitizer: libc interceptors initialized
|| `[0x1200_0000_0000, 0x7fff_ffff_ffff]` || HighMem    ||
|| `[0x0440_0000_0000, 0x11ff_ffff_ffff]` || HighShadow ||
|| `[0x0240_0000_0000, 0x043f_ffff_ffff]` || ShadowGap  ||
|| `[0x0200_0000_0000, 0x023f_ffff_ffff]` || LowShadow  ||
|| `[0x0000_0000_0000, 0x01ff_ffff_ffff]` || LowMem     ||
MemToShadow(shadow): 0x0240_0000_0000 0x0247_ffff_ffff 0x0288_0000_0000 
0x043f_ffff_ffff
redzone=16
max_redzone=2048
quarantine_size_mb=256M
thread_local_quarantine_size_kb=1024K
malloc_context_size=30
SHADOW_SCALE: 3
SHADOW_GRANULARITY: 8
SHADOW_OFFSET: 0x200_0000_0000