Annotation of wikisrc/users/maya.mdwn, revision 1.7

1.7     ! maya        1: # NetBSD-8 release notes items #
        !             2: 
        !             3: Below list needs to be expanded about ARM, MPSAFE networking changes.  
        !             4: Then expanded to be readable by an average technically inclined person.  
        !             5: Then reordered for most cool things on top.
        !             6: 
        !             7: * W^X memory protection enforced by default on architectures with fine-grained memory protection
        !             8: * ASLR in some archs, MKPIE default for userland  
        !             9: XXX list of archs
        !            10: * SSP/FORTIFY default for userland and packages.  
        !            11: XXX is SSP / MKPIE new to userland?
        !            12: * In-kernel audio mixer
        !            13: 
        !            14: * USB system rework. added USB3 support.
        !            15: 
        !            16: The following networking components and drivers have been made MPSAFE:  
        !            17: XXX long list, TODO.smpnet is a start
        !            18: 
        !            19: 
        !            20: * Reproducible build (link to blog)
        !            21: * Dynamic tracing (DTrace) for kernel code (link to guide/intro)
        !            22: 
        !            23: 
        !            24: amd64, i386:
        !            25: 
        !            26: * Meltdown fixes
        !            27: * SMEP
        !            28: * SMAP
        !            29: * amd64 kernel W^X
        !            30: * EFI bootloader
        !            31: 
        !            32: xen:
        !            33: 
        !            34: * kernel modules support
        !            35: 
        !            36: ARM:
        !            37: 
        !            38: * awin, FDT  
        !            39: XXX elaborate
        !            40: 
        !            41: 
        !            42: * TC-USB, TurboChannel USB support for ...
        !            43: * mntva, driver for mntmn's VA2000 amiga graphics card
        !            44: 
        !            45: * bta2dpd - new Bluetooth Advanced Audio Distribution Profile daemon
        !            46: * iwm(4), a driver for Intel Wireless devices (AC7260, AC7265, AC3160...)
        !            47: * nvme(4), a driver for NVMe hardware, ported from OpenBSD
        !            48: * nouveau, an open source driver for modern nVidia graphics, ported from linux, available by default.
        !            49:    (this is at the bottom because we mentioned it in 7.1 too)
        !            50: 
        !            51: 
1.1       maya       52: # Tips for using analyzers on NetBSD #
                     53: 
                     54: ## Address Sanitizer (+UBsan) (preliminary) ##
                     55: 
1.3       maya       56: ASan reports memory violations, and detects many off-by-ones. It seems to produce very high quality reports.
1.1       maya       57: 
1.3       maya       58: It only needs to be compiled on the resulting binary[1]. It cannot compile static objects so requires some fiddling with makefiles to disable those.
1.1       maya       59: 
                     60: I've been running it on netbsd tests in the following manner[2]:
                     61: 
                     62:     cd /usr/src/tests/lib/libc
                     63:     env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20
                     64: 
1.3       maya       65:     env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run # [3]
1.1       maya       66: 
1.3       maya       67:     sysctl -w security.pax.aslr.enabled=0 # [4]
1.2       maya       68: 
1.1       maya       69: 1. Seems like this is a cause of worse reports, as in-library functions
                     70: are not intercepted.
                     71: 
                     72: 2. Not even close to canonical commands, should probably be improved.
                     73: 
1.7     ! maya       74: 3. To workaround "Shadow memory range interleaves with an existing memory mapping. ASan cannot proceed correctly". An alternative is to LD_PRELOAD and LD_LIBRARY_PATH an entirely separate libc, ld.elf_so, etc.
1.3       maya       75: 
1.7     ! maya       76: 4. ASan can be wrong about which function is faulting, if we're talking about functions internal to the library. Running it on a separate file or in GDB can be helpful. Worth trying if the failure doesn't make sense.
1.1       maya       77: 
1.6       maya       78: **Important note: ASan should not be run on production systems. [It can pose a security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9).**
1.1       maya       79: 
                     80: ## Coverity ##
                     81: 
                     82: Coverity is a static analyzer.
                     83: 
                     84: You can see a part of its output in coverity-updates@, and a lot more
                     85: if you go to the website (sign up with your netbsd email or poke someone
                     86: for access).
                     87: 
                     88: A lot of the reports are about strncpy/strcpy or in code that belongs
                     89: to GCC (in the case of userland), you can tackle this by limiting
                     90: results to a particular directory (click the folder icon). You can
                     91: also sort by issue.
                     92: 
                     93: Some suggestions for things to focus on, as there are many defects
                     94: reported:
1.4       maya       95: 
1.1       maya       96: - Setuid programs
                     97: - Anything kernel
                     98: - Stuff that runs as root
                     99: - Library or other code you know well already
                    100: - Drivers for hardware you actually own and can test
                    101: 
1.5       maya      102: ## Future ideas: ##
1.1       maya      103: 
1.2       maya      104: - GCC could be told to add ASan flags for all shared objects, making it easier to build world with those flags
1.1       maya      105: - We could run all of NetBSD with ASan for some real world tests.
1.2       maya      106: - ASan for kernel? (subr_kmem.c has some flags which do some of the work, could it do more?)
1.1       maya      107: - Fuzzers are cool.

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb