sslab-gatech / unisan Goto Github PK
View Code? Open in Web Editor NEWUniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
License: MIT License
UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages
License: MIT License
How to use clang to complie linux kernel into LLVM IR?
If the original allocation is dynamically sized, then UniSan only detects it as unsafe if it is used directly as argument to a sink function. The conservative code-paths (storing pointer to heap, inline assembly, etc.) do not trigger for dynamically sized allocations.
Calls to unmodelled functions without bodies should be considered sinks in a conservative analysis. The current code actually implements this conservative behavior, but circumvents it with a continue statement. As such, these functions are considered always safe by the analysis.
https://github.com/sslab-gatech/unisan/blob/master/analysis/src/lib/SafeAllocation.cc#L791
The different Modules loaded by UniSan use different LLVM contexts. In LLVM the basic types are only guaranteed to be unique within a given context. As such char* between two modules will have a different Type instance. See http://llvm.org/docs/doxygen/html/Type_8cpp_source.html#l00182 and http://llvm.org/docs/doxygen/html/LLVMContextImpl_8h_source.html#l00975 for an example.
Furthermore struct types are only deduplicated in the linker phase as far as I am aware of. Even if you use the same the context, you will get different type instances for the same struct declaration (see https://groups.google.com/forum/#!topic/llvm-dev/3Eud9pfFUr).
The test should be simple with an indirect call to a function defined in another bytecode file, which takes both primitive arguments (char, short) as well as a struct or stuct pointers.
As always, please provide updated coverage numbers after every fix (including issue 1). If the coverage does not change at all, then it is great and still important to see, since you have confirmation that the issue did not affect the security offered by UniSan.
Hi:
/root/unisan-master/analysis/src/lib/SAStructs.cc:342:9: error: invalid operands to binary expression ('BasicBlock::iterator'
(aka 'ilist_iteratorllvm::Instruction') and 'llvm::Value *')
if (I == UN->U) {
/root/unisan-master/analysis/src/lib/SAStructs.cc:358:14: error: invalid operands to binary expression ('BasicBlock::iterator'
(aka 'ilist_iteratorllvm::Instruction') and 'llvm::Value *')
else if (I == (*it)->U) {
2 errors generated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.