diff options
author | Sascha Hauer <s.hauer@pengutronix.de> | 2020-09-17 09:39:17 +0200 |
---|---|---|
committer | Sascha Hauer <s.hauer@pengutronix.de> | 2020-09-22 20:40:12 +0200 |
commit | 6cd9d2d600f3764a4c51d1a735e36397d91334f3 (patch) | |
tree | a48e89e6a91fe8f3f1009a0982a8a65cc6384ba5 /scripts | |
parent | 2b7b0cd8d9f71bdf2d6623ead66ef2510095aa0f (diff) | |
download | barebox-6cd9d2d600f3764a4c51d1a735e36397d91334f3.tar.gz barebox-6cd9d2d600f3764a4c51d1a735e36397d91334f3.tar.xz |
Add KASan support
KernelAddressSANitizer (KASAN) is a dynamic memory error detector. It
provides a fast and comprehensive solution for finding use-after-free
and out-of-bounds bugs.
This adds support for KASan to barebox. It is basically a stripped down
version taken from the Linux Kernel as of v5.9-rc1.
Quoting the initial Linux commit 0b24becc810d ("kasan: add kernel address
sanitizer infrastructure") describes what KASan does:
| KASAN uses compile-time instrumentation for checking every memory access,
| therefore GCC > v4.9.2 required. v4.9.2 almost works, but has issues with
| putting symbol aliases into the wrong section, which breaks kasan
| instrumentation of globals.
|
| Basic idea:
|
| The main idea of KASAN is to use shadow memory to record whether each byte
| of memory is safe to access or not, and use compiler's instrumentation to
| check the shadow memory on each memory access.
|
| Address sanitizer uses 1/8 of the memory addressable in kernel for shadow
| memory and uses direct mapping with a scale and offset to translate a
| memory address to its corresponding shadow address.
|
| For every 8 bytes there is one corresponding byte of shadow memory.
| The following encoding used for each shadow byte: 0 means that all 8 bytes
| of the corresponding memory region are valid for access; k (1 <= k <= 7)
| means that the first k bytes are valid for access, and other (8 - k) bytes
| are not; Any negative value indicates that the entire 8-bytes are
| inaccessible. Different negative values used to distinguish between
| different kinds of inaccessible memory (redzones, freed memory) (see
| mm/kasan/kasan.h).
|
| To be able to detect accesses to bad memory we need a special compiler.
| Such compiler inserts a specific function calls (__asan_load*(addr),
| __asan_store*(addr)) before each memory access of size 1, 2, 4, 8 or 16.
|
| These functions check whether memory region is valid to access or not by
| checking corresponding shadow memory. If access is not valid an error
| printed.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/Makefile.kasan | 17 | ||||
-rw-r--r-- | scripts/Makefile.lib | 10 |
2 files changed, 27 insertions, 0 deletions
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan new file mode 100644 index 0000000000..83f6aa543d --- /dev/null +++ b/scripts/Makefile.kasan @@ -0,0 +1,17 @@ + # SPDX-License-Identifier: GPL-2.0 +ifdef CONFIG_KASAN +CFLAGS_KASAN_NOSANITIZE := -fno-builtin +KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) +endif + +CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address + +cc-param = $(call cc-option, -mllvm -$(1), $(call cc-option, --param $(1))) + +CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL) \ + $(call cc-param,asan-globals=1) \ + $(call cc-param,asan-instrument-allocas=1) + +ifndef CONFIG_CPU_64 +CFLAGS_KASAN += $(call cc-param,asan-stack=1) +endif diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 337430cd00..ab7d9f2bdf 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -127,6 +127,16 @@ _c_flags = $(KBUILD_CFLAGS) $(ccflags-y) $(CFLAGS_$(target-stem).o) _a_flags = $(KBUILD_AFLAGS) $(asflags-y) $(AFLAGS_$(target-stem).o) _cpp_flags = $(KBUILD_CPPFLAGS) $(cppflags-y) $(CPPFLAGS_$(target-stem).lds) +# +# Enable address sanitizer flags for kernel except some files or directories +# we don't want to check (depends on variables KASAN_SANITIZE_obj.o, KASAN_SANITIZE) +# +ifeq ($(CONFIG_KASAN),y) +_c_flags += $(if $(part-of-pbl),, $(if $(patsubst n%,, \ + $(KASAN_SANITIZE_$(basetarget).o)$(KASAN_SANITIZE)y), \ + $(CFLAGS_KASAN), $(CFLAGS_KASAN_NOSANITIZE))) +endif + ifeq ($(CONFIG_UBSAN),y) _CFLAGS_UBSAN = $(eval _CFLAGS_UBSAN := $(CFLAGS_UBSAN))$(_CFLAGS_UBSAN) _c_flags += $(if $(patsubst n%,, \ |