Mirrors_Framework/nuttx
1
0
Fork 0
mirror of https://github.com/apache/nuttx.git synced 2026-06-04 14:53:47 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

mm: Support the different kasan implementation

Browse Source 
Split kasan.c to incorporate label based kasan:
hook.c: Implement compiler instrumentation function
generic.c: Implementation software kasan algorithm

Signed-off-by: wangmingrong <wangmingrong1@xiaomi.com>
This commit is contained in:
Xiang Xiao
2024-03-10 16:29:23 +08:00
committed by Xiang Xiao
parent 70b9f63985
commit 47ffb9019f
6 changed files with 377 additions and 267 deletions
Download Patch File Download Diff File Expand all files Collapse all files
mm/kasan/CMakeLists.txt
+8 -8
View File
@@ -19,13 +19,13 @@
# the License.
#
# ##############################################################################
set(SRCS hook.c)
if(CONFIG_MM_KASAN)
target_sources(mm PRIVATE kasan.c)
target_compile_options(mm PRIVATE -fno-sanitize=kernel-address)
if(NOT CONFIG_LTO_NONE)
target_compile_options(mm PRIVATE -fno-lto)
endif()
list(APPEND SRCS generic.c)
set_source_files_properties(generic.c PROPERTIES COMPILE_FLAGS
-fno-sanitize=kernel-address)
set_source_files_properties(generic.c PROPERTIES COMPILE_FLAGS -fno-lto)
endif()
target_sources(mm PRIVATE ${SRCS})
mm/kasan/Make.defs
+10 -8
View File
@@ -20,17 +20,19 @@
#
############################################################################
ifeq ($(CONFIG_MM_KASAN),y)
CSRCS += hook.c
CSRCS += kasan.c
ifeq ($(CONFIG_MM_KASAN),y)
CSRCS += generic.c
# Disable kernel-address in mm subsystem
ifeq ($(CONFIG_ARCH_TOOLCHAIN_GNU),y)
CFLAGS += -fno-sanitize=kernel-address
ifeq ($(CONFIG_LTO_NONE),n)
CFLAGS += -fno-lto
endif
ifeq ($(CONFIG_ARCH_TOOLCHAIN_GNU),y)
CFLAGS += -fno-sanitize=kernel-address
ifeq ($(CONFIG_LTO_NONE),n)
CFLAGS += -fno-lto
endif
endif
# Add the core heap directory to the build
@@ -38,4 +40,4 @@ endif
DEPPATH += --dep-path kasan
VPATH += :kasan
endif
mm/kasan/kasan.c → mm/kasan/generic.c
+18 -247
View File
@@ -1,5 +1,5 @@
/****************************************************************************
* mm/kasan/kasan.c
* mm/kasan/generic.c
*
* SPDX-License-Identifier: Apache-2.0
*
@@ -27,11 +27,7 @@
#include <nuttx/spinlock.h>
#include <assert.h>
#include <debug.h>
#include <execinfo.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include "kasan.h"
@@ -64,7 +60,7 @@
#endif
#define KASAN_INIT_VALUE 0xDEADCAFE
#define KASAN_INIT_VALUE 0xdeadcafe
/****************************************************************************
* Private Types
@@ -78,12 +74,6 @@ struct kasan_region_s
uintptr_t shadow[1];
};
/****************************************************************************
* Private Function Prototypes
****************************************************************************/
static bool kasan_is_poisoned(FAR const void *addr, size_t size);
/****************************************************************************
* Private Data
****************************************************************************/
@@ -104,12 +94,13 @@ extern const unsigned char g_globals_region[];
* Private Functions
****************************************************************************/
static inline FAR uintptr_t *kasan_find_mem(uintptr_t addr, size_t size,
unsigned int *bit)
static FAR uintptr_t *kasan_mem_to_shadow(FAR const void *ptr, size_t size,
unsigned int *bit)
{
FAR struct kasan_region_s *region;
uintptr_t addr = (uintptr_t)ptr;
if (size == 0)
if (size == 0 || g_region_init != KASAN_INIT_VALUE)
{
return NULL;
}
@@ -145,121 +136,6 @@ static inline FAR uintptr_t *kasan_find_mem(uintptr_t addr, size_t size,
return NULL;
}
static FAR uintptr_t *kasan_mem_to_shadow(FAR const void *ptr, size_t size,
unsigned int *bit)
{
uintptr_t addr = (uintptr_t)ptr;
FAR uintptr_t *ret;
size_t mul;
size_t mod;
size_t i;
if (g_region_init != KASAN_INIT_VALUE)
{
return NULL;
}
if (size > KASAN_SHADOW_SCALE)
{
mul = size / KASAN_SHADOW_SCALE;
for (i = 0; i < mul; i++)
{
ret = kasan_find_mem(addr + i * KASAN_SHADOW_SCALE,
KASAN_SHADOW_SCALE, bit);
if (ret == NULL)
{
return ret;
}
}
mod = size % KASAN_SHADOW_SCALE;
addr += mul * KASAN_SHADOW_SCALE;
size = mod;
}
return kasan_find_mem(addr, size, bit);
}
static void kasan_show_memory(FAR const uint8_t *addr, size_t size,
size_t dumpsize)
{
FAR const uint8_t *start = (FAR const uint8_t *)
(((uintptr_t)addr) & ~0xf) - dumpsize;
FAR const uint8_t *end = start + 2 * dumpsize;
FAR const uint8_t *p = start;
char buffer[256];
_alert("Shadow bytes around the buggy address:\n");
for (p = start; p < end; p += 16)
{
int ret = sprintf(buffer, " %p: ", p);
int i;
for (i = 0; i < 16; i++)
{
if (kasan_is_poisoned(p + i, 1))
{
if (p + i == addr)
{
ret += sprintf(buffer + ret,
"\b[\033[31m%02x\033[0m ", p[i]);
}
else if (p + i == addr + size - 1)
{
ret += sprintf(buffer + ret, "\033[31m%02x\033[0m]", p[i]);
}
else
{
ret += sprintf(buffer + ret, "\033[31m%02x\033[0m ", p[i]);
}
}
else
{
ret += sprintf(buffer + ret, "\033[37m%02x\033[0m ", p[i]);
}
}
_alert("%s\n", buffer);
}
}
static void kasan_report(FAR const void *addr, size_t size,
bool is_write,
FAR void *return_address)
{
static int recursion;
irqstate_t flags;
flags = enter_critical_section();
if (++recursion == 1)
{
_alert("kasan detected a %s access error, address at %p,"
"size is %zu, return address: %p\n",
is_write ? "write" : "read",
addr, size, return_address);
kasan_show_memory(addr, size, 80);
#ifndef CONFIG_MM_KASAN_DISABLE_PANIC
PANIC();
#else
dump_stack();
#endif
}
--recursion;
leave_critical_section(flags);
}
static bool kasan_is_poisoned(FAR const void *addr, size_t size)
{
FAR uintptr_t *p;
unsigned int bit;
p = kasan_mem_to_shadow(addr, size, &bit);
return p && ((*p >> bit) & 1);
}
static void kasan_set_poison(FAR const void *addr, size_t size,
bool poisoned)
{
@@ -269,20 +145,17 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
uintptr_t mask;
int flags;
if (size == 0)
p = kasan_mem_to_shadow(addr, size, &bit);
if (p == NULL)
{
return;
}
flags = spin_lock_irqsave(&g_lock);
p = kasan_find_mem((uintptr_t)addr, size, &bit);
DEBUGASSERT(p != NULL);
nbit = KASAN_BITS_PER_WORD - bit % KASAN_BITS_PER_WORD;
mask = KASAN_FIRST_WORD_MASK(bit);
size /= KASAN_SHADOW_SCALE;
flags = spin_lock_irqsave(&g_lock);
while (size >= nbit)
{
if (poisoned)
@@ -317,21 +190,18 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
spin_unlock_irqrestore(&g_lock, flags);
}
static inline void kasan_check_report(FAR const void *addr, size_t size,
bool is_write,
FAR void *return_address)
{
if (kasan_is_poisoned(addr, size))
{
kasan_report(addr, size, is_write, return_address);
}
}
/****************************************************************************
* Public Functions
****************************************************************************/
/* Exported functions called from other mm module */
bool kasan_is_poisoned(FAR const void *addr, size_t size)
{
FAR uintptr_t *p;
unsigned int bit;
p = kasan_mem_to_shadow(addr, size, &bit);
return p && ((*p >> bit) & 1);
}
void kasan_poison(FAR const void *addr, size_t size)
{
@@ -364,102 +234,3 @@ void kasan_init_early(void)
{
g_region_init = 0;
}
/* Exported functions called from the compiler generated code */
void __sanitizer_annotate_contiguous_container(FAR const void *beg,
FAR const void *end,
FAR const void *old_mid,
FAR const void *new_mid)
{
/* Shut up compiler complaints */
}
void __asan_before_dynamic_init(FAR const void *module_name)
{
/* Shut up compiler complaints */
}
void __asan_after_dynamic_init(void)
{
/* Shut up compiler complaints */
}
void __asan_handle_no_return(void)
{
/* Shut up compiler complaints */
}
void __asan_report_load_n_noabort(FAR void *addr, size_t size)
{
kasan_report(addr, size, false, return_address(0));
}
void __asan_report_store_n_noabort(FAR void *addr, size_t size)
{
kasan_report(addr, size, true, return_address(0));
}
void __asan_loadN_noabort(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, false, return_address(0));
}
void __asan_storeN_noabort(FAR void * addr, size_t size)
{
kasan_check_report(addr, size, true, return_address(0));
}
void __asan_loadN(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, false, return_address(0));
}
void __asan_storeN(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, true, return_address(0));
}
#define DEFINE_ASAN_LOAD_STORE(size) \
void __asan_report_load##size##_noabort(FAR void *addr) \
{ \
kasan_report(addr, size, false, return_address(0)); \
} \
void __asan_report_store##size##_noabort(FAR void *addr) \
{ \
kasan_report(addr, size, true, return_address(0)); \
} \
void __asan_load##size##_noabort(FAR void *addr) \
{ \
kasan_check_report(addr, size, false, return_address(0)); \
} \
void __asan_store##size##_noabort(FAR void *addr) \
{ \
kasan_check_report(addr, size, true, return_address(0)); \
} \
void __asan_load##size(FAR void *addr) \
{ \
kasan_check_report(addr, size, false, return_address(0)); \
} \
void __asan_store##size(FAR void *addr) \
{ \
kasan_check_report(addr, size, true, return_address(0)); \
}
DEFINE_ASAN_LOAD_STORE(1)
DEFINE_ASAN_LOAD_STORE(2)
DEFINE_ASAN_LOAD_STORE(4)
DEFINE_ASAN_LOAD_STORE(8)
DEFINE_ASAN_LOAD_STORE(16)
#ifdef CONFIG_MM_KASAN_GLOBAL
void __asan_register_globals(void *ptr, ssize_t size)
{
/* Shut up compiler complaints */
}
void __asan_unregister_globals(void *ptr, ssize_t size)
{
/* Shut up compiler complaints */
}
#endif
mm/kasan/hook.c
+215
View File
@@ -0,0 +1,215 @@
/****************************************************************************
* mm/kasan/hook.c
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership. The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <nuttx/irq.h>
#include <assert.h>
#include <debug.h>
#include <execinfo.h>
#include <stdint.h>
#include <stdio.h>
#include "kasan.h"
/****************************************************************************
* Private Functions
****************************************************************************/
static void kasan_show_memory(FAR const uint8_t *addr, size_t size,
size_t dumpsize)
{
FAR const uint8_t *start = (FAR const uint8_t *)
(((uintptr_t)addr) & ~0xf) - dumpsize;
FAR const uint8_t *end = start + 2 * dumpsize;
FAR const uint8_t *p = start;
char buffer[256];
_alert("Shadow bytes around the buggy address:\n");
for (p = start; p < end; p += 16)
{
int ret = sprintf(buffer, " %p: ", p);
int i;
for (i = 0; i < 16; i++)
{
if (kasan_is_poisoned(p + i, 1))
{
if (p + i == addr)
{
ret += sprintf(buffer + ret,
"\b[\033[31m%02x\033[0m ", p[i]);
}
else if (p + i == addr + size - 1)
{
ret += sprintf(buffer + ret, "\033[31m%02x\033[0m]", p[i]);
}
else
{
ret += sprintf(buffer + ret, "\033[31m%02x\033[0m ", p[i]);
}
}
else
{
ret += sprintf(buffer + ret, "\033[37m%02x\033[0m ", p[i]);
}
}
_alert("%s\n", buffer);
}
}
static void kasan_report(FAR const void *addr, size_t size,
bool is_write, FAR void *return_address)
{
static int recursion;
irqstate_t flags;
flags = enter_critical_section();
if (++recursion == 1)
{
_alert("kasan detected a %s access error, address at %p,"
"size is %zu, return address: %p\n",
is_write ? "write" : "read",
addr, size, return_address);
kasan_show_memory(addr, size, 80);
#ifndef CONFIG_MM_KASAN_DISABLE_PANIC
PANIC();
#else
dump_stack();
#endif
}
--recursion;
leave_critical_section(flags);
}
static inline void kasan_check_report(FAR const void *addr, size_t size,
bool is_write,
FAR void *return_address)
{
if (kasan_is_poisoned(addr, size))
{
kasan_report(addr, size, is_write, return_address);
}
}
/****************************************************************************
* Public Functions
****************************************************************************/
void __asan_before_dynamic_init(FAR const void *module_name)
{
/* Shut up compiler complaints */
}
void __asan_after_dynamic_init(void)
{
/* Shut up compiler complaints */
}
void __asan_handle_no_return(void)
{
/* Shut up compiler complaints */
}
void __asan_register_globals(void *ptr, size_t size)
{
/* Shut up compiler complaints */
}
void __asan_unregister_globals(void *ptr, size_t size)
{
/* Shut up compiler complaints */
}
void __sanitizer_annotate_contiguous_container(FAR const void *beg,
FAR const void *end,
FAR const void *old_mid,
FAR const void *new_mid)
{
/* Shut up compiler complaints */
}
void __asan_report_load_n_noabort(FAR void *addr, size_t size)
{
kasan_report(addr, size, false, return_address(0));
}
void __asan_report_store_n_noabort(FAR void *addr, size_t size)
{
kasan_report(addr, size, true, return_address(0));
}
void __asan_loadN_noabort(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, false, return_address(0));
}
void __asan_storeN_noabort(FAR void * addr, size_t size)
{
kasan_check_report(addr, size, true, return_address(0));
}
void __asan_loadN(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, false, return_address(0));
}
void __asan_storeN(FAR void *addr, size_t size)
{
kasan_check_report(addr, size, true, return_address(0));
}
#define DEFINE_ASAN_LOAD_STORE(size) \
void __asan_report_load##size##_noabort(FAR void *addr) \
{ \
kasan_report(addr, size, false, return_address(0)); \
} \
void __asan_report_store##size##_noabort(FAR void *addr) \
{ \
kasan_report(addr, size, true, return_address(0)); \
} \
void __asan_load##size##_noabort(FAR void *addr) \
{ \
kasan_check_report(addr, size, false, return_address(0)); \
} \
void __asan_store##size##_noabort(FAR void *addr) \
{ \
kasan_check_report(addr, size, true, return_address(0)); \
} \
void __asan_load##size(FAR void *addr) \
{ \
kasan_check_report(addr, size, false, return_address(0)); \
} \
void __asan_store##size(FAR void *addr) \
{ \
kasan_check_report(addr, size, true, return_address(0)); \
}
DEFINE_ASAN_LOAD_STORE(1)
DEFINE_ASAN_LOAD_STORE(2)
DEFINE_ASAN_LOAD_STORE(4)
DEFINE_ASAN_LOAD_STORE(8)
DEFINE_ASAN_LOAD_STORE(16)
mm/kasan/kasan.h
+21 -4
View File
@@ -27,6 +27,7 @@
* Included Files
****************************************************************************/
#include <stdbool.h>
#include <stddef.h>
/****************************************************************************
@@ -34,11 +35,12 @@
****************************************************************************/
#ifndef CONFIG_MM_KASAN
# define kasan_is_poisoned(addr, size) false
# define kasan_poison(addr, size)
# define kasan_unpoison(addr, size)
# define kasan_register(addr, size)
# define kasan_init_early()
#endif
#else
/****************************************************************************
* Public Function Prototypes
@@ -52,7 +54,22 @@ extern "C"
#define EXTERN extern
#endif
#ifdef CONFIG_MM_KASAN
/****************************************************************************
* Name: kasan_is_poisoned
*
* Description:
* Check if the memory range is poisoned
*
* Input Parameters:
* addr - range start address
* size - range size
*
* Returned Value:
* true if the memory range is poisoned, false otherwise.
*
****************************************************************************/
bool kasan_is_poisoned(FAR const void *addr, size_t size);
/****************************************************************************
* Name: kasan_poison
@@ -126,11 +143,11 @@ void kasan_register(FAR void *addr, FAR size_t *size);
void kasan_init_early(void);
#endif /* CONFIG_MM_KASAN */
#undef EXTERN
#ifdef __cplusplus
}
#endif
#endif /* CONFIG_MM_KASAN */
#endif /* __MM_KASAN_KASAN_H */