Kernel Address Sanitizer (KASan) for TizenRT #1444
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MM_ALIGN_MASK - create align mask for common align macros MM_IS_ALIGNED - check is addr x aligned on a bound or not MM_ALIGN_UP_COMMON - align up addr x to a bound MM_ALIGN_DOWN_COMMON - align down addr x to a bound MM_IS_RAM_ADDR - check is addr in RAM bounds or not Signed-off-by: Roman Lakeev <[email protected]>
RET_IP - shortage for __builtin_return_address(0) used in memory allocator __compiler_offsetof - needed for container_of macro GCC_VERSION - needed for choosing KASAN_ABI_VERSION KASAN_ABI_VERSION - controls layout of structures dictated by compiler alias - define for attribute that helps create functions aliases no_sanitize_address - define for attribute that prevents KASan instrumentation Signed-off-by: Roman Lakeev <[email protected]>
Add no_sanitize_address to following functions because they can touch redzones on stack: - up_stackdump - unwind_frame_with_fp - do_stackcheck Signed-off-by: Roman Lakeev <[email protected]>
Signed-off-by: Roman Lakeev <[email protected]>
- add offsetof and container_of macros to stddef.h - remove offsetof and container_of defines from all other places Signed-off-by: Roman Lakeev <[email protected]>
KASan is dynamic memory analyzer. It helps in finding and fixing memory related bugs such as buffers overflow and underflow, use after free, incorrect use of global and stack variables. Detailed information see in docs/KASan.md Signed-off-by: Roman Lakeev <[email protected]>
Allocator instrumentation needed for creating redzones around objects located on heap. In case of mm_heap allocator, we poison (mark as a redzone) mm_allocnode_s structure for each allocation for detecting overflow and underflow of memory chunk. And we poison whole memory chunk with mm_freenode_s structure if it is free and put it in quarantine for detecting use-after-free bugs. Signed-off-by: Roman Lakeev <[email protected]>
Instrumentation of code that directly accesses mm_allocnode_s structure fields. When KASan enabled, this structure is under redzone and because of this we need to unpoison it before using and poison again after. Signed-off-by: Roman Lakeev <[email protected]>
up_memorymap prints memory map. Useful in some debugging cases Signed-off-by: Roman Lakeev <[email protected]>
arm_head.S: - make _sinit and _einit variables global - clean shadow region for avoiding KASan errors printing before KASan initialized up_allocateheap.c: - calculate heap size with aware of shadow region s5j_boot.c: - pass regions bounds to KASan - call KASan initialization - call constructors of global variables Signed-off-by: Roman Lakeev <[email protected]>
KASan checks of memory accesses based on compiler instrumentation. In this patch complete integration in build system performs. This includes: mm/Kconfig: - KASan related configuration Config.mk: - KASAN_DEFINES includes compiler time data - KASAN_FLAGS includes all specialized flags - COMPILE_SANITIZE makefile function respoinsible for calling compiler with proper flags in case of sanitizing Makefile's: - call COMPILE or COMPILE_SANITIZE depends on KASan and explicit mark files as unsanitizable Add kasan_flash.ld and kasan_flash_enlarge.ld linker scripts Make.defs's: - move ARCHCCVERSION, ARCHCCMAJOR and ARCHCCMINOR to Config.mk - change order of includes for correct ARCHCCVERSION extraction in Config.mk - change 'CFLAGS =' to 'CFLAGS +=' for avoid clearing flags setted in Config.mk - use kasan_flash.ld or kasan_flash_enlarge.ld depends on configuration (only for artik053 and sidk_s5jt200) defonfig's: - add 'CONFIG_ARCH_HAVE_KASAN=y' to artik053 and sidk_s5jt200 defconfigs (KASan tested only on this configs and boards) Signed-off-by: Roman Lakeev <[email protected]>
Signed-off-by: Roman Lakeev <[email protected]>
|
Target : [29cbeec] - Code Rule Check (C++) OK. |
|
Target : [29cbeec] - |
|
Target : [29cbeec] - Code Rule Check OK. |
|
Target : [29cbeec] - Code Rule Check (C++) OK. |
1 similar comment
|
Target : [29cbeec] - Code Rule Check (C++) OK. |
|
Target : [29cbeec] - Code Rule Check OK. |
|
Target : [29cbeec] - Code Rule Check (C++) OK. |
|
Target : [29cbeec] - Code Rule Check OK. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
KASan is dynamic memory analyzer. It helps in finding and fixing
memory related bugs such as buffers overflow and underflow, use after
free, incorrect use of global and stack variables.
Detailed information see in docs/KASan.md