Abdullah Zafar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32220
Change subject: Add empty stubs for KASAN to coreboot. Kconfig default settings set to compile with KASAN. ......................................................................
Add empty stubs for KASAN to coreboot. Kconfig default settings set to compile with KASAN.
Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com Change-Id: I424dcb16fc33f356fca823866a7c869484c42870
modified: src/Kconfig modified: src/lib/Makefile.inc new file: src/lib/kasan.c
Change-Id: Ib40ab0116550fd2a5cb208abc39f0df6d80192fa --- A .tmpconfig.lintkyQ0Qt A .tmpconfig.lintq3Y6J5 A .tmpconfig.linttyjU7F A .tmpconfig.lintvEnN0V M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 7 files changed, 46 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/20/32220/1
diff --git a/.tmpconfig.lintkyQ0Qt b/.tmpconfig.lintkyQ0Qt new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/.tmpconfig.lintkyQ0Qt diff --git a/.tmpconfig.lintq3Y6J5 b/.tmpconfig.lintq3Y6J5 new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/.tmpconfig.lintq3Y6J5 diff --git a/.tmpconfig.linttyjU7F b/.tmpconfig.linttyjU7F new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/.tmpconfig.linttyjU7F diff --git a/.tmpconfig.lintvEnN0V b/.tmpconfig.lintvEnN0V new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/.tmpconfig.lintvEnN0V diff --git a/src/Kconfig b/src/Kconfig index 62b3818..263cde3 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -219,6 +219,15 @@ coverage information in CBMEM for extraction from user space. If unsure, say N.
+config KASAN + bool "Kernel Address sanitizer support" + default y + help + Instrument the code with checks for UAF and OOB erros. If unsure, + say N because it adds a small performance penalty and may abort + on code that happens to work in spite of the UB. + + config UBSAN bool "Undefined behavior sanitizer support" default n diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1350152..88afaaa 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -19,6 +19,12 @@ CFLAGS_ramstage += -fsanitize=undefined endif
+ifeq ($(CONFIG_KASAN),y) +ramstage-y += kasan.c +CFLAGS_ramstage += -fsanitize=kernel-address +endif + + decompressor-y += decompressor.c $(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4 $(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4 @@ -83,7 +89,7 @@ romstage-y += memrange.c romstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c ramstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c -romstage-y += ramtest.c +romstage-$(CONFIG_CACHE_AS_RAM) += ramtest.c romstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c ramstage-y += region_file.c romstage-y += region_file.c diff --git a/src/lib/kasan.c b/src/lib/kasan.c new file mode 100644 index 0000000..28ff1ed --- /dev/null +++ b/src/lib/kasan.c @@ -0,0 +1,30 @@ +#include <stddef.h> + +/* + *Empty stubs for required by gcc to add compiler code + */ + +void __asan_handle_no_return(void); +void __asan_load1_noabort(unsigned long addr); +void __asan_store1_noabort(unsigned long addr); +void __asan_load2_noabort(unsigned long addr); +void __asan_store2_noabort(unsigned long addr); +void __asan_load4_noabort(unsigned long addr); +void __asan_store4_noabort(unsigned long addr); +void __asan_load8_noabort(unsigned long addr); +void __asan_store8_noabort(unsigned long addr); +void __asan_loadN_noabort(unsigned long addr,size_t); +void __asan_storeN_noabort(unsigned long addr,size_t); + + +void __asan_handle_no_return(void){ } +void __asan_load1_noabort(unsigned long addr){ } +void __asan_store1_noabort(unsigned long addr){ } +void __asan_load2_noabort(unsigned long addr){ } +void __asan_store2_noabort(unsigned long addr){ } +void __asan_load4_noabort(unsigned long addr){ } +void __asan_store4_noabort(unsigned long addr){ } +void __asan_store8_noabort(unsigned long addr){ } +void __asan_load8_noabort(unsigned long addr){ } +void __asan_loadN_noabort(unsigned long addr,size_t i){ } +void __asan_storeN_noabort(unsigned long addr,size_t i){ }