[coreboot-gerrit] Change in coreboot[master]: lib: Add ASan support to romstage on x86 arch

21 Aug 2020

Patrick Georgi has submitted this change. ( https://review.coreboot.org/c/coreboot/+/43604 )
Change subject: lib: Add ASan support to romstage on x86 arch
......................................................................
lib: Add ASan support to romstage on x86 arch
This patch adds ASan support to romstage on x86 architecture.
A Kconfig option is added to enable ASan in romstage. Compiler
flags are updated. A memory space representing the shadow region
is reserved in linker section. And a function call to asan_init()
is added to initialize shadow region when romstage loads.
Change-Id: I67ebfb5e8d602e865b1f5c874860861ae4e54381
Signed-off-by: Harshit Sharma harshitsharmajs@gmail.com
Reviewed-on: https://review.coreboot.org/c/coreboot/+/43604
Tested-by: build bot (Jenkins) no-reply@coreboot.org
Reviewed-by: Werner Zeh werner.zeh@siemens.com
---
M src/Kconfig
M src/arch/x86/assembly_entry.S
M src/arch/x86/car.ld
M src/include/symbols.h
M src/lib/Makefile.inc
M src/lib/asan.c
6 files changed, 66 insertions(+), 10 deletions(-)
Approvals:
  build bot (Jenkins): Verified
  Werner Zeh: Looks good to me, approved

diff --git a/src/Kconfig b/src/Kconfig
index f8af522..447755b 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -288,6 +288,13 @@
    comment "asan_shadow_offset_callback patch is applied to GCC."
 endif
+config ASAN_IN_ROMSTAGE
+	bool
+	depends on ASAN_IN_RAMSTAGE
+	default n
+	help
+	  Enable address sanitizer in romstage for platform.
+
 choice
    prompt "Stage Cache for ACPI S3 resume"
    default NO_STAGE_CACHE if !HAVE_ACPI_RESUME
diff --git a/src/arch/x86/assembly_entry.S b/src/arch/x86/assembly_entry.S
index fb48469..0d8307b 100644
--- a/src/arch/x86/assembly_entry.S
+++ b/src/arch/x86/assembly_entry.S
@@ -49,6 +49,10 @@
 #if CONFIG(IDT_IN_EVERY_STAGE)
    call	exception_init
 #endif
+
+#if CONFIG(ASAN_IN_ROMSTAGE)
+	call	asan_init
+#endif
    call	car_stage_entry
/* Expect to never return. */
diff --git a/src/arch/x86/car.ld b/src/arch/x86/car.ld
index 17b7748..eabe873 100644
--- a/src/arch/x86/car.ld
+++ b/src/arch/x86/car.ld
@@ -72,8 +72,12 @@
    *(.sbss.*)
    . = ALIGN(ARCH_POINTER_ALIGN_SIZE);
    _ebss = .;
-	_car_unallocated_start = .;
+#if ENV_ROMSTAGE && CONFIG(ASAN_IN_ROMSTAGE)
+	_shadow_size = (_ebss - _car_region_start) >> 3;
+	REGION(asan_shadow, ., _shadow_size, ARCH_POINTER_ALIGN_SIZE)
+#endif
+	_car_unallocated_start = .;
    _car_region_end = . + CONFIG_DCACHE_RAM_SIZE - (. - _car_region_start);
 }
 . = _car_region_end;
diff --git a/src/include/symbols.h b/src/include/symbols.h
index 2fbb449..57c52ee 100644
--- a/src/include/symbols.h
+++ b/src/include/symbols.h
@@ -24,7 +24,12 @@
 DECLARE_REGION(fmap_cache)
 DECLARE_REGION(tpm_tcpa_log)
-#if CONFIG(ASAN_IN_RAMSTAGE)
+#if ENV_ROMSTAGE && CONFIG(ASAN_IN_ROMSTAGE)
+DECLARE_REGION(bss)
+DECLARE_REGION(asan_shadow)
+#endif
+
+#if ENV_RAMSTAGE && CONFIG(ASAN_IN_RAMSTAGE)
 DECLARE_REGION(data)
 DECLARE_REGION(heap)
 DECLARE_REGION(asan_shadow)
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index e33a449..4ce133a 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -7,16 +7,24 @@
 CFLAGS_ramstage += -fsanitize=undefined
 endif
-ifeq ($(CONFIG_ASAN_IN_RAMSTAGE),y)
-ramstage-y += asan.c
 # Ensure that asan_shadow_offset_callback patch is applied to GCC before ASan is used.
 CFLAGS_asan += -fsanitize=kernel-address --param asan-use-shadow-offset-callback=1 \
-		--param asan-stack=1 --param asan-globals=1 \
+		--param asan-stack=1 -fsanitize-address-use-after-scope \
    	--param asan-instrumentation-with-call-threshold=0 \
-		-fsanitize-address-use-after-scope \
    	--param use-after-scope-direct-emission-threshold=0
-CFLAGS_ramstage += $(CFLAGS_asan)
+
+ifeq ($(CONFIG_ASAN_IN_ROMSTAGE),y)
+romstage-y += asan.c
+CFLAGS_asan += --param asan-globals=0
+CFLAGS_romstage += $(CFLAGS_asan)
 # Allow memory access without __asan_load and __asan_store checks.
+$(obj)/romstage/lib/asan.o: CFLAGS_asan =
+endif
+
+ifeq ($(CONFIG_ASAN_IN_RAMSTAGE),y)
+ramstage-y += asan.c
+CFLAGS_asan += --param asan-globals=1
+CFLAGS_ramstage += $(CFLAGS_asan)
 $(obj)/ramstage/lib/asan.o: CFLAGS_asan =
 endif
diff --git a/src/lib/asan.c b/src/lib/asan.c
index 0c186d6..11dbf7c 100644
--- a/src/lib/asan.c
+++ b/src/lib/asan.c
@@ -10,18 +10,29 @@
#include <symbols.h>
 #include <assert.h>
+#include <arch/symbols.h>
 #include <asan.h>
static inline void *asan_mem_to_shadow(const void *addr)
 {
+#if ENV_ROMSTAGE
+	return (void *)((uintptr_t)&_asan_shadow + (((uintptr_t)addr -
+		(uintptr_t)&_car_region_start) >> ASAN_SHADOW_SCALE_SHIFT));
+#elif ENV_RAMSTAGE
    return (void *)((uintptr_t)&_asan_shadow + (((uintptr_t)addr -
    	(uintptr_t)&_data) >> ASAN_SHADOW_SCALE_SHIFT));
+#endif
 }
static inline const void *asan_shadow_to_mem(const void *shadow_addr)
 {
+#if ENV_ROMSTAGE
+	return (void *)((uintptr_t)&_car_region_start + (((uintptr_t)shadow_addr -
+		(uintptr_t)&_asan_shadow) << ASAN_SHADOW_SCALE_SHIFT));
+#elif ENV_RAMSTAGE
    return (void *)((uintptr_t)&_data + (((uintptr_t)shadow_addr -
    	(uintptr_t)&_asan_shadow) << ASAN_SHADOW_SCALE_SHIFT));
+#endif
 }
static void asan_poison_shadow(const void *address, size_t size, u8 value)
@@ -225,10 +236,15 @@
    					size_t size, bool write,
    					unsigned long ret_ip)
 {
-	if (((uintptr_t)addr < (uintptr_t)&_data) ||
-			((uintptr_t)addr > (uintptr_t)&_eheap))
+#if ENV_ROMSTAGE
+	if (((uintptr_t)addr < (uintptr_t)&_car_region_start) ||
+		((uintptr_t)addr > (uintptr_t)&_ebss))
    	return;
-
+#elif ENV_RAMSTAGE
+	if (((uintptr_t)addr < (uintptr_t)&_data) ||
+		((uintptr_t)addr > (uintptr_t)&_eheap))
+		return;
+#endif
    if (unlikely(size == 0))
    	return;
@@ -252,8 +268,13 @@
uintptr_t __asan_shadow_offset(uintptr_t addr)
 {
+#if ENV_ROMSTAGE
+	return (uintptr_t)&_asan_shadow - (((uintptr_t)&_car_region_start) >>
+		ASAN_SHADOW_SCALE_SHIFT);
+#elif ENV_RAMSTAGE
    return (uintptr_t)&_asan_shadow - (((uintptr_t)&_data) >>
    	ASAN_SHADOW_SCALE_SHIFT);
+#endif
 }
static void register_global(struct asan_global *global)
@@ -285,6 +306,7 @@
  * to it so we could poison variable's redzone.
  * This function calls those constructors.
  */
+#if ENV_RAMSTAGE
 static void asan_ctors(void)
 {
    extern long __CTOR_LIST__;
@@ -296,12 +318,18 @@
    for (; *ctor != (func_ptr) 0; ctor++)
    	(*ctor)();
 }
+#endif
void asan_init(void)
 {
+#if ENV_ROMSTAGE
+	size_t size = (size_t)&_ebss - (size_t)&_car_region_start;
+	asan_unpoison_shadow((void *)&_car_region_start, size);
+#elif ENV_RAMSTAGE
    size_t size = (size_t)&_eheap - (size_t)&_data;
    asan_unpoison_shadow((void *)&_data, size);
    asan_ctors();
+#endif
 }
void __asan_poison_stack_memory(const void *addr, size_t size)
-- 
To view, visit https://review.coreboot.org/c/coreboot/+/43604
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I67ebfb5e8d602e865b1f5c874860861ae4e54381
Gerrit-Change-Number: 43604
Gerrit-PatchSet: 11
Gerrit-Owner: Harshit Sharma harshitsharmajs@gmail.com
Gerrit-Reviewer: Angel Pons th3fanbus@gmail.com
Gerrit-Reviewer: Julius Werner jwerner@chromium.org
Gerrit-Reviewer: Martin Roth martinroth@google.com
Gerrit-Reviewer: Patrick Georgi pgeorgi@google.com
Gerrit-Reviewer: Werner Zeh werner.zeh@siemens.com
Gerrit-Reviewer: build bot (Jenkins) no-reply@coreboot.org
Gerrit-CC: Paul Menzel paulepanter@users.sourceforge.net
Gerrit-MessageType: merged



    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

[coreboot-gerrit] Change in coreboot[master]: lib: Add ASan support to romstage on x86 arch