Abdullah Zafar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32231
Change subject: Add KASAN stubs to coreboot. ......................................................................
Add KASAN stubs to coreboot.
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com
Changes to be committed: modified: src/Kconfig modified: src/lib/Makefile.inc new file: src/lib/kasan.c
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 45 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/1
diff --git a/src/Kconfig b/src/Kconfig index 62b3818..96e746e 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -219,6 +219,15 @@ coverage information in CBMEM for extraction from user space. If unsure, say N.
+config KASAN + bool "Kernel Address sanitizer support" + default y + help + Instrument the code with checks for UAF and OOB erros. If unsure, + say N because it adds a small performance penalty and may abort + on code that happens to work in spite of the UB. + + config UBSAN bool "Undefined behavior sanitizer support" default n diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1350152..88afaaa 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -19,6 +19,12 @@ CFLAGS_ramstage += -fsanitize=undefined endif
+ifeq ($(CONFIG_KASAN),y) +ramstage-y += kasan.c +CFLAGS_ramstage += -fsanitize=kernel-address +endif + + decompressor-y += decompressor.c $(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4 $(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4 @@ -83,7 +89,7 @@ romstage-y += memrange.c romstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c ramstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c -romstage-y += ramtest.c +romstage-$(CONFIG_CACHE_AS_RAM) += ramtest.c romstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c ramstage-y += region_file.c romstage-y += region_file.c diff --git a/src/lib/kasan.c b/src/lib/kasan.c new file mode 100644 index 0000000..3f482e9 --- /dev/null +++ b/src/lib/kasan.c @@ -0,0 +1,29 @@ +#include <stddef.h> + +/* + *Empty stubs for required by gcc to add compiler code + */ +void __asan_handle_no_return(void); +void __asan_load1_noabort(unsigned long addr); +void __asan_store1_noabort(unsigned long addr); +void __asan_load2_noabort(unsigned long addr); +void __asan_store2_noabort(unsigned long addr); +void __asan_load4_noabort(unsigned long addr); +void __asan_store4_noabort(unsigned long addr); +void __asan_load8_noabort(unsigned long addr); +void __asan_store8_noabort(unsigned long addr); +void __asan_loadN_noabort(unsigned long addr, size_t x); +void __asan_storeN_noabort(unsigned long addr, size_t x); + + +void __asan_handle_no_return(void) { } +void __asan_load1_noabort(unsigned long addr) { } +void __asan_store1_noabort(unsigned long addr) { } +void __asan_load2_noabort(unsigned long addr) { } +void __asan_store2_noabort(unsigned long addr) { } +void __asan_load4_noabort(unsigned long addr) { } +void __asan_store4_noabort(unsigned long addr) { } +void __asan_store8_noabort(unsigned long addr) { } +void __asan_load8_noabort(unsigned long addr) { } +void __asan_loadN_noabort(unsigned long addr, size_t i) { } +void __asan_storeN_noabort(unsigned long addr, size_t i) { }