Abdullah Zafar has uploaded this change for review.
Add KASAN stubs to coreboot.
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN.
Remove lint errors and warnings from kasan.c.
Signed-off-by: 11abdullah11 <abdullahzafar4876@yahoo.com>
Changes to be committed:
modified: src/Kconfig
modified: src/lib/Makefile.inc
new file: src/lib/kasan.c
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577
---
M src/Kconfig
M src/lib/Makefile.inc
A src/lib/kasan.c
3 files changed, 45 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/1
diff --git a/src/Kconfig b/src/Kconfig
index 62b3818..96e746e 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -219,6 +219,15 @@
coverage information in CBMEM for extraction from user space.
If unsure, say N.
+config KASAN
+ bool "Kernel Address sanitizer support"
+ default y
+ help
+ Instrument the code with checks for UAF and OOB erros. If unsure,
+ say N because it adds a small performance penalty and may abort
+ on code that happens to work in spite of the UB.
+
+
config UBSAN
bool "Undefined behavior sanitizer support"
default n
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 1350152..88afaaa 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -19,6 +19,12 @@
CFLAGS_ramstage += -fsanitize=undefined
endif
+ifeq ($(CONFIG_KASAN),y)
+ramstage-y += kasan.c
+CFLAGS_ramstage += -fsanitize=kernel-address
+endif
+
+
decompressor-y += decompressor.c
$(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4
$(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4
@@ -83,7 +89,7 @@
romstage-y += memrange.c
romstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c
ramstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c
-romstage-y += ramtest.c
+romstage-$(CONFIG_CACHE_AS_RAM) += ramtest.c
romstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c
ramstage-y += region_file.c
romstage-y += region_file.c
diff --git a/src/lib/kasan.c b/src/lib/kasan.c
new file mode 100644
index 0000000..3f482e9
--- /dev/null
+++ b/src/lib/kasan.c
@@ -0,0 +1,29 @@
+#include <stddef.h>
+
+/*
+ *Empty stubs for required by gcc to add compiler code
+ */
+void __asan_handle_no_return(void);
+void __asan_load1_noabort(unsigned long addr);
+void __asan_store1_noabort(unsigned long addr);
+void __asan_load2_noabort(unsigned long addr);
+void __asan_store2_noabort(unsigned long addr);
+void __asan_load4_noabort(unsigned long addr);
+void __asan_store4_noabort(unsigned long addr);
+void __asan_load8_noabort(unsigned long addr);
+void __asan_store8_noabort(unsigned long addr);
+void __asan_loadN_noabort(unsigned long addr, size_t x);
+void __asan_storeN_noabort(unsigned long addr, size_t x);
+
+
+void __asan_handle_no_return(void) { }
+void __asan_load1_noabort(unsigned long addr) { }
+void __asan_store1_noabort(unsigned long addr) { }
+void __asan_load2_noabort(unsigned long addr) { }
+void __asan_store2_noabort(unsigned long addr) { }
+void __asan_load4_noabort(unsigned long addr) { }
+void __asan_store4_noabort(unsigned long addr) { }
+void __asan_store8_noabort(unsigned long addr) { }
+void __asan_load8_noabort(unsigned long addr) { }
+void __asan_loadN_noabort(unsigned long addr, size_t i) { }
+void __asan_storeN_noabort(unsigned long addr, size_t i) { }
To view, visit change 32231. To unsubscribe, or for help writing mail filters, visit settings.