Abdullah Zafar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32239

Change subject: src/lib/kasan.c: Cleanup lint errors src/Kconfig: Set default n for KASAN option src/lib/Makefile.inc: Add -fasan-shadow-offset option Update makefile ......................................................................

src/lib/kasan.c: Cleanup lint errors src/Kconfig: Set default n for KASAN option src/lib/Makefile.inc: Add -fasan-shadow-offset option Update makefile

Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com Change-Id: Icd92e057b530e6cf5eaf531f518fb112e9b7e93c --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 41 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/39/32239/1

diff --git a/src/Kconfig b/src/Kconfig index 62b3818..874c7c6 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -219,6 +219,13 @@ coverage information in CBMEM for extraction from user space. If unsure, say N.

+config KASAN + bool "Kernel Address sanitizer support" + default n + help + Instrument the code with checks for UAF and OOB erros. If unsure, + say N because it adds a small performance penalty. + config UBSAN bool "Undefined behavior sanitizer support" default n diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1350152..d64cde5 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -19,6 +19,11 @@ CFLAGS_ramstage += -fsanitize=undefined endif

+ifeq ($(CONFIG_KASAN),y) +ramstage-y += kasan.c +CFLAGS_ramstage += -fsanitize=kernel-address -fasan-shadow-offset=0x3fe00 +endif + decompressor-y += decompressor.c $(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4 $(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4 diff --git a/src/lib/kasan.c b/src/lib/kasan.c new file mode 100644 index 0000000..f3cb70f --- /dev/null +++ b/src/lib/kasan.c @@ -0,0 +1,29 @@ +#include <stddef.h> + +/* + *Empty stubs required by gcc if KASan is enabled + */ +void __asan_handle_no_return(void); +void __asan_load1_noabort(unsigned long addr); +void __asan_store1_noabort(unsigned long addr); +void __asan_load2_noabort(unsigned long addr); +void __asan_store2_noabort(unsigned long addr); +void __asan_load4_noabort(unsigned long addr); +void __asan_store4_noabort(unsigned long addr); +void __asan_load8_noabort(unsigned long addr); +void __asan_store8_noabort(unsigned long addr); +void __asan_loadN_noabort(unsigned long addr, size_t x); +void __asan_storeN_noabort(unsigned long addr, size_t x); + + +void __asan_handle_no_return(void) { } +void __asan_load1_noabort(unsigned long addr) { } +void __asan_store1_noabort(unsigned long addr) { } +void __asan_load2_noabort(unsigned long addr) { } +void __asan_store2_noabort(unsigned long addr) { } +void __asan_load4_noabort(unsigned long addr) { } +void __asan_store4_noabort(unsigned long addr) { } +void __asan_store8_noabort(unsigned long addr) { } +void __asan_load8_noabort(unsigned long addr) { } +void __asan_loadN_noabort(unsigned long addr, size_t i) { } +void __asan_storeN_noabort(unsigned long addr, size_t i) { }