Abdullah Zafar has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32231
Change subject: Add KASAN stubs to coreboot. ......................................................................
Add KASAN stubs to coreboot.
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com
Changes to be committed: modified: src/Kconfig modified: src/lib/Makefile.inc new file: src/lib/kasan.c
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 45 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/1
diff --git a/src/Kconfig b/src/Kconfig index 62b3818..96e746e 100644 --- a/src/Kconfig +++ b/src/Kconfig @@ -219,6 +219,15 @@ coverage information in CBMEM for extraction from user space. If unsure, say N.
+config KASAN + bool "Kernel Address sanitizer support" + default y + help + Instrument the code with checks for UAF and OOB erros. If unsure, + say N because it adds a small performance penalty and may abort + on code that happens to work in spite of the UB. + + config UBSAN bool "Undefined behavior sanitizer support" default n diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc index 1350152..88afaaa 100644 --- a/src/lib/Makefile.inc +++ b/src/lib/Makefile.inc @@ -19,6 +19,12 @@ CFLAGS_ramstage += -fsanitize=undefined endif
+ifeq ($(CONFIG_KASAN),y) +ramstage-y += kasan.c +CFLAGS_ramstage += -fsanitize=kernel-address +endif + + decompressor-y += decompressor.c $(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4 $(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4 @@ -83,7 +89,7 @@ romstage-y += memrange.c romstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c ramstage-$(CONFIG_PRIMITIVE_MEMTEST) += primitive_memtest.c -romstage-y += ramtest.c +romstage-$(CONFIG_CACHE_AS_RAM) += ramtest.c romstage-$(CONFIG_GENERIC_GPIO_LIB) += gpio.c ramstage-y += region_file.c romstage-y += region_file.c diff --git a/src/lib/kasan.c b/src/lib/kasan.c new file mode 100644 index 0000000..3f482e9 --- /dev/null +++ b/src/lib/kasan.c @@ -0,0 +1,29 @@ +#include <stddef.h> + +/* + *Empty stubs for required by gcc to add compiler code + */ +void __asan_handle_no_return(void); +void __asan_load1_noabort(unsigned long addr); +void __asan_store1_noabort(unsigned long addr); +void __asan_load2_noabort(unsigned long addr); +void __asan_store2_noabort(unsigned long addr); +void __asan_load4_noabort(unsigned long addr); +void __asan_store4_noabort(unsigned long addr); +void __asan_load8_noabort(unsigned long addr); +void __asan_store8_noabort(unsigned long addr); +void __asan_loadN_noabort(unsigned long addr, size_t x); +void __asan_storeN_noabort(unsigned long addr, size_t x); + + +void __asan_handle_no_return(void) { } +void __asan_load1_noabort(unsigned long addr) { } +void __asan_store1_noabort(unsigned long addr) { } +void __asan_load2_noabort(unsigned long addr) { } +void __asan_store2_noabort(unsigned long addr) { } +void __asan_load4_noabort(unsigned long addr) { } +void __asan_store4_noabort(unsigned long addr) { } +void __asan_store8_noabort(unsigned long addr) { } +void __asan_load8_noabort(unsigned long addr) { } +void __asan_loadN_noabort(unsigned long addr, size_t i) { } +void __asan_storeN_noabort(unsigned long addr, size_t i) { }
build bot (Jenkins) has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(2 comments)
https://review.coreboot.org/#/c/32231/1/src/Kconfig File src/Kconfig:
https://review.coreboot.org/#/c/32231/1/src/Kconfig@222 PS1, Line 222: config KASAN trailing whitespace
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c File src/lib/kasan.c:
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c@4 PS1, Line 4: *Empty stubs for required by gcc to add compiler code trailing whitespace
Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(5 comments)
Clean up your lint issues as jenkins won't start a tree-wide generation otherwise.
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG@9 PS1, Line 9: Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Try to keep the 80-char-per-line in the commit message so that it will not look that ugly in gerrit. Here is a good description of how a commit message should look like: https://doc.coreboot.org/lessons/lesson2.html#part-4a-using-the-command-line...
https://review.coreboot.org/#/c/32231/1/src/Kconfig File src/Kconfig:
https://review.coreboot.org/#/c/32231/1/src/Kconfig@224 PS1, Line 224: default y This needs to be default n as you don't want it to be enabled per default. The user can enable it then on demand.
https://review.coreboot.org/#/c/32231/1/src/lib/Makefile.inc File src/lib/Makefile.inc:
https://review.coreboot.org/#/c/32231/1/src/lib/Makefile.inc@92 PS1, Line 92: romstage-$(CONFIG_CACHE_AS_RAM) += ramtest.c Why do you touch it here? It has nothing to do with your KASan change in this patch so do not mix things up in the same commit. Further on, ramtest.c needs to be in romsatge regardless of CACHE_AS_RAM as the aim is to test the DRAM that has been brought up to live in romstage.
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c File src/lib/kasan.c:
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c@4 PS1, Line 4: for required by gcc "required by gcc if KASan is enabled"
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c@5 PS1, Line 5: */ As you explicitly implement the KASan and not ASan feature here, name the stubs __kasan_xxx
Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/32231/1/src/lib/Makefile.inc File src/lib/Makefile.inc:
https://review.coreboot.org/#/c/32231/1/src/lib/Makefile.inc@24 PS1, Line 24: CFLAGS_ramstage += -fsanitize=kernel-address You will need more that just this switch. At least you need to provide the address of the shadow RM with the flag -fasan-shadow-offset=
Abdullah Zafar has removed Martin Roth from this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Removed reviewer Martin Roth.
Abdullah Zafar has removed Patrick Georgi from this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Removed reviewer Patrick Georgi.
Abdullah Zafar has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(1 comment)
This change is ready for review.
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c File src/lib/kasan.c:
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c@5 PS1, Line 5: */
As you explicitly implement the KASan and not ASan feature here, name the stubs __kasan_xxx
When "-fsanitize=kernel-address" option is added, gcc requires __asan_xxx functions instead of __kasan-xxx.
Abdullah Zafar has removed Martin Roth from this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Removed reviewer Martin Roth.
Abdullah Zafar has removed Patrick Georgi from this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Removed reviewer Patrick Georgi.
Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(1 comment)
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c File src/lib/kasan.c:
https://review.coreboot.org/#/c/32231/1/src/lib/kasan.c@5 PS1, Line 5: */
When "-fsanitize=kernel-address" option is added, gcc requires __asan_xxx functions instead of __kas […]
Oh, I see. OK.
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot. ......................................................................
Patch Set 1:
(3 comments)
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG@7 PS1, Line 7: Add KASAN stubs to coreboot. Please remove the dot/period at the of the commit message summary.
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG@12 PS1, Line 12: Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com Please move that exactly below the Change-Id line.
https://review.coreboot.org/#/c/32231/1//COMMIT_MSG@14 PS1, Line 14: Changes to be committed: : modified: src/Kconfig : modified: src/lib/Makefile.inc : new file: src/lib/kasan.c Please remove these lines, which git can generate automatically, for example `git log --stat`.
Hello Werner Zeh, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32231
to look at the new patch set (#2).
Change subject: Add KASAN stubs to coreboot ......................................................................
Add KASAN stubs to coreboot
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 45 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/2
Hello Werner Zeh, build bot (Jenkins), Patrick Georgi, Martin Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32231
to look at the new patch set (#3).
Change subject: Add KASAN stubs to coreboot ......................................................................
Add KASAN stubs to coreboot
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 43 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/3
Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot ......................................................................
Patch Set 3: Code-Review+1
Does this replace patch https://review.coreboot.org/c/coreboot/+/32239 ? Should that be abandoned?
When would the code to replace the stubs be added?
Abdullah Zafar has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot ......................................................................
Patch Set 3:
Patch Set 3: Code-Review+1
Does this replace patch https://review.coreboot.org/c/coreboot/+/32239 ? Should that be abandoned?
When would the code to replace the stubs be added?
Yes. According to my GSoC proposal timeline, it should be added by the first week of June. Right now I can not say for sure. But, I expect to add it much sooner.
Werner Zeh has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: Add KASAN stubs to coreboot ......................................................................
Patch Set 3:
(3 comments)
https://review.coreboot.org/#/c/32231/3//COMMIT_MSG Commit Message:
https://review.coreboot.org/#/c/32231/3//COMMIT_MSG@4 PS3, Line 4: 11abdullah11 Looks like you have issues with your local git setup, please check.
https://review.coreboot.org/#/c/32231/3//COMMIT_MSG@7 PS3, Line 7: Add KASAN stubs to coreboot Add src/lib: in front of this line as mentioned in an earlier patchset.
https://review.coreboot.org/#/c/32231/3/src/Kconfig File src/Kconfig:
https://review.coreboot.org/#/c/32231/3/src/Kconfig@226 PS3, Line 226: urrently, : kasan.c has empty stubs to build without errors when this option : is enabled. I think this should not be mentioned here as this option will remain unchaged for the following patches. Just describe here what it is about in the final goal.
Hello Werner Zeh, build bot (Jenkins), Martin Roth, Patrick Georgi,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32231
to look at the new patch set (#4).
Change subject: src/lib/kasan.c: Add KASAN stubs ......................................................................
src/lib/kasan.c: Add KASAN stubs
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 42 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/4
Hello Werner Zeh, build bot (Jenkins), Martin Roth, Patrick Georgi,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/32231
to look at the new patch set (#5).
Change subject: src/lib: Add KASAN stubs ......................................................................
src/lib: Add KASAN stubs
Add option in Kconfig to compile with KASAN. Modify src/lib/Makefile.inc to enable gcc KASAN. Remove lint errors and warnings from kasan.c.
Change-Id: Id13970514e37dfffb751391fb3e7e6b53ccc7577 Signed-off-by: 11abdullah11 abdullahzafar4876@yahoo.com --- M src/Kconfig M src/lib/Makefile.inc A src/lib/kasan.c 3 files changed, 42 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/31/32231/5
Werner Zeh has abandoned this change. ( https://review.coreboot.org/c/coreboot/+/32231 )
Change subject: src/lib: Add KASAN stubs ......................................................................
Abandoned
-
Abdullah Zafar (Code Review) -
build bot (Jenkins) (Code Review)
-
Martin Roth (Code Review)
-
Paul Menzel (Code Review)
-
Werner Zeh (Code Review)