diff options
| author | Andrey Ryabinin <ryabinin.a.a@gmail.com> | 2015-10-12 18:52:58 +0300 |
|---|---|---|
| committer | Alex Shi <alex.shi@linaro.org> | 2016-04-11 22:51:39 +0800 |
| commit | 950236f124037a71d276e7906017274e9776c4ca (patch) | |
| tree | fb1cf58c7bb02fd6fa41633fc44c98a377515367 /scripts | |
| parent | cf849627f13de7b2fcf522a12e09ebdc0153db7d (diff) | |
arm64: add KASAN support
This patch adds arch specific code for kernel address sanitizer
(see Documentation/kasan.txt).
1/8 of kernel addresses reserved for shadow memory. There was no
big enough hole for this, so virtual addresses for shadow were
stolen from vmalloc area.
At early boot stage the whole shadow region populated with just
one physical page (kasan_zero_page). Later, this page reused
as readonly zero shadow for some memory that KASan currently
don't track (vmalloc).
After mapping the physical memory, pages for shadow memory are
allocated and mapped.
Functions like memset/memmove/memcpy do a lot of memory accesses.
If bad pointer passed to one of these function it is important
to catch this. Compiler's instrumentation cannot do this since
these functions are written in assembly.
KASan replaces memory functions with manually instrumented variants.
Original functions declared as weak symbols so strong definitions
in mm/kasan/kasan.c could replace them. Original functions have aliases
with '__' prefix in name, so we could call non-instrumented variant
if needed.
Some files built without kasan instrumentation (e.g. mm/slub.c).
Original mem* function replaced (via #define) with prefixed variants
to disable memory access checks for such files.
Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Tested-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit 39d114ddc68223022c12ae3a1573912bc4b585e5)
Signed-off-by: Alex Shi <alex.shi@linaro.org>
BTW,
commit 9f25e6ad5 arm64: expose number of page table levels on Kconfig level
change CONFIG_ARM64_PGTABLE_LEVELS to CONFIG_PGTABLE_LEVELS, which
would introduce much conflicts, since only arch/arm64/mm/kasan_init.c
use two of instance of this config, just change them back.
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Makefile.kasan | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan index 3f874d24234f..37323b0df374 100644 --- a/scripts/Makefile.kasan +++ b/scripts/Makefile.kasan @@ -5,10 +5,12 @@ else call_threshold := 0 endif +KASAN_SHADOW_OFFSET ?= $(CONFIG_KASAN_SHADOW_OFFSET) + CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \ - -fasan-shadow-offset=$(CONFIG_KASAN_SHADOW_OFFSET) \ + -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET) \ --param asan-stack=1 --param asan-globals=1 \ --param asan-instrumentation-with-call-threshold=$(call_threshold)) |