Thread (21 messages) 21 messages, 4 authors, 2015-10-09

[PATCH v6 0/6] KASAN for arm64

From: mark.rutland@arm.com (Mark Rutland)
Date: 2015-10-09 12:43:22
Also in: linux-efi, linux-mm, lkml

On Fri, Oct 09, 2015 at 01:18:09PM +0300, Andrey Ryabinin wrote:
2015-10-09 12:48 GMT+03:00 Mark Rutland [off-list ref]:
quoted
On Fri, Oct 09, 2015 at 12:32:18PM +0300, Andrey Ryabinin wrote:
[...]
quoted
I thought the EFI stub isolation patches create a copy of mem*() functions in the stub,
but they are just create aliases with __efistub_ prefix.

We only need to create some more aliases for KASAN.
The following patch on top of the EFI stub isolation series works for me.


Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
---
 arch/arm64/kernel/image.h | 6 ++++++
 1 file changed, 6 insertions(+)
diff --git a/arch/arm64/kernel/image.h b/arch/arm64/kernel/image.h
index e083af0..6eb8fee 100644
--- a/arch/arm64/kernel/image.h
+++ b/arch/arm64/kernel/image.h
@@ -80,6 +80,12 @@ __efistub_strcmp           = __pi_strcmp;
 __efistub_strncmp            = __pi_strncmp;
 __efistub___flush_dcache_area        = __pi___flush_dcache_area;

+#ifdef CONFIG_KASAN
+__efistub___memcpy           = __pi_memcpy;
+__efistub___memmove          = __pi_memmove;
+__efistub___memset           = __pi_memset;
+#endif
Ard's v4 stub isolation series has these aliases [1], as the stub
requires these aliases regardless of KASAN in order to link.
Stub isolation series has __efistub_memcpy, not __efistub___memcpy
(two additional '_').
Ah, I see, sorry for my sloppy reading.
The thing is, KASAN provides own implementation of memcpy() which
checks memory before access.
The original 'memcpy()' becomes __memcpy(), so we could still use it.
Ok.
In code that not instrumented by KASAN (like the EFI stub) we replace
KASAN's memcpy() with the original __mempcy():
#define memcpy() __memcpy()
I'm a little confused by this. Surely that doesn't override implicit
calls generated by the compiler, leaving us with a mixture of calls to
memcpy and __memcpy?

That doesn't matter for the stub, as both __efistub_mem* and
__efistub___mem* would point at __pe_mem*, but doesn't that matter for
other users that shouldn't be instrumented?

Is that not a problem, or do we inhibit/override that somehow?
So with CONFIG_KASAN=y the EFI stub uses __memcpy, thus we need to
create the __efistub___memcpy alias.
Ok, that makes sense to me.

Thanks,
Mark.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help