[PATCH v6 0/6] KASAN for arm64
From: mark.rutland@arm.com (Mark Rutland)
Date: 2015-10-09 12:43:22
Also in:
linux-efi, linux-mm, lkml
On Fri, Oct 09, 2015 at 01:18:09PM +0300, Andrey Ryabinin wrote:
2015-10-09 12:48 GMT+03:00 Mark Rutland [off-list ref]:quoted
On Fri, Oct 09, 2015 at 12:32:18PM +0300, Andrey Ryabinin wrote: [...]quoted
I thought the EFI stub isolation patches create a copy of mem*() functions in the stub, but they are just create aliases with __efistub_ prefix. We only need to create some more aliases for KASAN. The following patch on top of the EFI stub isolation series works for me. Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com> --- arch/arm64/kernel/image.h | 6 ++++++ 1 file changed, 6 insertions(+)diff --git a/arch/arm64/kernel/image.h b/arch/arm64/kernel/image.h index e083af0..6eb8fee 100644 --- a/arch/arm64/kernel/image.h +++ b/arch/arm64/kernel/image.h@@ -80,6 +80,12 @@ __efistub_strcmp = __pi_strcmp; __efistub_strncmp = __pi_strncmp; __efistub___flush_dcache_area = __pi___flush_dcache_area; +#ifdef CONFIG_KASAN +__efistub___memcpy = __pi_memcpy; +__efistub___memmove = __pi_memmove; +__efistub___memset = __pi_memset; +#endifArd's v4 stub isolation series has these aliases [1], as the stub requires these aliases regardless of KASAN in order to link.Stub isolation series has __efistub_memcpy, not __efistub___memcpy (two additional '_').
Ah, I see, sorry for my sloppy reading.
The thing is, KASAN provides own implementation of memcpy() which checks memory before access. The original 'memcpy()' becomes __memcpy(), so we could still use it.
Ok.
In code that not instrumented by KASAN (like the EFI stub) we replace KASAN's memcpy() with the original __mempcy(): #define memcpy() __memcpy()
I'm a little confused by this. Surely that doesn't override implicit calls generated by the compiler, leaving us with a mixture of calls to memcpy and __memcpy? That doesn't matter for the stub, as both __efistub_mem* and __efistub___mem* would point at __pe_mem*, but doesn't that matter for other users that shouldn't be instrumented? Is that not a problem, or do we inhibit/override that somehow?
So with CONFIG_KASAN=y the EFI stub uses __memcpy, thus we need to create the __efistub___memcpy alias.
Ok, that makes sense to me. Thanks, Mark.