1. When dynamically loading, the read-only data of arm64 architecture is accessed through PC offset. When opening the tag kasan, because the PC value does not have a tag, accessing the read-only data will be detected with a tag mismatch error.
2. uninitial heap use 0xff poison, initial heap use 1-254 unpoison.
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
mempool is always be compiled, so when enable BACKTRACE but not enable
memdpool, the MM_HEAP_MEMPOOL_BACKTRACE_SKIP is not defined
mempool_add_backtrace() will compiled failed.
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
1. add IS_ALIGNED() definitions for NuttX;
2. replace all the ALIGN_UP() and ALIGN_DOWN() to use common
align implementation;
Signed-off-by: Bowen Wang <wangbowen6@xiaomi.com>
The unaligned address is used in kasan_register, but the aligned address is used in kasan_unregister.
The mismatch between the addr value and mm_heapstart will result in a crash due to the inability to unregister correctly.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
The address needs to be reset only when comparing addition, subtraction, multiplication and division addresses. Otherwise, the original address is always returned or saved.
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
Add heap current used to note.
Plot it in segger sysview data plot.
Signed-off-by: xuxingliang <xuxingliang@xiaomi.com>
Signed-off-by: Neo Xu <neo.xu1990@gmail.com>
Record all memory allocation and release, save to ram, used to analyze memory allocation rate and memory usage
Its absolute value is not trustworthy because the memory will be allocated in thread A and released in thread B
netinit-5 [0] 0.105984392: tracing_mark_write: C|5|Heap Usage|96|free: heap: 0x606000000020 size:24, address: 0x603000000370
netinit-5 [0] 0.105996874: tracing_mark_write: C|5|Heap Usage|24|free: heap: 0x606000000020 size:72, address: 0x6070000008e0
nsh_main-4 [0] 3.825169408: tracing_mark_write: C|4|Heap Usage|2177665|free: heap: 0x606000000020 size:424, address: 0x614000000840
nsh_main-4 [0] 3.825228525: tracing_mark_write: C|4|Heap Usage|14977|free: heap: 0x606000000020 size:2162688, address: 0x7f80a639f800
nsh_main-4 [0] 3.825298789: tracing_mark_write: C|4|Heap Usage|15189|malloc: heap: 0x606000000020 size:20, address: 0x6030000003a0
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
Signed-off-by: Neo Xu <neo.xu1990@gmail.com>
1. Similar to asan, supports single byte out of bounds detection
2. Fix the script to address the issue of not supporting the big end
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Tested on QEMU, the two sockets were basically the same, and their performance was not affected. The size of the generated bin file was also the same
2. Extract global detection as a separate file, both types of Kasan support global variable out of bounds detection simultaneously
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Modify the Kasan global variable script to support array storage of region addresses
2. Due to the lack of formatting in the previous attempt, a formatting script was created
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Use always_inline_function instead of inline, inline does not take effect
2. Activate Kasan acceleration by 1/7
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. The shadow area of global variables is different from heap
2. This modification has little impact on performance under O3 optimization
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
The following situations cannot be detected by Kasan:
On a 32-bit machine, only 12 bytes were poisoned, but 13 bytes were accessed. Due to the lack of upward alignment, only 3 bits were detected
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
PANIC never returns and abort is called to exit the process after calling assert
When BOARD_RESET_ON_ASSERT < 2, the second kasan_report will not be executed.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
When size is less than or equal to KASAN_SHADOW_SCALE, no check will be performed
We need to check whether the memory is accessible based on bit
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In function kasan_set_poison:
{
...
while (size--)
{
p[size] = value;
}
}
This will optimize to 'memset' function when compile option > O2.
But the memset must be instrument by kasan, so there is recursive
Signed-off-by: ligd <liguiding1@xiaomi.com>
xuxingliang