1. When dynamically loading, the read-only data of arm64 architecture is accessed through PC offset. When opening the tag kasan, because the PC value does not have a tag, accessing the read-only data will be detected with a tag mismatch error.
2. uninitial heap use 0xff poison, initial heap use 1-254 unpoison.
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Similar to asan, supports single byte out of bounds detection
2. Fix the script to address the issue of not supporting the big end
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Tested on QEMU, the two sockets were basically the same, and their performance was not affected. The size of the generated bin file was also the same
2. Extract global detection as a separate file, both types of Kasan support global variable out of bounds detection simultaneously
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Modify the Kasan global variable script to support array storage of region addresses
2. Due to the lack of formatting in the previous attempt, a formatting script was created
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. Use always_inline_function instead of inline, inline does not take effect
2. Activate Kasan acceleration by 1/7
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
1. The shadow area of global variables is different from heap
2. This modification has little impact on performance under O3 optimization
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
The following situations cannot be detected by Kasan:
On a 32-bit machine, only 12 bytes were poisoned, but 13 bytes were accessed. Due to the lack of upward alignment, only 3 bits were detected
Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>
PANIC never returns and abort is called to exit the process after calling assert
When BOARD_RESET_ON_ASSERT < 2, the second kasan_report will not be executed.
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
When size is less than or equal to KASAN_SHADOW_SCALE, no check will be performed
We need to check whether the memory is accessible based on bit
Signed-off-by: yinshengkai <yinshengkai@xiaomi.com>
In function kasan_set_poison:
{
...
while (size--)
{
p[size] = value;
}
}
This will optimize to 'memset' function when compile option > O2.
But the memset must be instrument by kasan, so there is recursive
Signed-off-by: ligd <liguiding1@xiaomi.com>
Most tools used for compliance and SBOM generation use SPDX identifiers
This change brings us a step closer to an easy SBOM generation.
Signed-off-by: Alin Jerpelea <alin.jerpelea@sony.com>
This enables CMake based build for sim:ostest. Flags which
are set by set_source_files_properties are not reflected in
final build. Changing these to target_compile_options makes
CMake build runnable.
Signed-off-by: Daniel Jasinski <jasinskidaniel95szcz@gmail.com>
Extracting global variable information using scripts:
kasan_global.py:
1. Extract the global variable information provided by the -- param asan globals=1 option
2. Generate shadow regions for global variable out of bounds detection
Makefile:
1. Implement multiple links, embed the shadow area into the program, and call it by the Kasan module
Signed-off-by: W-M-R <mike_0528@163.com>
1. Update all CMakeLists.txt to adapt to new layout
2. Fix cmake build break
3. Update all new file license
4. Fully compatible with current compilation environment(use configure.sh or cmake as you choose)
------------------
How to test
From within nuttx/. Configure:
cmake -B build -DBOARD_CONFIG=sim/nsh -GNinja
cmake -B build -DBOARD_CONFIG=sim:nsh -GNinja
cmake -B build -DBOARD_CONFIG=sabre-6quad/smp -GNinja
cmake -B build -DBOARD_CONFIG=lm3s6965-ek/qemu-flat -GNinja
(or full path in custom board) :
cmake -B build -DBOARD_CONFIG=$PWD/boards/sim/sim/sim/configs/nsh -GNinja
This uses ninja generator (install with sudo apt install ninja-build). To build:
$ cmake --build build
menuconfig:
$ cmake --build build -t menuconfig
--------------------------
2. cmake/build: reformat the cmake style by cmake-format
https://github.com/cheshirekow/cmake_format
$ pip install cmakelang
$ for i in `find -name CMakeLists.txt`;do cmake-format $i -o $i;done
$ for i in `find -name *\.cmake`;do cmake-format $i -o $i;done
Co-authored-by: Matias N <matias@protobits.dev>
Signed-off-by: chao an <anchao@xiaomi.com>
To avoid lto alias with override __asan_* symbols
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load1_noabort'
undefined reference to `__asan_store1_noabort'
undefined reference to `__asan_load4_noabort'
undefined reference to `__asan_store4_noabort'
Signed-off-by: chao.an <anchao@xiaomi.com>
wangmingrong1