ladybird/Kernel/Security/AddressSanitizer.h

/*
 * Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>
 * Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#pragma once

#include <AK/Atomic.h>
#include <AK/Types.h>

namespace Kernel::AddressSanitizer {

extern Atomic<bool> g_kasan_is_deadly;

enum class ShadowType : u8 {
    Unpoisoned8Bytes = 0,
    Unpoisoned1Byte = 1,
    Unpoisoned2Bytes = 2,
    Unpoisoned3Bytes = 3,
    Unpoisoned4Bytes = 4,
    Unpoisoned5Bytes = 5,
    Unpoisoned6Bytes = 6,
    Unpoisoned7Bytes = 7,
    StackLeft = 0xF1,
    StackMiddle = 0xF2,
    StackRight = 0xF3,
    UseAfterReturn = 0xF5,
    UseAfterScope = 0xF8,
    Generic = 0xFA,
    Malloc = 0xFB,
    Free = 0xFC,
};

void init(FlatPtr shadow_base);
void fill_shadow(FlatPtr address, size_t size, ShadowType type);
void mark_region(FlatPtr address, size_t valid_size, size_t total_size, ShadowType type);

}
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00			`/*`
Everywhere: Use bgianf@serenityos.org for my copyright attribution 2021-04-22 22:11:04 +03:00			`* Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>`
Kernel: Add initial basic support for KASAN This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs. 2023-12-29 03:36:39 +03:00			`* Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>`
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00			`*`
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt * 2021-04-22 11:24:48 +03:00			`* SPDX-License-Identifier: BSD-2-Clause`
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00			`*/`

			`#pragma once`

Kernel: Add initial basic support for KASAN This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs. 2023-12-29 03:36:39 +03:00			`#include <AK/Atomic.h>`
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00			`#include <AK/Types.h>`

			`namespace Kernel::AddressSanitizer {`

Kernel: Add initial basic support for KASAN This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs. 2023-12-29 03:36:39 +03:00			`extern Atomic<bool> g_kasan_is_deadly;`
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00
Kernel: Add initial basic support for KASAN This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs. 2023-12-29 03:36:39 +03:00			`enum class ShadowType : u8 {`
			`Unpoisoned8Bytes = 0,`
			`Unpoisoned1Byte = 1,`
			`Unpoisoned2Bytes = 2,`
			`Unpoisoned3Bytes = 3,`
			`Unpoisoned4Bytes = 4,`
			`Unpoisoned5Bytes = 5,`
			`Unpoisoned6Bytes = 6,`
			`Unpoisoned7Bytes = 7,`
			`StackLeft = 0xF1,`
			`StackMiddle = 0xF2,`
			`StackRight = 0xF3,`
			`UseAfterReturn = 0xF5,`
			`UseAfterScope = 0xF8,`
			`Generic = 0xFA,`
			`Malloc = 0xFB,`
			`Free = 0xFC,`
			`};`

			`void init(FlatPtr shadow_base);`
			`void fill_shadow(FlatPtr address, size_t size, ShadowType type);`
			`void mark_region(FlatPtr address, size_t valid_size, size_t total_size, ShadowType type);`
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void kasan_mem_to_shadow(const void addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351 2021-02-14 23:47:10 +03:00
			`}`