summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarshit Sharma <harshitsharmajs@gmail.com>2020-06-09 20:25:16 -0700
committerPatrick Georgi <pgeorgi@google.com>2020-08-21 07:35:07 +0000
commit2bcaba0fd4f61493a02f11ad01d0677164e2e86e (patch)
tree8e9a40326efc6917611e99e79874fd536060d54a
parent693f4a417984849cdb68d176ca162f477275ac3f (diff)
lib: Add ASan stub
Add a Kconfig option to enable address sanitizer on x86 architecture. Create ASan dummy functions. And add relevant gcc flags to compile ramstage with ASan. Change-Id: I6d87e48b6786f02dd46ea74e702f294082fd8891 Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/42271 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
-rw-r--r--src/Kconfig13
-rw-r--r--src/lib/Makefile.inc12
-rw-r--r--src/lib/asan.c34
3 files changed, 59 insertions, 0 deletions
diff --git a/src/Kconfig b/src/Kconfig
index a4c2fa6010..1540c567e4 100644
--- a/src/Kconfig
+++ b/src/Kconfig
@@ -270,6 +270,19 @@ config UBSAN
say N because it adds a small performance penalty and may abort
on code that happens to work in spite of the UB.
+config ASAN_IN_RAMSTAGE
+ bool "Address sanitizer support"
+ depends on ARCH_X86
+ default n
+ help
+ Enable address sanitizer - runtime memory debugger,
+ designed to find out-of-bounds accesses and use-after-scope bugs.
+
+ This feature consumes up to 1/8 of available memory and brings about
+ ~1.5x performance slowdown.
+
+ If unsure, say N.
+
choice
prompt "Stage Cache for ACPI S3 resume"
default NO_STAGE_CACHE if !HAVE_ACPI_RESUME
diff --git a/src/lib/Makefile.inc b/src/lib/Makefile.inc
index 72d4f2414c..0b4342764f 100644
--- a/src/lib/Makefile.inc
+++ b/src/lib/Makefile.inc
@@ -7,6 +7,18 @@ ramstage-y += ubsan.c
CFLAGS_ramstage += -fsanitize=undefined
endif
+ifeq ($(CONFIG_ASAN_IN_RAMSTAGE),y)
+ramstage-y += asan.c
+CFLAGS_asan += -fsanitize=kernel-address \
+ --param asan-stack=1 --param asan-globals=1 \
+ --param asan-instrumentation-with-call-threshold=0 \
+ -fsanitize-address-use-after-scope \
+ --param use-after-scope-direct-emission-threshold=0
+CFLAGS_ramstage += $(CFLAGS_asan)
+# Allow memory access without __asan_load and __asan_store checks.
+$(obj)/ramstage/lib/asan.o: CFLAGS_asan =
+endif
+
decompressor-y += decompressor.c
$(call src-to-obj,decompressor,$(dir)/decompressor.c): $(objcbfs)/bootblock.lz4
$(call src-to-obj,decompressor,$(dir)/decompressor.c): CCACHE_EXTRAFILES=$(objcbfs)/bootblock.lz4
diff --git a/src/lib/asan.c b/src/lib/asan.c
new file mode 100644
index 0000000000..e4a1012e13
--- /dev/null
+++ b/src/lib/asan.c
@@ -0,0 +1,34 @@
+#include <stddef.h>
+
+#pragma GCC diagnostic ignored "-Wmissing-prototypes"
+
+#define DEFINE_ASAN_LOAD_STORE(size) \
+ void __asan_load##size(unsigned long addr) \
+ {} \
+ void __asan_load##size##_noabort(unsigned long addr) \
+ {} \
+ void __asan_store##size(unsigned long addr) \
+ {} \
+ void __asan_store##size##_noabort(unsigned long addr) \
+ {}
+
+DEFINE_ASAN_LOAD_STORE(1);
+DEFINE_ASAN_LOAD_STORE(2);
+DEFINE_ASAN_LOAD_STORE(4);
+DEFINE_ASAN_LOAD_STORE(8);
+DEFINE_ASAN_LOAD_STORE(16);
+
+void __asan_loadN(unsigned long addr, size_t size)
+{}
+
+void __asan_loadN_noabort(unsigned long addr, size_t size)
+{}
+
+void __asan_storeN(unsigned long addr, size_t size)
+{}
+
+void __asan_storeN_noabort(unsigned long addr, size_t size)
+{}
+
+void __asan_handle_no_return(void)
+{}