diff options
| author | Brian Gianforcaro <b.gianfo@gmail.com> | 2021-02-14 12:47:10 -0800 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2021-02-15 11:41:53 +0100 |
| commit | 96943ab07c98e73b01b7bbc33abb1c34bd696633 (patch) | |
| tree | 3eb866517069890086be8d17b439e41a3e155432 /Kernel/CMakeLists.txt | |
| parent | be48a89b35e1b1d6f2b981e6c4d7049418d3a48f (diff) | |
| download | serenity-96943ab07c98e73b01b7bbc33abb1c34bd696633.zip | |
Kernel: Initial integration of Kernel Address Sanitizer (KASAN)
KASAN is a dynamic analysis tool that finds memory errors. It focuses
mostly on finding use-after-free and out-of-bound read/writes bugs.
KASAN works by allocating a "shadow memory" region which is used to store
whether each byte of memory is safe to access. The compiler then instruments
the kernel code and a check is inserted which validates the state of the
shadow memory region on every memory access (load or store).
To fully integrate KASAN into the SerenityOS kernel we need to:
a) Implement the KASAN interface to intercept the injected loads/stores.
void __asan_load*(address);
void __asan_store(address);
b) Setup KASAN region and determine the shadow memory offset + translation.
This might be challenging since Serenity is only 32bit at this time.
Ex: Linux implements kernel address -> shadow address translation like:
static inline void *kasan_mem_to_shadow(const void *addr)
{
return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
+ KASAN_SHADOW_OFFSET;
}
c) Integrating KASAN with Kernel allocators.
The kernel allocators need to be taught how to record allocation state
in the shadow memory region.
This commit only implements the initial steps of this long process:
- A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER`
- Stubs out enough of the KASAN interface to allow the Kernel to link clean.
Currently the KASAN kernel crashes on boot (triple fault because of the crash
in strlen other sanitizer are seeing) but the goal here is to just get started,
and this should help others jump in and continue making progress on KASAN.
References:
* ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf
* KASAN Docs: https://github.com/google/kasan
* NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3
* LWN KASAN Article: https://lwn.net/Articles/612153/
* Tracking Issue #5351
Diffstat (limited to 'Kernel/CMakeLists.txt')
| -rw-r--r-- | Kernel/CMakeLists.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt index 5059dde24b..eee0c68e9d 100644 --- a/Kernel/CMakeLists.txt +++ b/Kernel/CMakeLists.txt @@ -10,6 +10,7 @@ set(KERNEL_SOURCES ACPI/Initialize.cpp ACPI/MultiProcessorParser.cpp ACPI/Parser.cpp + AddressSanitizer.cpp Arch/i386/CPU.cpp Arch/i386/ProcessorInfo.cpp Arch/i386/SafeMem.cpp @@ -307,6 +308,13 @@ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-asynchronous-unwind-tables") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fstack-protector-strong") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -nostdlib -nostdinc -nostdinc++") +# Kernel Address Sanitize (KASAN) implementation is still a work in progress, this option +# is not currently meant to be used, besides when developing Kernel ASAN support. +# +if (ENABLE_KERNEL_ADDRESS_SANITIZER) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=kernel-address") +endif() + add_compile_definitions(KERNEL) # HACK: This is a workaround for CLion to grok the kernel sources. |