1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __MM_KASAN_KASAN_H 3 #define __MM_KASAN_KASAN_H 4 5 #include <linux/kasan.h> 6 #include <linux/stackdepot.h> 7 8 #define KASAN_SHADOW_SCALE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) 9 #define KASAN_SHADOW_MASK (KASAN_SHADOW_SCALE_SIZE - 1) 10 11 #define KASAN_TAG_KERNEL 0xFF /* native kernel pointers tag */ 12 #define KASAN_TAG_INVALID 0xFE /* inaccessible memory tag */ 13 #define KASAN_TAG_MAX 0xFD /* maximum value for random tags */ 14 15 #ifdef CONFIG_KASAN_GENERIC 16 #define KASAN_FREE_PAGE 0xFF /* page was freed */ 17 #define KASAN_PAGE_REDZONE 0xFE /* redzone for kmalloc_large allocations */ 18 #define KASAN_KMALLOC_REDZONE 0xFC /* redzone inside slub object */ 19 #define KASAN_KMALLOC_FREE 0xFB /* object was freed (kmem_cache_free/kfree) */ 20 #define KASAN_KMALLOC_FREETRACK 0xFA /* object was freed and has free track set */ 21 #else 22 #define KASAN_FREE_PAGE KASAN_TAG_INVALID 23 #define KASAN_PAGE_REDZONE KASAN_TAG_INVALID 24 #define KASAN_KMALLOC_REDZONE KASAN_TAG_INVALID 25 #define KASAN_KMALLOC_FREE KASAN_TAG_INVALID 26 #define KASAN_KMALLOC_FREETRACK KASAN_TAG_INVALID 27 #endif 28 29 #define KASAN_GLOBAL_REDZONE 0xF9 /* redzone for global variable */ 30 #define KASAN_VMALLOC_INVALID 0xF8 /* unallocated space in vmapped page */ 31 32 /* 33 * Stack redzone shadow values 34 * (Those are compiler's ABI, don't change them) 35 */ 36 #define KASAN_STACK_LEFT 0xF1 37 #define KASAN_STACK_MID 0xF2 38 #define KASAN_STACK_RIGHT 0xF3 39 #define KASAN_STACK_PARTIAL 0xF4 40 41 /* 42 * alloca redzone shadow values 43 */ 44 #define KASAN_ALLOCA_LEFT 0xCA 45 #define KASAN_ALLOCA_RIGHT 0xCB 46 47 #define KASAN_ALLOCA_REDZONE_SIZE 32 48 49 /* 50 * Stack frame marker (compiler ABI). 51 */ 52 #define KASAN_CURRENT_STACK_FRAME_MAGIC 0x41B58AB3 53 54 /* Don't break randconfig/all*config builds */ 55 #ifndef KASAN_ABI_VERSION 56 #define KASAN_ABI_VERSION 1 57 #endif 58 59 struct kasan_access_info { 60 const void *access_addr; 61 const void *first_bad_addr; 62 size_t access_size; 63 bool is_write; 64 unsigned long ip; 65 }; 66 67 /* The layout of struct dictated by compiler */ 68 struct kasan_source_location { 69 const char *filename; 70 int line_no; 71 int column_no; 72 }; 73 74 /* The layout of struct dictated by compiler */ 75 struct kasan_global { 76 const void *beg; /* Address of the beginning of the global variable. */ 77 size_t size; /* Size of the global variable. */ 78 size_t size_with_redzone; /* Size of the variable + size of the red zone. 32 bytes aligned */ 79 const void *name; 80 const void *module_name; /* Name of the module where the global variable is declared. */ 81 unsigned long has_dynamic_init; /* This needed for C++ */ 82 #if KASAN_ABI_VERSION >= 4 83 struct kasan_source_location *location; 84 #endif 85 #if KASAN_ABI_VERSION >= 5 86 char *odr_indicator; 87 #endif 88 }; 89 90 /** 91 * Structures to keep alloc and free tracks * 92 */ 93 94 #define KASAN_STACK_DEPTH 64 95 96 struct kasan_track { 97 u32 pid; 98 depot_stack_handle_t stack; 99 }; 100 101 #ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY 102 #define KASAN_NR_FREE_STACKS 5 103 #else 104 #define KASAN_NR_FREE_STACKS 1 105 #endif 106 107 struct kasan_alloc_meta { 108 struct kasan_track alloc_track; 109 #ifdef CONFIG_KASAN_GENERIC 110 /* 111 * call_rcu() call stack is stored into struct kasan_alloc_meta. 112 * The free stack is stored into struct kasan_free_meta. 113 */ 114 depot_stack_handle_t aux_stack[2]; 115 #else 116 struct kasan_track free_track[KASAN_NR_FREE_STACKS]; 117 #endif 118 #ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY 119 u8 free_pointer_tag[KASAN_NR_FREE_STACKS]; 120 u8 free_track_idx; 121 #endif 122 }; 123 124 struct qlist_node { 125 struct qlist_node *next; 126 }; 127 struct kasan_free_meta { 128 /* This field is used while the object is in the quarantine. 129 * Otherwise it might be used for the allocator freelist. 130 */ 131 struct qlist_node quarantine_link; 132 #ifdef CONFIG_KASAN_GENERIC 133 struct kasan_track free_track; 134 #endif 135 }; 136 137 struct kasan_alloc_meta *get_alloc_info(struct kmem_cache *cache, 138 const void *object); 139 struct kasan_free_meta *get_free_info(struct kmem_cache *cache, 140 const void *object); 141 142 static inline const void *kasan_shadow_to_mem(const void *shadow_addr) 143 { 144 return (void *)(((unsigned long)shadow_addr - KASAN_SHADOW_OFFSET) 145 << KASAN_SHADOW_SCALE_SHIFT); 146 } 147 148 static inline bool addr_has_shadow(const void *addr) 149 { 150 return (addr >= kasan_shadow_to_mem((void *)KASAN_SHADOW_START)); 151 } 152 153 void kasan_poison_shadow(const void *address, size_t size, u8 value); 154 155 /** 156 * check_memory_region - Check memory region, and report if invalid access. 157 * @addr: the accessed address 158 * @size: the accessed size 159 * @write: true if access is a write access 160 * @ret_ip: return address 161 * @return: true if access was valid, false if invalid 162 */ 163 bool check_memory_region(unsigned long addr, size_t size, bool write, 164 unsigned long ret_ip); 165 166 void *find_first_bad_addr(void *addr, size_t size); 167 const char *get_bug_type(struct kasan_access_info *info); 168 169 bool kasan_report(unsigned long addr, size_t size, 170 bool is_write, unsigned long ip); 171 void kasan_report_invalid_free(void *object, unsigned long ip); 172 173 struct page *kasan_addr_to_page(const void *addr); 174 175 depot_stack_handle_t kasan_save_stack(gfp_t flags); 176 void kasan_set_track(struct kasan_track *track, gfp_t flags); 177 void kasan_set_free_info(struct kmem_cache *cache, void *object, u8 tag); 178 struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, 179 void *object, u8 tag); 180 181 #if defined(CONFIG_KASAN_GENERIC) && \ 182 (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) 183 void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache); 184 void quarantine_reduce(void); 185 void quarantine_remove_cache(struct kmem_cache *cache); 186 #else 187 static inline void quarantine_put(struct kasan_free_meta *info, 188 struct kmem_cache *cache) { } 189 static inline void quarantine_reduce(void) { } 190 static inline void quarantine_remove_cache(struct kmem_cache *cache) { } 191 #endif 192 193 #ifdef CONFIG_KASAN_SW_TAGS 194 195 void print_tags(u8 addr_tag, const void *addr); 196 197 u8 random_tag(void); 198 199 #else 200 201 static inline void print_tags(u8 addr_tag, const void *addr) { } 202 203 static inline u8 random_tag(void) 204 { 205 return 0; 206 } 207 208 #endif 209 210 #ifndef arch_kasan_set_tag 211 static inline const void *arch_kasan_set_tag(const void *addr, u8 tag) 212 { 213 return addr; 214 } 215 #endif 216 #ifndef arch_kasan_reset_tag 217 #define arch_kasan_reset_tag(addr) ((void *)(addr)) 218 #endif 219 #ifndef arch_kasan_get_tag 220 #define arch_kasan_get_tag(addr) 0 221 #endif 222 223 #define set_tag(addr, tag) ((void *)arch_kasan_set_tag((addr), (tag))) 224 #define reset_tag(addr) ((void *)arch_kasan_reset_tag(addr)) 225 #define get_tag(addr) arch_kasan_get_tag(addr) 226 227 /* 228 * Exported functions for interfaces called from assembly or from generated 229 * code. Declarations here to avoid warning about missing declarations. 230 */ 231 asmlinkage void kasan_unpoison_task_stack_below(const void *watermark); 232 void __asan_register_globals(struct kasan_global *globals, size_t size); 233 void __asan_unregister_globals(struct kasan_global *globals, size_t size); 234 void __asan_handle_no_return(void); 235 void __asan_alloca_poison(unsigned long addr, size_t size); 236 void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom); 237 238 void __asan_load1(unsigned long addr); 239 void __asan_store1(unsigned long addr); 240 void __asan_load2(unsigned long addr); 241 void __asan_store2(unsigned long addr); 242 void __asan_load4(unsigned long addr); 243 void __asan_store4(unsigned long addr); 244 void __asan_load8(unsigned long addr); 245 void __asan_store8(unsigned long addr); 246 void __asan_load16(unsigned long addr); 247 void __asan_store16(unsigned long addr); 248 void __asan_loadN(unsigned long addr, size_t size); 249 void __asan_storeN(unsigned long addr, size_t size); 250 251 void __asan_load1_noabort(unsigned long addr); 252 void __asan_store1_noabort(unsigned long addr); 253 void __asan_load2_noabort(unsigned long addr); 254 void __asan_store2_noabort(unsigned long addr); 255 void __asan_load4_noabort(unsigned long addr); 256 void __asan_store4_noabort(unsigned long addr); 257 void __asan_load8_noabort(unsigned long addr); 258 void __asan_store8_noabort(unsigned long addr); 259 void __asan_load16_noabort(unsigned long addr); 260 void __asan_store16_noabort(unsigned long addr); 261 void __asan_loadN_noabort(unsigned long addr, size_t size); 262 void __asan_storeN_noabort(unsigned long addr, size_t size); 263 264 void __asan_report_load1_noabort(unsigned long addr); 265 void __asan_report_store1_noabort(unsigned long addr); 266 void __asan_report_load2_noabort(unsigned long addr); 267 void __asan_report_store2_noabort(unsigned long addr); 268 void __asan_report_load4_noabort(unsigned long addr); 269 void __asan_report_store4_noabort(unsigned long addr); 270 void __asan_report_load8_noabort(unsigned long addr); 271 void __asan_report_store8_noabort(unsigned long addr); 272 void __asan_report_load16_noabort(unsigned long addr); 273 void __asan_report_store16_noabort(unsigned long addr); 274 void __asan_report_load_n_noabort(unsigned long addr, size_t size); 275 void __asan_report_store_n_noabort(unsigned long addr, size_t size); 276 277 void __asan_set_shadow_00(const void *addr, size_t size); 278 void __asan_set_shadow_f1(const void *addr, size_t size); 279 void __asan_set_shadow_f2(const void *addr, size_t size); 280 void __asan_set_shadow_f3(const void *addr, size_t size); 281 void __asan_set_shadow_f5(const void *addr, size_t size); 282 void __asan_set_shadow_f8(const void *addr, size_t size); 283 284 void __hwasan_load1_noabort(unsigned long addr); 285 void __hwasan_store1_noabort(unsigned long addr); 286 void __hwasan_load2_noabort(unsigned long addr); 287 void __hwasan_store2_noabort(unsigned long addr); 288 void __hwasan_load4_noabort(unsigned long addr); 289 void __hwasan_store4_noabort(unsigned long addr); 290 void __hwasan_load8_noabort(unsigned long addr); 291 void __hwasan_store8_noabort(unsigned long addr); 292 void __hwasan_load16_noabort(unsigned long addr); 293 void __hwasan_store16_noabort(unsigned long addr); 294 void __hwasan_loadN_noabort(unsigned long addr, size_t size); 295 void __hwasan_storeN_noabort(unsigned long addr, size_t size); 296 297 void __hwasan_tag_memory(unsigned long addr, u8 tag, unsigned long size); 298 299 #endif 300