| Message ID | 20190518161113.27780-1-ard.biesheuvel@linaro.org |
|---|---|
| State | Accepted |
| Commit | c3ee82ce47af63eca2075d8af956d468f508942e |
| Headers | show |
| Series | x86/boot: provide KASAN compatible aliases for string routines | expand |
On Sat, May 18, 2019 at 06:11:13PM +0200, Ard Biesheuvel wrote: > The KASAN subsystem wraps calls to memcpy(), memset() and memmove() > to sanitize the arguments before invoking the actual routines, which > have been renamed to __memcpy(), __memset() and __memmove(), > respectively. When CONFIG_KASAN is enabled for the kernel build but > KASAN code generation is disabled for the compilation unit (which is > needed for things like the EFI stub or the decompressor), the string > routines are just #define'd to their __ prefixed names so that they > are simply invoked directly. > > This does however rely on those __ prefixed names to exist in the > symbol namespace, which is not currently the case for the x86 > decompressor, which may lead to errors like > > drivers/firmware/efi/libstub/tpm.o: In function `efi_retrieve_tpm2_eventlog': > tpm.c:(.text+0x2a8): undefined reference to `__memcpy' > > So let's expose the __ prefixed symbols in the decompressor when > KASAN is enabled. > > Cc: Andrey Konovalov <andreyknvl@google.com> > Cc: Matthew Garrett <matthewgarrett@google.com> > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> /Jarkko
diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c index 19dbbcdd1a53..81fc1eaa3229 100644 --- a/arch/x86/boot/compressed/string.c +++ b/arch/x86/boot/compressed/string.c @@ -11,7 +11,7 @@ #include "../string.c" #ifdef CONFIG_X86_32 -static void *__memcpy(void *dest, const void *src, size_t n) +static void *____memcpy(void *dest, const void *src, size_t n) { int d0, d1, d2; asm volatile( @@ -25,7 +25,7 @@ static void *__memcpy(void *dest, const void *src, size_t n) return dest; } #else -static void *__memcpy(void *dest, const void *src, size_t n) +static void *____memcpy(void *dest, const void *src, size_t n) { long d0, d1, d2; asm volatile( @@ -56,7 +56,7 @@ void *memmove(void *dest, const void *src, size_t n) const unsigned char *s = src; if (d <= s || d - s >= n) - return __memcpy(dest, src, n); + return ____memcpy(dest, src, n); while (n-- > 0) d[n] = s[n]; @@ -71,5 +71,11 @@ void *memcpy(void *dest, const void *src, size_t n) warn("Avoiding potentially unsafe overlapping memcpy()!"); return memmove(dest, src, n); } - return __memcpy(dest, src, n); + return ____memcpy(dest, src, n); } + +#ifdef CONFIG_KASAN +extern void *__memset(void *s, int c, size_t n) __alias(memset); +extern void *__memmove(void *dest, const void *src, size_t n) __alias(memmove); +extern void *__memcpy(void *dest, const void *src, size_t n) __alias(memcpy); +#endif
The KASAN subsystem wraps calls to memcpy(), memset() and memmove() to sanitize the arguments before invoking the actual routines, which have been renamed to __memcpy(), __memset() and __memmove(), respectively. When CONFIG_KASAN is enabled for the kernel build but KASAN code generation is disabled for the compilation unit (which is needed for things like the EFI stub or the decompressor), the string routines are just #define'd to their __ prefixed names so that they are simply invoked directly. This does however rely on those __ prefixed names to exist in the symbol namespace, which is not currently the case for the x86 decompressor, which may lead to errors like drivers/firmware/efi/libstub/tpm.o: In function `efi_retrieve_tpm2_eventlog': tpm.c:(.text+0x2a8): undefined reference to `__memcpy' So let's expose the __ prefixed symbols in the decompressor when KASAN is enabled. Cc: Andrey Konovalov <andreyknvl@google.com> Cc: Matthew Garrett <matthewgarrett@google.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- arch/x86/boot/compressed/string.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) -- 2.20.1