Kernel: Add initial basic support for KASAN

This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs.
2025-06-01 03:18:11 +00:00 · 2023-12-29 02:36:39 +02:00 · 2023-12-29 02:36:39 +02:00 · f7a1f28d7f
commit f7a1f28d7f
parent 7ad7ae7000
10 changed files with 538 additions and 63 deletions
--- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/KASANDeadly.cpp
+++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/KASANDeadly.cpp
@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/KASANDeadly.h>
+#include <Kernel/Security/AddressSanitizer.h>
+
+namespace Kernel {
+
+UNMAP_AFTER_INIT SysFSKASANDeadly::SysFSKASANDeadly(SysFSDirectory const& parent_directory)
+    : SysFSSystemBooleanVariable(parent_directory)
+{
+}
+
+UNMAP_AFTER_INIT NonnullRefPtr<SysFSKASANDeadly> SysFSKASANDeadly::must_create(SysFSDirectory const& parent_directory)
+{
+    return adopt_ref_if_nonnull(new (nothrow) SysFSKASANDeadly(parent_directory)).release_nonnull();
+}
+
+bool SysFSKASANDeadly::value() const
+{
+    return AddressSanitizer::g_kasan_is_deadly;
+}
+void SysFSKASANDeadly::set_value(bool new_value)
+{
+    AddressSanitizer::g_kasan_is_deadly = new_value;
+}
+
+}
--- a/Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/KASANDeadly.h
+++ b/Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/KASANDeadly.h
@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <AK/RefPtr.h>
+#include <AK/Types.h>
+#include <Kernel/FileSystem/SysFS/Subsystems/Kernel/Configuration/BooleanVariable.h>
+#include <Kernel/Library/UserOrKernelBuffer.h>
+
+namespace Kernel {
+
+class SysFSKASANDeadly final : public SysFSSystemBooleanVariable {
+public:
+    virtual StringView name() const override { return "kasan_is_deadly"sv; }
+    static NonnullRefPtr<SysFSKASANDeadly> must_create(SysFSDirectory const&);
+
+private:
+    virtual bool value() const override;
+    virtual void set_value(bool new_value) override;
+
+    explicit SysFSKASANDeadly(SysFSDirectory const&);
+};
+
+}