Kernel: Add initial basic support for KASAN

This commit adds minimal support for compiler-instrumentation based memory access sanitization. Currently we only support detection of kmalloc redzone accesses, and kmalloc use-after-free accesses. Support for inline checks (for improved performance), and for stack use-after-return and use-after-return detection is left for future PRs.
2025-06-01 05:48:12 +00:00 · 2023-12-29 02:36:39 +02:00 · 2023-12-29 02:36:39 +02:00 · f7a1f28d7f
commit f7a1f28d7f
parent 7ad7ae7000
10 changed files with 538 additions and 63 deletions
--- a/Kernel/Security/AddressSanitizer.h
+++ b/Kernel/Security/AddressSanitizer.h
@ -1,17 +1,40 @@
 /*
 * Copyright (c) 2021, Brian Gianforcaro <bgianf@serenityos.org>
+ * Copyright (c) 2023, Idan Horowitz <idan.horowitz@serenityos.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

 #pragma once

+#include <AK/Atomic.h>
 #include <AK/Types.h>

 namespace Kernel::AddressSanitizer {

-void shadow_va_check_load(unsigned long address, size_t size, void* return_addr);
+extern Atomic<bool> g_kasan_is_deadly;

-void shadow_va_check_store(unsigned long address, size_t size, void* return_addr);
+enum class ShadowType : u8 {
+    Unpoisoned8Bytes = 0,
+    Unpoisoned1Byte = 1,
+    Unpoisoned2Bytes = 2,
+    Unpoisoned3Bytes = 3,
+    Unpoisoned4Bytes = 4,
+    Unpoisoned5Bytes = 5,
+    Unpoisoned6Bytes = 6,
+    Unpoisoned7Bytes = 7,
+    StackLeft = 0xF1,
+    StackMiddle = 0xF2,
+    StackRight = 0xF3,
+    UseAfterReturn = 0xF5,
+    UseAfterScope = 0xF8,
+    Generic = 0xFA,
+    Malloc = 0xFB,
+    Free = 0xFC,
+};
+
+void init(FlatPtr shadow_base);
+void fill_shadow(FlatPtr address, size_t size, ShadowType type);
+void mark_region(FlatPtr address, size_t valid_size, size_t total_size, ShadowType type);

 }