[apple/xnu.git] / tools / lldbmacros / kasan.py

from xnu import *
from utils import *
from core.configuration import *

shift = None

shadow_strings = {
    0x00: 'VALID',
    0x01: 'PARTIAL1',
    0x02: 'PARTIAL2',
    0x03: 'PARTIAL3',
    0x04: 'PARTIAL4',
    0x05: 'PARTIAL5',
    0x06: 'PARTIAL6',
    0x07: 'PARTIAL7',
    0xac: 'ARRAY_COOKIE',
    0xf0: 'STACK_RZ',
    0xf1: 'STACK_LEFT_RZ',
    0xf2: 'STACK_MID_RZ',
    0xf3: 'STACK_RIGHT_RZ',
    0xf5: 'STACK_FREED',
    0xf8: 'STACK_OOSCOPE',
    0xf9: 'GLOBAL_RZ',
    0xe9: 'HEAP_RZ',
    0xfa: 'HEAP_LEFT_RZ',
    0xfb: 'HEAP_RIGHT_RZ',
    0xfd: 'HEAP_FREED'
}

def is_kasan_build():
    try:
        enable = kern.globals.kasan_enabled
        return True
    except ValueError, e:
        return False

def shadow_for_address(addr, shift):
    return ((addr >> 3) + shift)

def address_for_shadow(addr, shift):
    return ((addr - shift) << 3)

def get_shadow_byte(shadow_addr):
    return unsigned(kern.GetValueFromAddress(shadow_addr, 'uint8_t *')[0])

def print_legend():
    for (k,v) in shadow_strings.iteritems():
        print " {:02x}: {}".format(k,v)

def print_shadow_context(addr, context):
    addr = shadow_for_address(addr, shift)
    base = (addr & ~0xf) - 16 * context
    shadow = kern.GetValueFromAddress(unsigned(base), "uint8_t *")

    print " "*17 + "  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f"
    for x in range(0, 2*context+1):
        vals = ""
        l = " "
        for y in xrange(x*16, (x+1)*16):
            r = " "
            if base+y == addr:
                l = "["
                r = "]"
            elif base+y+1 == addr:
                r = ""
            sh = shadow[y]
            vals += "{}{:02x}{}".format(l, sh, r)
            l = ""
        print("{:x}:{}".format(base + 16*x, vals))

kasan_guard_size = 16
def print_alloc_free_entry(addr, orig_ptr):
    h = kern.GetValueFromAddress(addr, 'struct freelist_entry *')
    asz = unsigned(h.size)
    usz = unsigned(h.user_size)
    pgsz = unsigned(kern.globals.page_size)

    if h.zone:
        zone = h.zone
        if str(zone.zone_name).startswith("fakestack"):
            alloc_type = "fakestack"
            leftrz = 16
        else:
            alloc_type = "zone"
            leftrz = unsigned(zone.kasan_redzone)
    else:
        alloc_type = "kalloc"
        if asz - usz >= 2*pgsz:
            leftrz = pgsz
        else:
            leftrz = kasan_guard_size

    rightrz = asz - usz - leftrz

    print "Freed {} object".format(alloc_type)
    print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr + leftrz, addr + leftrz + usz - 1, usz)
    print "Total range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr, addr + asz - 1, asz)
    print "Offset:      {} bytes".format(orig_ptr - addr - leftrz)
    print "Redzone:     {} / {} bytes".format(leftrz, rightrz)
    if h.zone:
        print "Zone:        0x{:x} <{:s}>".format(unsigned(zone), zone.zone_name)

    btframes = unsigned(h.frames)
    if btframes > 0:
        print "",
        print "Free site backtrace ({} frames):".format(btframes)
        for i in xrange(0, btframes):
            fr = unsigned(kern.globals.vm_kernel_slid_base) + unsigned(h.backtrace[i])
            print " #{:}: {}".format(btframes-i-1, GetSourceInformationForAddress(fr))

    print "",
    print_hexdump(addr, asz, 0)

alloc_header_sz = 16

def print_alloc_info(_addr):
    addr = (_addr & ~0x7)

    _shp = shadow_for_address(_addr, shift)
    _shbyte = get_shadow_byte(_shp)
    _shstr = shadow_byte_to_string(_shbyte)

    # If we're in a left redzone, scan to the start of the real allocation, where
    # the header should live
    shbyte = _shbyte
    while shbyte == 0xfa:
        addr += 8
        shbyte = get_shadow_byte(shadow_for_address(addr, shift))

    # Search backwards for an allocation
    searchbytes = 0
    while searchbytes < 8*4096:

        shp = shadow_for_address(addr, shift)
        shbyte = get_shadow_byte(shp)
        shstr = shadow_byte_to_string(shbyte)

        headerp = addr - alloc_header_sz
        liveh = kern.GetValueFromAddress(headerp, 'struct kasan_alloc_header *')
        freeh = kern.GetValueFromAddress(addr, 'struct freelist_entry *')

        # heap allocations should only ever have these shadow values
        if shbyte not in (0,1,2,3,4,5,6,7, 0xfa, 0xfb, 0xfd, 0xf5):
            print "No allocation found at 0x{:x} (found shadow {:x})".format(_addr, shbyte)
            return

        live_magic = (addr & 0xffffffff) ^ 0xA110C8ED
        free_magic = (addr & 0xffffffff) ^ 0xF23333D

        if live_magic == unsigned(liveh.magic):
            usz = unsigned(liveh.user_size)
            asz = unsigned(liveh.alloc_size)
            leftrz = unsigned(liveh.left_rz)
            base = headerp + alloc_header_sz - leftrz

            if _addr >= base and _addr < base + asz:
                footer = kern.GetValueFromAddress(addr + usz, 'struct kasan_alloc_footer *')
                rightrz = asz - usz - leftrz

                print "Live heap object"
                print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr, addr + usz - 1, usz)
                print "Total range: 0x{:x} -- 0x{:x} ({} bytes)".format(base, base + asz - 1, asz)
                print "Offset:      {} bytes (shadow: 0x{:02x} {})".format(_addr - addr, _shbyte, _shstr)
                print "Redzone:     {} / {} bytes".format(leftrz, rightrz)

                btframes = unsigned(liveh.frames)
                print "",
                print "Alloc site backtrace ({} frames):".format(btframes)
                for i in xrange(0, btframes):
                    fr = unsigned(kern.globals.vm_kernel_slid_base) + unsigned(footer.backtrace[i])
                    print " #{:}: {}".format(btframes-i-1, GetSourceInformationForAddress(fr))

                print "",
                print_hexdump(base, asz, 0)
            return

        elif free_magic == unsigned(freeh.magic):
            asz = unsigned(freeh.size)
            if _addr >= addr and _addr < addr + asz:
                print_alloc_free_entry(addr, _addr)
            return

        searchbytes += 8
        addr -= 8

    print "No allocation found at 0x{:x}".format(_addr)

def shadow_byte_to_string(sb):
    return shadow_strings.get(sb, '??')

def print_whatis(_addr, ctx):
    addr = _addr & ~0x7
    total_size = 0
    base = None
    leftrz = None
    rightrz = None
    extra = "Live"

    shbyte = get_shadow_byte(shadow_for_address(addr, shift))
    maxsearch = 4096 * 2

    if shbyte in [0xfa, 0xfb, 0xfd, 0xf5]:
        print_alloc_info(_addr)
        return

    if shbyte not in [0,1,2,3,4,5,6,7,0xf8]:
        print "Poisoned memory, shadow {:x} [{}]".format(shbyte, shadow_byte_to_string(shbyte))
        return

    if shbyte is 0xf8:
        extra = "Out-of-scope"

    # look for the base of the object
    while shbyte in [0,1,2,3,4,5,6,7,0xf8]:
        sz = 8 - shbyte
        if shbyte is 0xf8:
            sz = 8
        total_size += sz
        addr -= 8
        shbyte = get_shadow_byte(shadow_for_address(addr, shift))
        maxsearch -= 8
        if maxsearch <= 0:
            print "No object found"
            return
    base = addr + 8
    leftrz = shbyte

    # If we did not find a left/mid redzone, we aren't in an object
    if leftrz not in [0xf1, 0xf2, 0xfa, 0xf9]:
        print "No object found"
        return

    # now size the object
    addr = (_addr & ~0x7) + 8
    shbyte = get_shadow_byte(shadow_for_address(addr, shift))
    while shbyte in [0,1,2,3,4,5,6,7,0xf8]:
        sz = 8 - shbyte
        if shbyte is 0xf8:
            sz = 8
        total_size += sz
        addr += 8
        shbyte = get_shadow_byte(shadow_for_address(addr, shift))
        maxsearch -= 8
        if maxsearch <= 0:
            print "No object found"
            return
    rightrz = shbyte

    # work out the type of the object from its redzone
    objtype = "Unknown"
    if leftrz == 0xf1 or leftrz == 0xf2:
        objtype = "stack"
    elif leftrz == 0xf9 and rightrz == 0xf9:
        objtype = "global"
    elif leftrz == 0xfa and rightrz == 0xfb:
        print_alloc_info(_addr)
        return

    print "{} {} object".format(extra, objtype)
    print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(base, base+total_size-1, total_size)
    print "Offset:      {} bytes".format(_addr - base)
    print "",
    print_hexdump(base, total_size, 0)

def print_hexdump(base, size, ctx):
    start = base - 16*ctx
    size += size % 16
    size = min(size + 16*2*ctx, 256)

    try:
        data_array = kern.GetValueFromAddress(start, "uint8_t *")
        print_hex_data(data_array[0:size], start, "Hexdump")
    except:
        pass

def kasan_subcommand(cmd, args, opts):
    addr = None
    if len(args) > 0:
        addr = long(args[0], 0)

    if cmd in ['a2s', 'toshadow', 'fromaddr', 'fromaddress']:
        print "0x{:016x}".format(shadow_for_address(addr, shift))
    elif cmd in ['s2a', 'toaddr', 'toaddress', 'fromshadow']:
        print "0x{:016x}".format(address_for_shadow(addr, shift))
    elif cmd == 'shadow':
        shadow = shadow_for_address(addr, shift)
        sb = get_shadow_byte(shadow)
        print("0x{:02x} @ 0x{:016x} [{}]\n\n".format(sb, shadow, shadow_byte_to_string(sb)))
        ctx = long(opts.get("-C", 5))
        print_shadow_context(addr, ctx)
    elif cmd == 'legend':
        print_legend()
    elif cmd == 'info':
        pages_used = unsigned(kern.globals.shadow_pages_used)
        pages_total = unsigned(kern.globals.shadow_pages_total)
        nkexts = unsigned(kern.globals.kexts_loaded)
        print "Offset:       0x{:016x}".format(shift)
        print "Shadow used:  {} / {} ({:.1f}%)".format(pages_used, pages_total, 100.0*pages_used/pages_total)
        print "Kexts loaded: {}".format(nkexts)
    elif cmd == 'whatis':
        ctx = long(opts.get("-C", 1))
        print_whatis(addr, ctx)
    elif cmd == 'alloc' or cmd == 'heap':
        print_alloc_info(addr)

@lldb_command('kasan', 'C:')
def Kasan(cmd_args=None, cmd_options={}):
    """kasan <cmd> [opts..]

    Commands:

      info               basic KASan information
      shadow <addr>      print shadow around 'addr'
      heap <addr>        show info about heap object at 'addr'
      whatis <addr>      print whatever KASan knows about address
      toshadow <addr>    convert address to shadow pointer
      toaddr <shdw>      convert shadow pointer to address
      legend             print a shadow byte table

    -C <num> : num lines of context to show"""

    if not is_kasan_build():
        print "KASan not enabled in build"
        return

    if len(cmd_args) == 0:
        print Kasan.__doc__
        return

    global shift
    shift = unsigned(kern.globals.__asan_shadow_memory_dynamic_address)

    # Since the VM is not aware of the KASan shadow mapping, accesses to it will
    # fail. Setting kdp_read_io=1 avoids this check.
    if GetConnectionProtocol() == "kdp" and unsigned(kern.globals.kdp_read_io) == 0:
        print "Setting kdp_read_io=1 to allow KASan shadow reads"
        if sizeof(kern.globals.kdp_read_io) == 4:
            WriteInt32ToMemoryAddress(1, addressof(kern.globals.kdp_read_io))
        elif sizeof(kern.globals.kdp_read_io) == 8:
            WriteInt64ToMemoryAddress(1, addressof(kern.globals.kdp_read_io))
        readio = unsigned(kern.globals.kdp_read_io)
        assert readio == 1

    return kasan_subcommand(cmd_args[0], cmd_args[1:], cmd_options)
Commit	Line	Data
5ba3f43e A	1	from xnu import *
	2	from utils import *
	3	from core.configuration import *
	4
	5	shift = None
	6
	7	shadow_strings = {
	8	0x00: 'VALID',
	9	0x01: 'PARTIAL1',
	10	0x02: 'PARTIAL2',
	11	0x03: 'PARTIAL3',
	12	0x04: 'PARTIAL4',
	13	0x05: 'PARTIAL5',
	14	0x06: 'PARTIAL6',
	15	0x07: 'PARTIAL7',
	16	0xac: 'ARRAY_COOKIE',
	17	0xf0: 'STACK_RZ',
	18	0xf1: 'STACK_LEFT_RZ',
	19	0xf2: 'STACK_MID_RZ',
	20	0xf3: 'STACK_RIGHT_RZ',
	21	0xf5: 'STACK_FREED',
	22	0xf8: 'STACK_OOSCOPE',
	23	0xf9: 'GLOBAL_RZ',
	24	0xe9: 'HEAP_RZ',
	25	0xfa: 'HEAP_LEFT_RZ',
	26	0xfb: 'HEAP_RIGHT_RZ',
	27	0xfd: 'HEAP_FREED'
	28	}
	29
	30	def is_kasan_build():
	31	try:
	32	enable = kern.globals.kasan_enabled
	33	return True
	34	except ValueError, e:
	35	return False
	36
	37	def shadow_for_address(addr, shift):
	38	return ((addr >> 3) + shift)
	39
	40	def address_for_shadow(addr, shift):
	41	return ((addr - shift) << 3)
	42
	43	def get_shadow_byte(shadow_addr):
	44	return unsigned(kern.GetValueFromAddress(shadow_addr, 'uint8_t *')[0])
	45
	46	def print_legend():
	47	for (k,v) in shadow_strings.iteritems():
	48	print " {:02x}: {}".format(k,v)
	49
	50	def print_shadow_context(addr, context):
	51	addr = shadow_for_address(addr, shift)
	52	base = (addr & ~0xf) - 16 * context
	53	shadow = kern.GetValueFromAddress(unsigned(base), "uint8_t *")
	54
	55	print " "*17 + " 0 1 2 3 4 5 6 7 8 9 a b c d e f"
	56	for x in range(0, 2*context+1):
	57	vals = ""
	58	l = " "
	59	for y in xrange(x16, (x+1)16):
	60	r = " "
	61	if base+y == addr:
	62	l = "["
	63	r = "]"
	64	elif base+y+1 == addr:
65	r = ""
66	sh = shadow[y]
67	vals += "{}{:02x}{}".format(l, sh, r)
68	l = ""
69	print("{:x}:{}".format(base + 16*x, vals))
70
71	kasan_guard_size = 16
72	def print_alloc_free_entry(addr, orig_ptr):
73	h = kern.GetValueFromAddress(addr, 'struct freelist_entry *')
74	asz = unsigned(h.size)
75	usz = unsigned(h.user_size)
76	pgsz = unsigned(kern.globals.page_size)
77
78	if h.zone:
79	zone = h.zone
80	if str(zone.zone_name).startswith("fakestack"):
81	alloc_type = "fakestack"
82	leftrz = 16
83	else:
84	alloc_type = "zone"
85	leftrz = unsigned(zone.kasan_redzone)
86	else:
87	alloc_type = "kalloc"
88	if asz - usz >= 2*pgsz:
89	leftrz = pgsz
90	else:
91	leftrz = kasan_guard_size
92
93	rightrz = asz - usz - leftrz
94
95	print "Freed {} object".format(alloc_type)
96	print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr + leftrz, addr + leftrz + usz - 1, usz)
97	print "Total range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr, addr + asz - 1, asz)
98	print "Offset: {} bytes".format(orig_ptr - addr - leftrz)
99	print "Redzone: {} / {} bytes".format(leftrz, rightrz)
100	if h.zone:
101	print "Zone: 0x{:x} <{:s}>".format(unsigned(zone), zone.zone_name)
102
103	btframes = unsigned(h.frames)
104	if btframes > 0:
105	print "",
106	print "Free site backtrace ({} frames):".format(btframes)
107	for i in xrange(0, btframes):
108	fr = unsigned(kern.globals.vm_kernel_slid_base) + unsigned(h.backtrace[i])
109	print " #{:}: {}".format(btframes-i-1, GetSourceInformationForAddress(fr))
110
111	print "",
112	print_hexdump(addr, asz, 0)
113
114	alloc_header_sz = 16
115
116	def print_alloc_info(_addr):
117	addr = (_addr & ~0x7)
118
119	_shp = shadow_for_address(_addr, shift)
120	_shbyte = get_shadow_byte(_shp)
121	_shstr = shadow_byte_to_string(_shbyte)
122
123	# If we're in a left redzone, scan to the start of the real allocation, where
124	# the header should live
125	shbyte = _shbyte
126	while shbyte == 0xfa:
127	addr += 8
128	shbyte = get_shadow_byte(shadow_for_address(addr, shift))
129
130	# Search backwards for an allocation
131	searchbytes = 0
132	while searchbytes < 8*4096:
133
134	shp = shadow_for_address(addr, shift)
135	shbyte = get_shadow_byte(shp)
136	shstr = shadow_byte_to_string(shbyte)
137
138	headerp = addr - alloc_header_sz
139	liveh = kern.GetValueFromAddress(headerp, 'struct kasan_alloc_header *')
140	freeh = kern.GetValueFromAddress(addr, 'struct freelist_entry *')
141
142	# heap allocations should only ever have these shadow values
143	if shbyte not in (0,1,2,3,4,5,6,7, 0xfa, 0xfb, 0xfd, 0xf5):
144	print "No allocation found at 0x{:x} (found shadow {:x})".format(_addr, shbyte)
145	return
146
147	live_magic = (addr & 0xffffffff) ^ 0xA110C8ED
148	free_magic = (addr & 0xffffffff) ^ 0xF23333D
149
150	if live_magic == unsigned(liveh.magic):
151	usz = unsigned(liveh.user_size)
152	asz = unsigned(liveh.alloc_size)
153	leftrz = unsigned(liveh.left_rz)
154	base = headerp + alloc_header_sz - leftrz
155
156	if _addr >= base and _addr < base + asz:
157	footer = kern.GetValueFromAddress(addr + usz, 'struct kasan_alloc_footer *')
158	rightrz = asz - usz - leftrz
159
160	print "Live heap object"
161	print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(addr, addr + usz - 1, usz)
162	print "Total range: 0x{:x} -- 0x{:x} ({} bytes)".format(base, base + asz - 1, asz)
163	print "Offset: {} bytes (shadow: 0x{:02x} {})".format(_addr - addr, _shbyte, _shstr)
164	print "Redzone: {} / {} bytes".format(leftrz, rightrz)
165
166	btframes = unsigned(liveh.frames)
167	print "",
168	print "Alloc site backtrace ({} frames):".format(btframes)
169	for i in xrange(0, btframes):
170	fr = unsigned(kern.globals.vm_kernel_slid_base) + unsigned(footer.backtrace[i])
171	print " #{:}: {}".format(btframes-i-1, GetSourceInformationForAddress(fr))
172
173	print "",
174	print_hexdump(base, asz, 0)
175	return
176
177	elif free_magic == unsigned(freeh.magic):
178	asz = unsigned(freeh.size)
179	if _addr >= addr and _addr < addr + asz:
180	print_alloc_free_entry(addr, _addr)
181	return
182
183	searchbytes += 8
184	addr -= 8
185
186	print "No allocation found at 0x{:x}".format(_addr)
187
188	def shadow_byte_to_string(sb):
189	return shadow_strings.get(sb, '??')
190
191	def print_whatis(_addr, ctx):
192	addr = _addr & ~0x7
193	total_size = 0
194	base = None
195	leftrz = None
196	rightrz = None
197	extra = "Live"
198
199	shbyte = get_shadow_byte(shadow_for_address(addr, shift))
200	maxsearch = 4096 * 2
201
202	if shbyte in [0xfa, 0xfb, 0xfd, 0xf5]:
203	print_alloc_info(_addr)
204	return
205
206	if shbyte not in [0,1,2,3,4,5,6,7,0xf8]:
207	print "Poisoned memory, shadow {:x} [{}]".format(shbyte, shadow_byte_to_string(shbyte))
208	return
209
210	if shbyte is 0xf8:
211	extra = "Out-of-scope"
212
213	# look for the base of the object
214	while shbyte in [0,1,2,3,4,5,6,7,0xf8]:
215	sz = 8 - shbyte
216	if shbyte is 0xf8:
217	sz = 8
218	total_size += sz
219	addr -= 8
220	shbyte = get_shadow_byte(shadow_for_address(addr, shift))
221	maxsearch -= 8
222	if maxsearch <= 0:
223	print "No object found"
224	return
225	base = addr + 8
226	leftrz = shbyte
227
228	# If we did not find a left/mid redzone, we aren't in an object
229	if leftrz not in [0xf1, 0xf2, 0xfa, 0xf9]:
230	print "No object found"
231	return
232
233	# now size the object
234	addr = (_addr & ~0x7) + 8
235	shbyte = get_shadow_byte(shadow_for_address(addr, shift))
236	while shbyte in [0,1,2,3,4,5,6,7,0xf8]:
237	sz = 8 - shbyte
238	if shbyte is 0xf8:
239	sz = 8
240	total_size += sz
241	addr += 8
242	shbyte = get_shadow_byte(shadow_for_address(addr, shift))
243	maxsearch -= 8
244	if maxsearch <= 0:
245	print "No object found"
246	return
247	rightrz = shbyte
248
249	# work out the type of the object from its redzone
250	objtype = "Unknown"
251	if leftrz == 0xf1 or leftrz == 0xf2:
252	objtype = "stack"
253	elif leftrz == 0xf9 and rightrz == 0xf9:
254	objtype = "global"
255	elif leftrz == 0xfa and rightrz == 0xfb:
256	print_alloc_info(_addr)
257	return
258
259	print "{} {} object".format(extra, objtype)
260	print "Valid range: 0x{:x} -- 0x{:x} ({} bytes)".format(base, base+total_size-1, total_size)
261	print "Offset: {} bytes".format(_addr - base)
262	print "",
263	print_hexdump(base, total_size, 0)
264
265	def print_hexdump(base, size, ctx):
266	start = base - 16*ctx
267	size += size % 16
268	size = min(size + 162ctx, 256)
269
270	try:
271	data_array = kern.GetValueFromAddress(start, "uint8_t *")
272	print_hex_data(data_array[0:size], start, "Hexdump")
273	except:
274	pass
275
276	def kasan_subcommand(cmd, args, opts):
277	addr = None
278	if len(args) > 0:
279	addr = long(args[0], 0)
280
281	if cmd in ['a2s', 'toshadow', 'fromaddr', 'fromaddress']:
282	print "0x{:016x}".format(shadow_for_address(addr, shift))
283	elif cmd in ['s2a', 'toaddr', 'toaddress', 'fromshadow']:
284	print "0x{:016x}".format(address_for_shadow(addr, shift))
285	elif cmd == 'shadow':
286	shadow = shadow_for_address(addr, shift)
287	sb = get_shadow_byte(shadow)
288	print("0x{:02x} @ 0x{:016x} [{}]\n\n".format(sb, shadow, shadow_byte_to_string(sb)))
289	ctx = long(opts.get("-C", 5))
290	print_shadow_context(addr, ctx)
291	elif cmd == 'legend':
292	print_legend()
293	elif cmd == 'info':
294	pages_used = unsigned(kern.globals.shadow_pages_used)
295	pages_total = unsigned(kern.globals.shadow_pages_total)
296	nkexts = unsigned(kern.globals.kexts_loaded)
297	print "Offset: 0x{:016x}".format(shift)
298	print "Shadow used: {} / {} ({:.1f}%)".format(pages_used, pages_total, 100.0*pages_used/pages_total)
299	print "Kexts loaded: {}".format(nkexts)
300	elif cmd == 'whatis':
301	ctx = long(opts.get("-C", 1))
302	print_whatis(addr, ctx)
303	elif cmd == 'alloc' or cmd == 'heap':
304	print_alloc_info(addr)
305
306	@lldb_command('kasan', 'C:')
307	def Kasan(cmd_args=None, cmd_options={}):
308	"""kasan <cmd> [opts..]
309
310	Commands:
311
312	info basic KASan information
313	shadow <addr> print shadow around 'addr'
314	heap <addr> show info about heap object at 'addr'
315	whatis <addr> print whatever KASan knows about address
316	toshadow <addr> convert address to shadow pointer
317	toaddr <shdw> convert shadow pointer to address
318	legend print a shadow byte table
319
320	-C <num> : num lines of context to show"""
321
322	if not is_kasan_build():
323	print "KASan not enabled in build"
324	return
325
326	if len(cmd_args) == 0:
327	print Kasan.__doc__
328	return
329
330	global shift
331	shift = unsigned(kern.globals.__asan_shadow_memory_dynamic_address)
332
333	# Since the VM is not aware of the KASan shadow mapping, accesses to it will
334	# fail. Setting kdp_read_io=1 avoids this check.
335	if GetConnectionProtocol() == "kdp" and unsigned(kern.globals.kdp_read_io) == 0:
336	print "Setting kdp_read_io=1 to allow KASan shadow reads"
337	if sizeof(kern.globals.kdp_read_io) == 4:
338	WriteInt32ToMemoryAddress(1, addressof(kern.globals.kdp_read_io))
339	elif sizeof(kern.globals.kdp_read_io) == 8:
340	WriteInt64ToMemoryAddress(1, addressof(kern.globals.kdp_read_io))
341	readio = unsigned(kern.globals.kdp_read_io)
342	assert readio == 1
343
344	return kasan_subcommand(cmd_args[0], cmd_args[1:], cmd_options)
345