san/kasan_internal.h

   1 /*
   2  * Copyright (c) 2000-2014 Apple Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28
  29 #ifndef _KASAN_INTERNAL_H_
  30 #define _KASAN_INTERNAL_H_
  31
  32 #include <stdbool.h>
  33 #include <mach/mach_vm.h>
  34 #include <kern/zalloc.h>
  35
  36 typedef uintptr_t uptr;
  37
  38 #define MiB(x) ((x) * 1024UL * 1024)
  39
  40 /*
  41  * KASAN features and config
  42  */
  43 #define FAKESTACK     1
  44 /* KASAN_KALLOC defined in kasan.h */
  45 /* KASAN_ZALLOC defined in kasan.h */
  46 #define FAKESTACK_QUARANTINE (1 && FAKESTACK)
  47
  48 #define QUARANTINE_ENTRIES 5000
  49 #define QUARANTINE_MAXSIZE MiB(10)
  50
  51 /*
  52  * The amount of physical memory stolen by KASan at boot to back the shadow memory
  53  * and page tables. Larger memory systems need to steal proportionally less.
  54  */
  55 #ifdef __arm64__
  56 /* Works out at about 25% of 512 MiB and 15% of 3GiB system */
  57 # define STOLEN_MEM_PERCENT  13UL
  58 # define STOLEN_MEM_BYTES    MiB(62)
  59 # define HW_PAGE_SIZE        (ARM_PGBYTES)
  60 # define HW_PAGE_MASK        (ARM_PGMASK)
  61 #else
  62 # define STOLEN_MEM_PERCENT  25UL
  63 # define STOLEN_MEM_BYTES    0
  64 # define HW_PAGE_SIZE        (PAGE_SIZE)
  65 # define HW_PAGE_MASK        (PAGE_MASK)
  66 #endif
  67
  68 /* boot-args */
  69 #define KASAN_ARGS_FAKESTACK       0x0010U
  70 #define KASAN_ARGS_REPORTIGNORED   0x0020U
  71 #define KASAN_ARGS_NODYCHECKS      0x0100U
  72 #define KASAN_ARGS_NOPOISON_HEAP   0x0200U
  73 #define KASAN_ARGS_NOPOISON_GLOBAL 0x0400U
  74
  75 #ifndef KASAN
  76 # error KASAN undefined
  77 #endif
  78
  79 #ifndef KASAN_SHIFT
  80 # error KASAN_SHIFT undefined
  81 #endif
  82
  83 #define ADDRESS_FOR_SHADOW(x) (((x) - KASAN_SHIFT) << 3)
  84 #define SHADOW_FOR_ADDRESS(x) (uint8_t *)(((x) >> 3) + KASAN_SHIFT)
  85
  86 #if KASAN_DEBUG
  87 # define NOINLINE OS_NOINLINE
  88 #else
  89 # define NOINLINE
  90 #endif
  91 #define ALWAYS_INLINE inline __attribute__((always_inline))
  92
  93 #define CLANG_MIN_VERSION(x) (defined(__apple_build_version__) && (__apple_build_version__ >= (x)))
  94
  95 #define BIT(x) (1U << (x))
  96
  97 enum __attribute__((flag_enum)) kasan_access_types {
  98         TYPE_LOAD    = BIT(0),  /* regular memory load */
  99         TYPE_STORE   = BIT(1),  /* regular store */
 100         TYPE_MEMR    = BIT(2),  /* memory intrinsic (read) */
 101         TYPE_MEMW    = BIT(3),  /* memory intrinsic (write) */
 102         TYPE_STRR    = BIT(4),  /* string intrinsic (read) */
 103         TYPE_STRW    = BIT(5),  /* string intrinsic (write) */
 104         TYPE_KFREE   = BIT(6),  /* kfree() */
 105         TYPE_ZFREE   = BIT(7),  /* zfree() */
 106         TYPE_FSFREE  = BIT(8),  /* fakestack free */
 107
 108         TYPE_UAF           = BIT(12),
 109         TYPE_POISON_GLOBAL = BIT(13),
 110         TYPE_POISON_HEAP   = BIT(14),
 111         /* no TYPE_POISON_STACK, because the runtime does not control stack poisoning */
 112         TYPE_TEST          = BIT(15),
 113
 114         /* masks */
 115         TYPE_MEM     = TYPE_MEMR|TYPE_MEMW,            /* memory intrinsics */
 116         TYPE_STR     = TYPE_STRR|TYPE_STRW,            /* string intrinsics */
 117         TYPE_READ    = TYPE_LOAD|TYPE_MEMR|TYPE_STRR,  /* all reads */
 118         TYPE_WRITE   = TYPE_STORE|TYPE_MEMW|TYPE_STRW, /* all writes */
 119         TYPE_RW      = TYPE_READ|TYPE_WRITE,           /* reads and writes */
 120         TYPE_FREE    = TYPE_KFREE|TYPE_ZFREE|TYPE_FSFREE,
 121         TYPE_NORMAL  = TYPE_RW|TYPE_FREE,
 122         TYPE_DYNAMIC = TYPE_NORMAL|TYPE_UAF,
 123         TYPE_POISON  = TYPE_POISON_GLOBAL|TYPE_POISON_HEAP,
 124         TYPE_ALL     = ~0U,
 125 };
 126
 127 enum kasan_violation_types {
 128         REASON_POISONED =       0, /* read or write of poisoned data */
 129         REASON_BAD_METADATA =   1, /* incorrect kasan metadata */
 130         REASON_INVALID_SIZE =   2, /* free size did not match alloc size */
 131         REASON_MOD_AFTER_FREE = 3, /* object modified after free */
 132         REASON_MOD_OOB =        4, /* out of bounds modification of object */
 133 };
 134
 135 typedef enum kasan_access_types access_t;
 136 typedef enum kasan_violation_types violation_t;
 137
 138 bool kasan_range_poisoned(vm_offset_t base, vm_size_t size, vm_offset_t *first_invalid);
 139 void kasan_check_range(const void *x, size_t sz, access_t);
 140 void kasan_test(int testno, int fail);
 141 void kasan_handle_test(void);
 142 void kasan_free_internal(void **addrp, vm_size_t *sizep, int type, zone_t *, vm_size_t user_size, int locked, bool doquarantine);
 143 void kasan_poison(vm_offset_t base, vm_size_t size, vm_size_t leftrz, vm_size_t rightrz, uint8_t flags);
 144 void kasan_lock(boolean_t *b);
 145 void kasan_unlock(boolean_t b);
 146 bool kasan_lock_held(thread_t thread);
 147 void kasan_init_fakestack(void);
 148
 149 /* dynamic blacklist */
 150 void kasan_init_dybl(void);
 151 bool kasan_is_blacklisted(access_t);
 152 void kasan_dybl_load_kext(uintptr_t addr, const char *kextname);
 153 void kasan_dybl_unload_kext(uintptr_t addr);
 154
 155 /* arch-specific interface */
 156 void kasan_arch_init(void);
 157 bool kasan_is_shadow_mapped(uintptr_t shadowp);
 158
 159 extern vm_address_t kernel_vbase;
 160 extern vm_address_t kernel_vtop;
 161
 162 extern unsigned shadow_pages_used;
 163
 164 /* boot-arg configurable */
 165 extern int fakestack_enabled;
 166
 167 /* Describes the source location where a global is defined. */
 168 struct asan_global_source_location {
 169         const char *filename;
 170         int line_no;
 171         int column_no;
 172 };
 173
 174 /* Describes an instrumented global variable. */
 175 struct asan_global {
 176         uptr addr;
 177         uptr size;
 178         uptr size_with_redzone;
 179         const char *name;
 180         const char *module;
 181         uptr has_dynamic_init;
 182         struct asan_global_source_location *location;
 183 #if CLANG_MIN_VERSION(8020000)
 184         uptr odr_indicator;
 185 #endif
 186 };
 187
 188 #if defined(__x86_64__)
 189 # define _JBLEN ((9 * 2) + 3 + 16)
 190 #elif defined(__arm64__)
 191 # define _JBLEN ((14 + 8 + 2) * 2)
 192 #else
 193 # error "Unknown arch"
 194 #endif
 195
 196 typedef int jmp_buf[_JBLEN];
 197 void _longjmp(jmp_buf env, int val) OS_NORETURN;
 198 int _setjmp(jmp_buf env) __attribute__((returns_twice));
 199
 200 #endif /* _KASAN_INTERNAL_H_ */