1/* SPDX-License-Identifier: GPL-2.0 */ 2#ifndef __MM_KASAN_KASAN_H 3#define __MM_KASAN_KASAN_H 4 5#include <linux/kasan.h> 6#include <linux/stackdepot.h> 7 8#define KASAN_SHADOW_SCALE_SIZE (1UL << KASAN_SHADOW_SCALE_SHIFT) 9#define KASAN_SHADOW_MASK (KASAN_SHADOW_SCALE_SIZE - 1) 10 11#define KASAN_TAG_KERNEL 0xFF /* native kernel pointers tag */ 12#define KASAN_TAG_INVALID 0xFE /* inaccessible memory tag */ 13#define KASAN_TAG_MAX 0xFD /* maximum value for random tags */ 14 15#ifdef CONFIG_KASAN_GENERIC 16#define KASAN_FREE_PAGE 0xFF /* page was freed */ 17#define KASAN_PAGE_REDZONE 0xFE /* redzone for kmalloc_large allocations */ 18#define KASAN_KMALLOC_REDZONE 0xFC /* redzone inside slub object */ 19#define KASAN_KMALLOC_FREE 0xFB /* object was freed (kmem_cache_free/kfree) */ 20#define KASAN_KMALLOC_FREETRACK 0xFA /* object was freed and has free track set */ 21#else 22#define KASAN_FREE_PAGE KASAN_TAG_INVALID 23#define KASAN_PAGE_REDZONE KASAN_TAG_INVALID 24#define KASAN_KMALLOC_REDZONE KASAN_TAG_INVALID 25#define KASAN_KMALLOC_FREE KASAN_TAG_INVALID 26#define KASAN_KMALLOC_FREETRACK KASAN_TAG_INVALID 27#endif 28 29#define KASAN_GLOBAL_REDZONE 0xF9 /* redzone for global variable */ 30#define KASAN_VMALLOC_INVALID 0xF8 /* unallocated space in vmapped page */ 31 32/* 33 * Stack redzone shadow values 34 * (Those are compiler's ABI, don't change them) 35 */ 36#define KASAN_STACK_LEFT 0xF1 37#define KASAN_STACK_MID 0xF2 38#define KASAN_STACK_RIGHT 0xF3 39#define KASAN_STACK_PARTIAL 0xF4 40 41/* 42 * alloca redzone shadow values 43 */ 44#define KASAN_ALLOCA_LEFT 0xCA 45#define KASAN_ALLOCA_RIGHT 0xCB 46 47#define KASAN_ALLOCA_REDZONE_SIZE 32 48 49/* 50 * Stack frame marker (compiler ABI). 51 */ 52#define KASAN_CURRENT_STACK_FRAME_MAGIC 0x41B58AB3 53 54/* Don't break randconfig/all*config builds */ 55#ifndef KASAN_ABI_VERSION 56#define KASAN_ABI_VERSION 1 57#endif 58 59struct kasan_access_info { 60 const void *access_addr; 61 const void *first_bad_addr; 62 size_t access_size; 63 bool is_write; 64 unsigned long ip; 65}; 66 67/* The layout of struct dictated by compiler */ 68struct kasan_source_location { 69 const char *filename; 70 int line_no; 71 int column_no; 72}; 73 74/* The layout of struct dictated by compiler */ 75struct kasan_global { 76 const void *beg; /* Address of the beginning of the global variable. */ 77 size_t size; /* Size of the global variable. */ 78 size_t size_with_redzone; /* Size of the variable + size of the red zone. 32 bytes aligned */ 79 const void *name; 80 const void *module_name; /* Name of the module where the global variable is declared. */ 81 unsigned long has_dynamic_init; /* This needed for C++ */ 82#if KASAN_ABI_VERSION >= 4 83 struct kasan_source_location *location; 84#endif 85#if KASAN_ABI_VERSION >= 5 86 char *odr_indicator; 87#endif 88}; 89 90/** 91 * Structures to keep alloc and free tracks * 92 */ 93 94#define KASAN_STACK_DEPTH 64 95 96struct kasan_track { 97 u32 pid; 98 depot_stack_handle_t stack; 99}; 100 101#ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY 102#define KASAN_NR_FREE_STACKS 5 103#else 104#define KASAN_NR_FREE_STACKS 1 105#endif 106 107struct kasan_alloc_meta { 108 struct kasan_track alloc_track; 109#ifdef CONFIG_KASAN_GENERIC 110 /* 111 * call_rcu() call stack is stored into struct kasan_alloc_meta. 112 * The free stack is stored into struct kasan_free_meta. 113 */ 114 depot_stack_handle_t aux_stack[2]; 115#else 116 struct kasan_track free_track[KASAN_NR_FREE_STACKS]; 117#endif 118#ifdef CONFIG_KASAN_SW_TAGS_IDENTIFY 119 u8 free_pointer_tag[KASAN_NR_FREE_STACKS]; 120 u8 free_track_idx; 121#endif 122}; 123 124struct qlist_node { 125 struct qlist_node *next; 126}; 127struct kasan_free_meta { 128 /* This field is used while the object is in the quarantine. 129 * Otherwise it might be used for the allocator freelist. 130 */ 131 struct qlist_node quarantine_link; 132#ifdef CONFIG_KASAN_GENERIC 133 struct kasan_track free_track; 134#endif 135}; 136 137struct kasan_alloc_meta *get_alloc_info(struct kmem_cache *cache, 138 const void *object); 139struct kasan_free_meta *get_free_info(struct kmem_cache *cache, 140 const void *object); 141 142#ifndef kasan_shadow_to_mem 143static inline const void *kasan_shadow_to_mem(const void *shadow_addr) 144{ 145 return (void *)(((unsigned long)shadow_addr - KASAN_SHADOW_OFFSET) 146 << KASAN_SHADOW_SCALE_SHIFT); 147} 148#endif 149 150#ifndef addr_has_metadata 151static inline bool addr_has_metadata(const void *addr) 152{ 153 return (addr >= kasan_shadow_to_mem((void *)KASAN_SHADOW_START)); 154} 155#endif 156 157void kasan_poison_shadow(const void *address, size_t size, u8 value); 158 159/** 160 * check_memory_region - Check memory region, and report if invalid access. 161 * @addr: the accessed address 162 * @size: the accessed size 163 * @write: true if access is a write access 164 * @ret_ip: return address 165 * @return: true if access was valid, false if invalid 166 */ 167bool check_memory_region(unsigned long addr, size_t size, bool write, 168 unsigned long ret_ip); 169 170void *find_first_bad_addr(void *addr, size_t size); 171const char *get_bug_type(struct kasan_access_info *info); 172 173bool kasan_report(unsigned long addr, size_t size, 174 bool is_write, unsigned long ip); 175void kasan_report_invalid_free(void *object, unsigned long ip); 176 177struct page *kasan_addr_to_page(const void *addr); 178 179depot_stack_handle_t kasan_save_stack(gfp_t flags); 180void kasan_set_track(struct kasan_track *track, gfp_t flags); 181void kasan_set_free_info(struct kmem_cache *cache, void *object, u8 tag); 182struct kasan_track *kasan_get_free_track(struct kmem_cache *cache, 183 void *object, u8 tag); 184 185#if defined(CONFIG_KASAN_GENERIC) && \ 186 (defined(CONFIG_SLAB) || defined(CONFIG_SLUB)) 187void quarantine_put(struct kasan_free_meta *info, struct kmem_cache *cache); 188void quarantine_reduce(void); 189void quarantine_remove_cache(struct kmem_cache *cache); 190#else 191static inline void quarantine_put(struct kasan_free_meta *info, 192 struct kmem_cache *cache) { } 193static inline void quarantine_reduce(void) { } 194static inline void quarantine_remove_cache(struct kmem_cache *cache) { } 195#endif 196 197#ifdef CONFIG_KASAN_SW_TAGS 198 199void print_tags(u8 addr_tag, const void *addr); 200 201u8 random_tag(void); 202 203#else 204 205static inline void print_tags(u8 addr_tag, const void *addr) { } 206 207static inline u8 random_tag(void) 208{ 209 return 0; 210} 211 212#endif 213 214#ifndef arch_kasan_set_tag 215static inline const void *arch_kasan_set_tag(const void *addr, u8 tag) 216{ 217 return addr; 218} 219#endif 220#ifndef arch_kasan_reset_tag 221#define arch_kasan_reset_tag(addr) ((void *)(addr)) 222#endif 223#ifndef arch_kasan_get_tag 224#define arch_kasan_get_tag(addr) 0 225#endif 226 227#define set_tag(addr, tag) ((void *)arch_kasan_set_tag((addr), (tag))) 228#define reset_tag(addr) ((void *)arch_kasan_reset_tag(addr)) 229#define get_tag(addr) arch_kasan_get_tag(addr) 230 231/* 232 * Exported functions for interfaces called from assembly or from generated 233 * code. Declarations here to avoid warning about missing declarations. 234 */ 235asmlinkage void kasan_unpoison_task_stack_below(const void *watermark); 236void __asan_register_globals(struct kasan_global *globals, size_t size); 237void __asan_unregister_globals(struct kasan_global *globals, size_t size); 238void __asan_handle_no_return(void); 239void __asan_alloca_poison(unsigned long addr, size_t size); 240void __asan_allocas_unpoison(const void *stack_top, const void *stack_bottom); 241 242void __asan_load1(unsigned long addr); 243void __asan_store1(unsigned long addr); 244void __asan_load2(unsigned long addr); 245void __asan_store2(unsigned long addr); 246void __asan_load4(unsigned long addr); 247void __asan_store4(unsigned long addr); 248void __asan_load8(unsigned long addr); 249void __asan_store8(unsigned long addr); 250void __asan_load16(unsigned long addr); 251void __asan_store16(unsigned long addr); 252void __asan_loadN(unsigned long addr, size_t size); 253void __asan_storeN(unsigned long addr, size_t size); 254 255void __asan_load1_noabort(unsigned long addr); 256void __asan_store1_noabort(unsigned long addr); 257void __asan_load2_noabort(unsigned long addr); 258void __asan_store2_noabort(unsigned long addr); 259void __asan_load4_noabort(unsigned long addr); 260void __asan_store4_noabort(unsigned long addr); 261void __asan_load8_noabort(unsigned long addr); 262void __asan_store8_noabort(unsigned long addr); 263void __asan_load16_noabort(unsigned long addr); 264void __asan_store16_noabort(unsigned long addr); 265void __asan_loadN_noabort(unsigned long addr, size_t size); 266void __asan_storeN_noabort(unsigned long addr, size_t size); 267 268void __asan_report_load1_noabort(unsigned long addr); 269void __asan_report_store1_noabort(unsigned long addr); 270void __asan_report_load2_noabort(unsigned long addr); 271void __asan_report_store2_noabort(unsigned long addr); 272void __asan_report_load4_noabort(unsigned long addr); 273void __asan_report_store4_noabort(unsigned long addr); 274void __asan_report_load8_noabort(unsigned long addr); 275void __asan_report_store8_noabort(unsigned long addr); 276void __asan_report_load16_noabort(unsigned long addr); 277void __asan_report_store16_noabort(unsigned long addr); 278void __asan_report_load_n_noabort(unsigned long addr, size_t size); 279void __asan_report_store_n_noabort(unsigned long addr, size_t size); 280 281void __asan_set_shadow_00(const void *addr, size_t size); 282void __asan_set_shadow_f1(const void *addr, size_t size); 283void __asan_set_shadow_f2(const void *addr, size_t size); 284void __asan_set_shadow_f3(const void *addr, size_t size); 285void __asan_set_shadow_f5(const void *addr, size_t size); 286void __asan_set_shadow_f8(const void *addr, size_t size); 287 288void __hwasan_load1_noabort(unsigned long addr); 289void __hwasan_store1_noabort(unsigned long addr); 290void __hwasan_load2_noabort(unsigned long addr); 291void __hwasan_store2_noabort(unsigned long addr); 292void __hwasan_load4_noabort(unsigned long addr); 293void __hwasan_store4_noabort(unsigned long addr); 294void __hwasan_load8_noabort(unsigned long addr); 295void __hwasan_store8_noabort(unsigned long addr); 296void __hwasan_load16_noabort(unsigned long addr); 297void __hwasan_store16_noabort(unsigned long addr); 298void __hwasan_loadN_noabort(unsigned long addr, size_t size); 299void __hwasan_storeN_noabort(unsigned long addr, size_t size); 300 301void __hwasan_tag_memory(unsigned long addr, u8 tag, unsigned long size); 302 303#endif 304