Searched hist:ebc34e0c430eea40ecd29968699abc657a50d2fe (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/kernel/ |
| H A D | asan.c | ebc34e0c430eea40ecd29968699abc657a50d2fe Mon Jun 09 22:33:38 UTC 2025 Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de> core: asan: fix check_access()
The previous implementation of check_access() was not fully
correct and could fail to detect out-of-bounds accesses near
the end of an allocated buffer.
For example, given a buffer of size 7 allocated at address A.
check_access(addr = A + 7, size = 1) would not trigger a panic,
because the check relied on va_is_well_aligned(end), which skips
validation when end is aligned.
The new check_access() implementation is based on the version from
FreeBSD's subr_asan.c and performs precise shadow memory validation.
In addition, asan_tag_access() behaviour was changed. The shadow byte
should encode the number of accessible bytes. (1 <= k <= 7) means that
the first k bytes are addressible.
This behaviour is in accordance with:
a) the stack instrumentation emitted by compiler
b) the original ASan paper, see [1] section 3.1 Shadow Memory
c) other kasan implementations from freebsd/linux-kernel
[1] https://www.usenix.org/system/files/conference/atc12/atc12-final39.pdf
Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|