1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LINUX_KASAN_H
3 #define _LINUX_KASAN_H
4
5 #include <linux/bug.h>
6 #include <linux/kasan-enabled.h>
7 #include <linux/kernel.h>
8 #include <linux/static_key.h>
9 #include <linux/types.h>
10
11 struct kmem_cache;
12 struct page;
13 struct vm_struct;
14 struct task_struct;
15
16 #ifdef CONFIG_KASAN
17
18 #include <linux/linkage.h>
19 #include <asm/kasan.h>
20
21 /* kasan_data struct is used in KUnit tests for KASAN expected failures */
22 struct kunit_kasan_expectation {
23 bool report_expected;
24 bool report_found;
25 };
26
27 #endif
28
29 #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)
30
31 #include <linux/pgtable.h>
32
33 /* Software KASAN implementations use shadow memory. */
34
35 #ifdef CONFIG_KASAN_SW_TAGS
36 /* This matches KASAN_TAG_INVALID. */
37 #define KASAN_SHADOW_INIT 0xFE
38 #else
39 #define KASAN_SHADOW_INIT 0
40 #endif
41
42 #ifndef PTE_HWTABLE_PTRS
43 #define PTE_HWTABLE_PTRS 0
44 #endif
45
46 extern unsigned char kasan_early_shadow_page[PAGE_SIZE];
47 extern pte_t kasan_early_shadow_pte[PTRS_PER_PTE + PTE_HWTABLE_PTRS];
48 extern pmd_t kasan_early_shadow_pmd[PTRS_PER_PMD];
49 extern pud_t kasan_early_shadow_pud[PTRS_PER_PUD];
50 extern p4d_t kasan_early_shadow_p4d[MAX_PTRS_PER_P4D];
51
52 int kasan_populate_early_shadow(const void *shadow_start,
53 const void *shadow_end);
54
kasan_mem_to_shadow(const void * addr)55 static inline void *kasan_mem_to_shadow(const void *addr)
56 {
57 return (void *)((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
58 + KASAN_SHADOW_OFFSET;
59 }
60
61 int kasan_add_zero_shadow(void *start, unsigned long size);
62 void kasan_remove_zero_shadow(void *start, unsigned long size);
63
64 /* Enable reporting bugs after kasan_disable_current() */
65 extern void kasan_enable_current(void);
66
67 /* Disable reporting bugs for current task */
68 extern void kasan_disable_current(void);
69
70 #else /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */
71
kasan_add_zero_shadow(void * start,unsigned long size)72 static inline int kasan_add_zero_shadow(void *start, unsigned long size)
73 {
74 return 0;
75 }
kasan_remove_zero_shadow(void * start,unsigned long size)76 static inline void kasan_remove_zero_shadow(void *start,
77 unsigned long size)
78 {}
79
kasan_enable_current(void)80 static inline void kasan_enable_current(void) {}
kasan_disable_current(void)81 static inline void kasan_disable_current(void) {}
82
83 #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */
84
85 #ifdef CONFIG_KASAN_HW_TAGS
86
87 void kasan_alloc_pages(struct page *page, unsigned int order, gfp_t flags);
88 void kasan_free_pages(struct page *page, unsigned int order);
89
90 #else /* CONFIG_KASAN_HW_TAGS */
91
kasan_alloc_pages(struct page * page,unsigned int order,gfp_t flags)92 static __always_inline void kasan_alloc_pages(struct page *page,
93 unsigned int order, gfp_t flags)
94 {
95 /* Only available for integrated init. */
96 BUILD_BUG();
97 }
98
kasan_free_pages(struct page * page,unsigned int order)99 static __always_inline void kasan_free_pages(struct page *page,
100 unsigned int order)
101 {
102 /* Only available for integrated init. */
103 BUILD_BUG();
104 }
105
106 #endif /* CONFIG_KASAN_HW_TAGS */
107
kasan_has_integrated_init(void)108 static inline bool kasan_has_integrated_init(void)
109 {
110 return kasan_hw_tags_enabled();
111 }
112
113 #ifdef CONFIG_KASAN
114
115 struct kasan_cache {
116 int alloc_meta_offset;
117 int free_meta_offset;
118 bool is_kmalloc;
119 };
120
121 slab_flags_t __kasan_never_merge(void);
kasan_never_merge(void)122 static __always_inline slab_flags_t kasan_never_merge(void)
123 {
124 if (kasan_enabled())
125 return __kasan_never_merge();
126 return 0;
127 }
128
129 void __kasan_unpoison_range(const void *addr, size_t size);
kasan_unpoison_range(const void * addr,size_t size)130 static __always_inline void kasan_unpoison_range(const void *addr, size_t size)
131 {
132 if (kasan_enabled())
133 __kasan_unpoison_range(addr, size);
134 }
135
136 void __kasan_poison_pages(struct page *page, unsigned int order, bool init);
kasan_poison_pages(struct page * page,unsigned int order,bool init)137 static __always_inline void kasan_poison_pages(struct page *page,
138 unsigned int order, bool init)
139 {
140 if (kasan_enabled())
141 __kasan_poison_pages(page, order, init);
142 }
143
144 void __kasan_unpoison_pages(struct page *page, unsigned int order, bool init);
kasan_unpoison_pages(struct page * page,unsigned int order,bool init)145 static __always_inline void kasan_unpoison_pages(struct page *page,
146 unsigned int order, bool init)
147 {
148 if (kasan_enabled())
149 __kasan_unpoison_pages(page, order, init);
150 }
151
152 void __kasan_cache_create(struct kmem_cache *cache, unsigned int *size,
153 slab_flags_t *flags);
kasan_cache_create(struct kmem_cache * cache,unsigned int * size,slab_flags_t * flags)154 static __always_inline void kasan_cache_create(struct kmem_cache *cache,
155 unsigned int *size, slab_flags_t *flags)
156 {
157 if (kasan_enabled())
158 __kasan_cache_create(cache, size, flags);
159 }
160
161 void __kasan_cache_create_kmalloc(struct kmem_cache *cache);
kasan_cache_create_kmalloc(struct kmem_cache * cache)162 static __always_inline void kasan_cache_create_kmalloc(struct kmem_cache *cache)
163 {
164 if (kasan_enabled())
165 __kasan_cache_create_kmalloc(cache);
166 }
167
168 size_t __kasan_metadata_size(struct kmem_cache *cache);
kasan_metadata_size(struct kmem_cache * cache)169 static __always_inline size_t kasan_metadata_size(struct kmem_cache *cache)
170 {
171 if (kasan_enabled())
172 return __kasan_metadata_size(cache);
173 return 0;
174 }
175
176 void __kasan_poison_slab(struct page *page);
kasan_poison_slab(struct page * page)177 static __always_inline void kasan_poison_slab(struct page *page)
178 {
179 if (kasan_enabled())
180 __kasan_poison_slab(page);
181 }
182
183 void __kasan_unpoison_object_data(struct kmem_cache *cache, void *object);
kasan_unpoison_object_data(struct kmem_cache * cache,void * object)184 static __always_inline void kasan_unpoison_object_data(struct kmem_cache *cache,
185 void *object)
186 {
187 if (kasan_enabled())
188 __kasan_unpoison_object_data(cache, object);
189 }
190
191 void __kasan_poison_object_data(struct kmem_cache *cache, void *object);
kasan_poison_object_data(struct kmem_cache * cache,void * object)192 static __always_inline void kasan_poison_object_data(struct kmem_cache *cache,
193 void *object)
194 {
195 if (kasan_enabled())
196 __kasan_poison_object_data(cache, object);
197 }
198
199 void * __must_check __kasan_init_slab_obj(struct kmem_cache *cache,
200 const void *object);
kasan_init_slab_obj(struct kmem_cache * cache,const void * object)201 static __always_inline void * __must_check kasan_init_slab_obj(
202 struct kmem_cache *cache, const void *object)
203 {
204 if (kasan_enabled())
205 return __kasan_init_slab_obj(cache, object);
206 return (void *)object;
207 }
208
209 bool __kasan_slab_free(struct kmem_cache *s, void *object,
210 unsigned long ip, bool init);
kasan_slab_free(struct kmem_cache * s,void * object,bool init)211 static __always_inline bool kasan_slab_free(struct kmem_cache *s,
212 void *object, bool init)
213 {
214 if (kasan_enabled())
215 return __kasan_slab_free(s, object, _RET_IP_, init);
216 return false;
217 }
218
219 void __kasan_kfree_large(void *ptr, unsigned long ip);
kasan_kfree_large(void * ptr)220 static __always_inline void kasan_kfree_large(void *ptr)
221 {
222 if (kasan_enabled())
223 __kasan_kfree_large(ptr, _RET_IP_);
224 }
225
226 void __kasan_slab_free_mempool(void *ptr, unsigned long ip);
kasan_slab_free_mempool(void * ptr)227 static __always_inline void kasan_slab_free_mempool(void *ptr)
228 {
229 if (kasan_enabled())
230 __kasan_slab_free_mempool(ptr, _RET_IP_);
231 }
232
233 void * __must_check __kasan_slab_alloc(struct kmem_cache *s,
234 void *object, gfp_t flags, bool init);
kasan_slab_alloc(struct kmem_cache * s,void * object,gfp_t flags,bool init)235 static __always_inline void * __must_check kasan_slab_alloc(
236 struct kmem_cache *s, void *object, gfp_t flags, bool init)
237 {
238 if (kasan_enabled())
239 return __kasan_slab_alloc(s, object, flags, init);
240 return object;
241 }
242
243 void * __must_check __kasan_kmalloc(struct kmem_cache *s, const void *object,
244 size_t size, gfp_t flags);
kasan_kmalloc(struct kmem_cache * s,const void * object,size_t size,gfp_t flags)245 static __always_inline void * __must_check kasan_kmalloc(struct kmem_cache *s,
246 const void *object, size_t size, gfp_t flags)
247 {
248 if (kasan_enabled())
249 return __kasan_kmalloc(s, object, size, flags);
250 return (void *)object;
251 }
252
253 void * __must_check __kasan_kmalloc_large(const void *ptr,
254 size_t size, gfp_t flags);
kasan_kmalloc_large(const void * ptr,size_t size,gfp_t flags)255 static __always_inline void * __must_check kasan_kmalloc_large(const void *ptr,
256 size_t size, gfp_t flags)
257 {
258 if (kasan_enabled())
259 return __kasan_kmalloc_large(ptr, size, flags);
260 return (void *)ptr;
261 }
262
263 void * __must_check __kasan_krealloc(const void *object,
264 size_t new_size, gfp_t flags);
kasan_krealloc(const void * object,size_t new_size,gfp_t flags)265 static __always_inline void * __must_check kasan_krealloc(const void *object,
266 size_t new_size, gfp_t flags)
267 {
268 if (kasan_enabled())
269 return __kasan_krealloc(object, new_size, flags);
270 return (void *)object;
271 }
272
273 /*
274 * Unlike kasan_check_read/write(), kasan_check_byte() is performed even for
275 * the hardware tag-based mode that doesn't rely on compiler instrumentation.
276 */
277 bool __kasan_check_byte(const void *addr, unsigned long ip);
kasan_check_byte(const void * addr)278 static __always_inline bool kasan_check_byte(const void *addr)
279 {
280 if (kasan_enabled())
281 return __kasan_check_byte(addr, _RET_IP_);
282 return true;
283 }
284
285
286 bool kasan_save_enable_multi_shot(void);
287 void kasan_restore_multi_shot(bool enabled);
288
289 #else /* CONFIG_KASAN */
290
kasan_never_merge(void)291 static inline slab_flags_t kasan_never_merge(void)
292 {
293 return 0;
294 }
kasan_unpoison_range(const void * address,size_t size)295 static inline void kasan_unpoison_range(const void *address, size_t size) {}
kasan_poison_pages(struct page * page,unsigned int order,bool init)296 static inline void kasan_poison_pages(struct page *page, unsigned int order,
297 bool init) {}
kasan_unpoison_pages(struct page * page,unsigned int order,bool init)298 static inline void kasan_unpoison_pages(struct page *page, unsigned int order,
299 bool init) {}
kasan_cache_create(struct kmem_cache * cache,unsigned int * size,slab_flags_t * flags)300 static inline void kasan_cache_create(struct kmem_cache *cache,
301 unsigned int *size,
302 slab_flags_t *flags) {}
kasan_cache_create_kmalloc(struct kmem_cache * cache)303 static inline void kasan_cache_create_kmalloc(struct kmem_cache *cache) {}
kasan_metadata_size(struct kmem_cache * cache)304 static inline size_t kasan_metadata_size(struct kmem_cache *cache) { return 0; }
kasan_poison_slab(struct page * page)305 static inline void kasan_poison_slab(struct page *page) {}
kasan_unpoison_object_data(struct kmem_cache * cache,void * object)306 static inline void kasan_unpoison_object_data(struct kmem_cache *cache,
307 void *object) {}
kasan_poison_object_data(struct kmem_cache * cache,void * object)308 static inline void kasan_poison_object_data(struct kmem_cache *cache,
309 void *object) {}
kasan_init_slab_obj(struct kmem_cache * cache,const void * object)310 static inline void *kasan_init_slab_obj(struct kmem_cache *cache,
311 const void *object)
312 {
313 return (void *)object;
314 }
kasan_slab_free(struct kmem_cache * s,void * object,bool init)315 static inline bool kasan_slab_free(struct kmem_cache *s, void *object, bool init)
316 {
317 return false;
318 }
kasan_kfree_large(void * ptr)319 static inline void kasan_kfree_large(void *ptr) {}
kasan_slab_free_mempool(void * ptr)320 static inline void kasan_slab_free_mempool(void *ptr) {}
kasan_slab_alloc(struct kmem_cache * s,void * object,gfp_t flags,bool init)321 static inline void *kasan_slab_alloc(struct kmem_cache *s, void *object,
322 gfp_t flags, bool init)
323 {
324 return object;
325 }
kasan_kmalloc(struct kmem_cache * s,const void * object,size_t size,gfp_t flags)326 static inline void *kasan_kmalloc(struct kmem_cache *s, const void *object,
327 size_t size, gfp_t flags)
328 {
329 return (void *)object;
330 }
kasan_kmalloc_large(const void * ptr,size_t size,gfp_t flags)331 static inline void *kasan_kmalloc_large(const void *ptr, size_t size, gfp_t flags)
332 {
333 return (void *)ptr;
334 }
kasan_krealloc(const void * object,size_t new_size,gfp_t flags)335 static inline void *kasan_krealloc(const void *object, size_t new_size,
336 gfp_t flags)
337 {
338 return (void *)object;
339 }
kasan_check_byte(const void * address)340 static inline bool kasan_check_byte(const void *address)
341 {
342 return true;
343 }
344
345 #endif /* CONFIG_KASAN */
346
347 #if defined(CONFIG_KASAN) && defined(CONFIG_KASAN_STACK)
348 void kasan_unpoison_task_stack(struct task_struct *task);
349 #else
kasan_unpoison_task_stack(struct task_struct * task)350 static inline void kasan_unpoison_task_stack(struct task_struct *task) {}
351 #endif
352
353 #ifdef CONFIG_KASAN_GENERIC
354
355 void kasan_cache_shrink(struct kmem_cache *cache);
356 void kasan_cache_shutdown(struct kmem_cache *cache);
357 void kasan_record_aux_stack(void *ptr);
358
359 #else /* CONFIG_KASAN_GENERIC */
360
kasan_cache_shrink(struct kmem_cache * cache)361 static inline void kasan_cache_shrink(struct kmem_cache *cache) {}
kasan_cache_shutdown(struct kmem_cache * cache)362 static inline void kasan_cache_shutdown(struct kmem_cache *cache) {}
kasan_record_aux_stack(void * ptr)363 static inline void kasan_record_aux_stack(void *ptr) {}
364
365 #endif /* CONFIG_KASAN_GENERIC */
366
367 #if defined(CONFIG_KASAN_SW_TAGS) || defined(CONFIG_KASAN_HW_TAGS)
368
kasan_reset_tag(const void * addr)369 static inline void *kasan_reset_tag(const void *addr)
370 {
371 return (void *)arch_kasan_reset_tag(addr);
372 }
373
374 /**
375 * kasan_report - print a report about a bad memory access detected by KASAN
376 * @addr: address of the bad access
377 * @size: size of the bad access
378 * @is_write: whether the bad access is a write or a read
379 * @ip: instruction pointer for the accessibility check or the bad access itself
380 */
381 bool kasan_report(unsigned long addr, size_t size,
382 bool is_write, unsigned long ip);
383
384 #else /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS */
385
kasan_reset_tag(const void * addr)386 static inline void *kasan_reset_tag(const void *addr)
387 {
388 return (void *)addr;
389 }
390
391 #endif /* CONFIG_KASAN_SW_TAGS || CONFIG_KASAN_HW_TAGS*/
392
393 #ifdef CONFIG_KASAN_HW_TAGS
394
395 void kasan_report_async(void);
396
397 #endif /* CONFIG_KASAN_HW_TAGS */
398
399 #ifdef CONFIG_KASAN_SW_TAGS
400 void __init kasan_init_sw_tags(void);
401 #else
kasan_init_sw_tags(void)402 static inline void kasan_init_sw_tags(void) { }
403 #endif
404
405 #ifdef CONFIG_KASAN_HW_TAGS
406 void kasan_init_hw_tags_cpu(void);
407 void __init kasan_init_hw_tags(void);
408 #else
kasan_init_hw_tags_cpu(void)409 static inline void kasan_init_hw_tags_cpu(void) { }
kasan_init_hw_tags(void)410 static inline void kasan_init_hw_tags(void) { }
411 #endif
412
413 #ifdef CONFIG_KASAN_VMALLOC
414
415 int kasan_populate_vmalloc(unsigned long addr, unsigned long size);
416 void kasan_poison_vmalloc(const void *start, unsigned long size);
417 void kasan_unpoison_vmalloc(const void *start, unsigned long size);
418 void kasan_release_vmalloc(unsigned long start, unsigned long end,
419 unsigned long free_region_start,
420 unsigned long free_region_end);
421
422 #else /* CONFIG_KASAN_VMALLOC */
423
kasan_populate_vmalloc(unsigned long start,unsigned long size)424 static inline int kasan_populate_vmalloc(unsigned long start,
425 unsigned long size)
426 {
427 return 0;
428 }
429
kasan_poison_vmalloc(const void * start,unsigned long size)430 static inline void kasan_poison_vmalloc(const void *start, unsigned long size)
431 { }
kasan_unpoison_vmalloc(const void * start,unsigned long size)432 static inline void kasan_unpoison_vmalloc(const void *start, unsigned long size)
433 { }
kasan_release_vmalloc(unsigned long start,unsigned long end,unsigned long free_region_start,unsigned long free_region_end)434 static inline void kasan_release_vmalloc(unsigned long start,
435 unsigned long end,
436 unsigned long free_region_start,
437 unsigned long free_region_end) {}
438
439 #endif /* CONFIG_KASAN_VMALLOC */
440
441 #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \
442 !defined(CONFIG_KASAN_VMALLOC)
443
444 /*
445 * These functions provide a special case to support backing module
446 * allocations with real shadow memory. With KASAN vmalloc, the special
447 * case is unnecessary, as the work is handled in the generic case.
448 */
449 int kasan_module_alloc(void *addr, size_t size);
450 void kasan_free_shadow(const struct vm_struct *vm);
451
452 #else /* (CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS) && !CONFIG_KASAN_VMALLOC */
453
kasan_module_alloc(void * addr,size_t size)454 static inline int kasan_module_alloc(void *addr, size_t size) { return 0; }
kasan_free_shadow(const struct vm_struct * vm)455 static inline void kasan_free_shadow(const struct vm_struct *vm) {}
456
457 #endif /* (CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS) && !CONFIG_KASAN_VMALLOC */
458
459 #ifdef CONFIG_KASAN_INLINE
460 void kasan_non_canonical_hook(unsigned long addr);
461 #else /* CONFIG_KASAN_INLINE */
kasan_non_canonical_hook(unsigned long addr)462 static inline void kasan_non_canonical_hook(unsigned long addr) { }
463 #endif /* CONFIG_KASAN_INLINE */
464
465 #endif /* LINUX_KASAN_H */
466