[PATCH] x86/boot: provide KASAN compatible aliases for string routines

[PATCH] x86/boot: provide KASAN compatible aliases for string routines

[Ard Biesheuvel]

The KASAN subsystem wraps calls to memcpy(), memset() and memmove()
to sanitize the arguments before invoking the actual routines, which
have been renamed to __memcpy(), __memset() and __memmove(),
respectively. When CONFIG_KASAN is enabled for the kernel build but
KASAN code generation is disabled for the compilation unit (which is
needed for things like the EFI stub or the decompressor), the string
routines are just #define'd to their __ prefixed names so that they
are simply invoked directly.

This does however rely on those __ prefixed names to exist in the
symbol namespace, which is not currently the case for the x86
decompressor, which may lead to errors like

  drivers/firmware/efi/libstub/tpm.o: In function `efi_retrieve_tpm2_eventlog':
  tpm.c:(.text+0x2a8): undefined reference to `__memcpy'

So let's expose the __ prefixed symbols in the decompressor when
KASAN is enabled.

Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Matthew Garrett <matthewgarrett@google.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/x86/boot/compressed/string.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/x86/boot/compressed/string.c b/arch/x86/boot/compressed/string.c
index 19dbbcdd1a53..81fc1eaa3229 100644
--- a/arch/x86/boot/compressed/string.c
+++ b/arch/x86/boot/compressed/string.c
@@ -11,7 +11,7 @@
 #include "../string.c"
 
 #ifdef CONFIG_X86_32
-static void *__memcpy(void *dest, const void *src, size_t n)
+static void *____memcpy(void *dest, const void *src, size_t n)
 {
 	int d0, d1, d2;
 	asm volatile(
@@ -25,7 +25,7 @@ static void *__memcpy(void *dest, const void *src, size_t n)
 	return dest;
 }
 #else
-static void *__memcpy(void *dest, const void *src, size_t n)
+static void *____memcpy(void *dest, const void *src, size_t n)
 {
 	long d0, d1, d2;
 	asm volatile(
@@ -56,7 +56,7 @@ void *memmove(void *dest, const void *src, size_t n)
 	const unsigned char *s = src;
 
 	if (d <= s || d - s >= n)
-		return __memcpy(dest, src, n);
+		return ____memcpy(dest, src, n);
 
 	while (n-- > 0)
 		d[n] = s[n];
@@ -71,5 +71,11 @@ void *memcpy(void *dest, const void *src, size_t n)
 		warn("Avoiding potentially unsafe overlapping memcpy()!");
 		return memmove(dest, src, n);
 	}
-	return __memcpy(dest, src, n);
+	return ____memcpy(dest, src, n);
 }
+
+#ifdef CONFIG_KASAN
+extern void *__memset(void *s, int c, size_t n) __alias(memset);
+extern void *__memmove(void *dest, const void *src, size_t n) __alias(memmove);
+extern void *__memcpy(void *dest, const void *src, size_t n) __alias(memcpy);
+#endif
-- 
2.20.1

Re: [PATCH] x86/boot: provide KASAN compatible aliases for string routines

[Jarkko Sakkinen]

On Sat, May 18, 2019 at 06:11:13PM +0200, Ard Biesheuvel wrote:
> The KASAN subsystem wraps calls to memcpy(), memset() and memmove()
> to sanitize the arguments before invoking the actual routines, which
> have been renamed to __memcpy(), __memset() and __memmove(),
> respectively. When CONFIG_KASAN is enabled for the kernel build but
> KASAN code generation is disabled for the compilation unit (which is
> needed for things like the EFI stub or the decompressor), the string
> routines are just #define'd to their __ prefixed names so that they
> are simply invoked directly.
> 
> This does however rely on those __ prefixed names to exist in the
> symbol namespace, which is not currently the case for the x86
> decompressor, which may lead to errors like
> 
>   drivers/firmware/efi/libstub/tpm.o: In function `efi_retrieve_tpm2_eventlog':
>   tpm.c:(.text+0x2a8): undefined reference to `__memcpy'
> 
> So let's expose the __ prefixed symbols in the decompressor when
> KASAN is enabled.
> 
> Cc: Andrey Konovalov <andreyknvl@google.com>
> Cc: Matthew Garrett <matthewgarrett@google.com>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko