diff options
| author | Jerome Forissier <jerome@forissier.org> | 2019-09-04 17:17:56 +0200 |
|---|---|---|
| committer | Jérôme Forissier <jerome@forissier.org> | 2019-09-05 15:15:02 +0200 |
| commit | 02b0fca7cb0cf91e16dd67adf276f18cf1d809e8 (patch) | |
| tree | 54a4d97821565c00e2543c86e3db4056367cc627 | |
| parent | 1df107b638d40df984dec3da92b5078bfe80242a (diff) | |
libutils: bget_malloc.c: copy statistics using memcpy_unckecked()
When CFG_CORE_SANITIZE_KADDRESS=y, most OP-TEE files are built with
address sanitizer flags except bget_malloc.c. As a result, the memcpy()
function in memcpy.c is instrumented, whereas the malloc context
structure (malloc_ctx) in bget_malloc.c is not. This causes the
following panic:
$ xtest --stats --alloc
E/TC:0 0 Panic at core/kernel/asan.c:189 <check_access>
E/TC:0 0 Call stack:
E/TC:0 0 0x0e125c3d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:450
E/TC:0 0 0x0e13fcfb __do_panic at optee_os/core/kernel/panic.c:32 (discriminator 1)
E/TC:0 0 0x0e13e099 check_access at optee_os/core/kernel/asan.c:187 (discriminator 2)
E/TC:0 0 0x0e13e10f check_load at optee_os/core/kernel/asan.c:199
E/TC:0 0 0x0e13e187 __asan_load4_noabort at optee_os/core/kernel/asan.c:231
E/TC:0 0 0x0e185d15 memcpy at optee_os/lib/libutils/isoc/newlib/memcpy.c:112
E/TC:0 0 0x0e184a3f gen_malloc_get_stats at optee_os/lib/libutils/isoc/bget_malloc.c:234
[...]
Introduce memcpy_unchecked() (which evaluates to asan_memcpy_unchecked()
when ASAN is enabled and memcpy() otherwise) to fix the issue.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
| -rw-r--r-- | lib/libutils/isoc/bget_malloc.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/libutils/isoc/bget_malloc.c b/lib/libutils/isoc/bget_malloc.c index 0200ffca..0aa0cae1 100644 --- a/lib/libutils/isoc/bget_malloc.c +++ b/lib/libutils/isoc/bget_malloc.c @@ -108,6 +108,12 @@ static void *memset_unchecked(void *s, int c, size_t n) return asan_memset_unchecked(s, c, n); } +static __maybe_unused void *memcpy_unchecked(void *dst, const void *src, + size_t n) +{ + return asan_memcpy_unchecked(dst, src, n); +} + #else /*__KERNEL__*/ /* Compiling for TA */ @@ -124,6 +130,12 @@ static void *memset_unchecked(void *s, int c, size_t n) return memset(s, c, n); } +static __maybe_unused void *memcpy_unchecked(void *dst, const void *src, + size_t n) +{ + return memcpy(dst, src, n); +} + #endif /*__KERNEL__*/ #include "bget.c" /* this is ugly, but this is bget */ @@ -230,7 +242,7 @@ static void gen_malloc_get_stats(struct malloc_ctx *ctx, { uint32_t exceptions = malloc_lock(ctx); - memcpy(stats, &ctx->mstats, sizeof(*stats)); + memcpy_unchecked(stats, &ctx->mstats, sizeof(*stats)); stats->allocated = ctx->poolset.totalloc; malloc_unlock(ctx, exceptions); } |