From 02b0fca7cb0cf91e16dd67adf276f18cf1d809e8 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome@forissier.org>
Date: Wed, 4 Sep 2019 17:17:56 +0200
Subject: libutils: bget_malloc.c: copy statistics using memcpy_unckecked()

When CFG_CORE_SANITIZE_KADDRESS=y, most OP-TEE files are built with
address sanitizer flags except bget_malloc.c. As a result, the memcpy()
function in memcpy.c is instrumented, whereas the malloc context
structure (malloc_ctx) in bget_malloc.c is not. This causes the
following panic:

 $ xtest --stats --alloc

 E/TC:0 0 Panic at core/kernel/asan.c:189 <check_access>
 E/TC:0 0 Call stack:
 E/TC:0 0  0x0e125c3d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:450
 E/TC:0 0  0x0e13fcfb __do_panic at optee_os/core/kernel/panic.c:32 (discriminator 1)
 E/TC:0 0  0x0e13e099 check_access at optee_os/core/kernel/asan.c:187 (discriminator 2)
 E/TC:0 0  0x0e13e10f check_load at optee_os/core/kernel/asan.c:199
 E/TC:0 0  0x0e13e187 __asan_load4_noabort at optee_os/core/kernel/asan.c:231
 E/TC:0 0  0x0e185d15 memcpy at optee_os/lib/libutils/isoc/newlib/memcpy.c:112
 E/TC:0 0  0x0e184a3f gen_malloc_get_stats at optee_os/lib/libutils/isoc/bget_malloc.c:234
 [...]

Introduce memcpy_unchecked() (which evaluates to asan_memcpy_unchecked()
when ASAN is enabled and memcpy() otherwise) to fix the issue.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
---
 lib/libutils/isoc/bget_malloc.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/lib/libutils/isoc/bget_malloc.c b/lib/libutils/isoc/bget_malloc.c
index 0200ffca..0aa0cae1 100644
--- a/lib/libutils/isoc/bget_malloc.c
+++ b/lib/libutils/isoc/bget_malloc.c
@@ -108,6 +108,12 @@ static void *memset_unchecked(void *s, int c, size_t n)
 	return asan_memset_unchecked(s, c, n);
 }
 
+static __maybe_unused void *memcpy_unchecked(void *dst, const void *src,
+					     size_t n)
+{
+	return asan_memcpy_unchecked(dst, src, n);
+}
+
 #else /*__KERNEL__*/
 /* Compiling for TA */
 
@@ -124,6 +130,12 @@ static void *memset_unchecked(void *s, int c, size_t n)
 	return memset(s, c, n);
 }
 
+static __maybe_unused void *memcpy_unchecked(void *dst, const void *src,
+					     size_t n)
+{
+	return memcpy(dst, src, n);
+}
+
 #endif /*__KERNEL__*/
 
 #include "bget.c"		/* this is ugly, but this is bget */
@@ -230,7 +242,7 @@ static void gen_malloc_get_stats(struct malloc_ctx *ctx,
 {
 	uint32_t exceptions = malloc_lock(ctx);
 
-	memcpy(stats, &ctx->mstats, sizeof(*stats));
+	memcpy_unchecked(stats, &ctx->mstats, sizeof(*stats));
 	stats->allocated = ctx->poolset.totalloc;
 	malloc_unlock(ctx, exceptions);
 }
-- 
cgit v1.2.3