kasan: use init value to avoid kasan used before bss clear

Signed-off-by: ligd <liguiding1@xiaomi.com>
2022-08-23 13:11:39 +08:00 · 2022-08-23 13:11:39 +08:00 · a1c9598fff
commit a1c9598fff
parent 46103e29c0
1 changed files with 11 additions and 2 deletions
--- a/mm/kasan/kasan.c
+++ b/mm/kasan/kasan.c
@ -50,6 +50,8 @@
 #define KASAN_REGION_SIZE(size) \
  (sizeof(struct kasan_region_s) + KASAN_SHADOW_SIZE(size))

+#define KASAN_INIT_VALUE            0xDEADCAFE
+
 /****************************************************************************
 * Private Types
 ****************************************************************************/
@ -68,6 +70,7 @@ struct kasan_region_s

 static sem_t g_lock = SEM_INITIALIZER(1);
 static FAR struct kasan_region_s *g_region;
+static uint32_t g_region_init;

 /****************************************************************************
 * Private Functions
@ -79,6 +82,11 @@ static FAR uintptr_t *kasan_mem_to_shadow(FAR const void *ptr, size_t size,
  FAR struct kasan_region_s *region;
  uintptr_t addr = (uintptr_t)ptr;

+  if (g_region_init != KASAN_INIT_VALUE)
+    {
+      return NULL;
+    }
+
  for (region = g_region; region != NULL; region = region->next)
    {
      if (addr >= region->begin && addr < region->end)
@ -192,8 +200,9 @@ void kasan_register(FAR void *addr, FAR size_t *size)
  region->end   = region->begin + *size;

  _SEM_WAIT(&g_lock);
-  region->next = g_region;
-  g_region     = region;
+  region->next  = g_region;
+  g_region      = region;
+  g_region_init = KASAN_INIT_VALUE;
  _SEM_POST(&g_lock);

  kasan_poison(addr, *size);