Re: Compile KASAN kernel

15 Feb 2018

      site_archiver@lists.apple.com
Delivered-To: darwin-kernel@lists.apple.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=04042017; t=1518698233; bh=aUg8kk7Df0syatmwyGqN0WxOmeHbiHwfpjbDa1DRbSQ=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=QhBi3QpL1YoOYrmay1BnwDyhcguQ4/oZPSOzwAIzTLFuN6tE8jbY6S6NIUTVqy/G9 QIzMdHjxEtl4vcW13y10YgoyW4582ayznDtMVbeUKcZVl8liAS5TokLr5HeHSEt1Jj vEfnZiTOR7lyWBKcY27Gdxy1dSthHEo4h5LAlIwb+OhCgCrnvbHp3vYpeLnnzBpQWL U/1mg1fpQYNk9Oy0kz4KZNAP2ceSRRd3LtUk4IbcF+/nf2CTl/22qaZZJ6YN98GQAP UiRrS7IpNKoqeC9abcazFaTGJZDbnhLhZAD494MAMUodBQvB9MQGBcuSsrg7DACaFl HElA3s38BSV/w==

Dear Aaron,

I could not get a KASAN build of xnu-4570.1.46 to boot on a VMWare Fusion VM or
a real machine. I have set my boot arguments to "-v debug=0x100 kcsuffix=kasan
keepsyms=1";
in both cases, I see no log in the console, and the kernel seems to hang. Here
is a backtrace
I have obtained from a VM:

(lldb) bt
* thread #1, stop reason = signal SIGTRAP
  * frame #0: 0xffffff8002a5ef51 kernel.kasan`vstart_trap_handler_14 + 1
    frame #1: 0xffffff8002a4213b kernel.kasan`cpuid_fn(selector=0,
result=0xffffff8002118d90) at cpuid.c:236
    frame #2: 0xffffff8002a3f567
kernel.kasan`cpuid_set_generic_info(info_p=0xffffff8004dff000) at cpuid.c:490
    frame #3: 0xffffff8002a3f123 kernel.kasan`cpuid_set_info at cpuid.c:827
    frame #4: 0xffffff8002a41779 kernel.kasan`cpuid_info at cpuid.c:1041
    frame #5: 0xffffff8002a41ca9 kernel.kasan`cpuid_leaf7_features at
cpuid.c:1165
    frame #6: 0xffffff80029f4f99
kernel.kasan`intel_entropysource(buf=0xffffff8004c7f5c8,
nbytes=0xffffff8002118e70) at random.c:168
    frame #7: 0xffffff80029f4304
kernel.kasan`entropy_readall(buf=0xffffff8004c7f5b8, nbytes_persource=16) at
random.c:200
    frame #8: 0xffffff80029f40ee kernel.kasan`early_random at random.c:341
    frame #9: 0xffffff8002a53c07 kernel.kasan`physmap_init at i386_init.c:207
    frame #10: 0xffffff8002a53551 kernel.kasan`Idle_PTs_init at i386_init.c:306
    frame #11: 0xffffff8002a532c5
kernel.kasan`vstart(boot_args_start=0x000000000766a000) at i386_init.c:631

(I have modified master_boot_idt64 to have a separate vector per exception.)

I have then modified vstart to call pal_serial_init for KASAN builds as well,
hoping that I would get
some log over serial, however, I am getting the same exception:

(lldb) bt
* thread #1, stop reason = signal SIGTRAP
  * frame #0: 0xffffff801a05f1f4 kernel.kasan`vstart_trap_handler_14 + 4
    frame #1: 0xffffff801a05797d
kernel.kasan`ml_phys_write_data(paddr=4261634076, data=90, size=4) at
loose_ends.c:435
    frame #2: 0xffffff801a057ab0
kernel.kasan`ml_phys_write_word(paddr=0x00000000fe03601c, data=90) at
loose_ends.c:484
    frame #3: 0xffffff801bbe6860 kernel.kasan`mmio_uart_present at
pe_serial.c:234
    frame #4: 0xffffff801bbe665f kernel.kasan`mmio_uart_probe at pe_serial.c:261
    frame #5: 0xffffff801bbe6556 kernel.kasan`serial_init at pe_serial.c:383
    frame #6: 0xffffff801a033699 kernel.kasan`pal_serial_init at
pal_routines.c:77
    frame #7: 0xffffff801a053292
kernel.kasan`vstart(boot_args_start=0x000000001ec59000) at i386_init.c:597

Seemingly, I am getting a page fault, but I am not sure why it happens at this
stage. Unfortunately, I can debug only
the virtual machine, but I suspect the same happens on a real one.

I would be happy to hear what could be going wrong here. If needed, I can
provide any additional information.

Thank you in advance.
...
On 14 Feb 2018, at 23:08, Aaron Carroll <aaronc@apple.com> wrote:
...
On Feb 14, 2018, at 12:33, Andrew Zui <andrew.zui@outlook.com> wrote:
Hi,
I'm trying to pin down a memory corruption in my kext, and I found out that
the latest kernel supports KASAN. However, when trying to compile it I get
the following error:
make[7]: *** No rule to make target
`xnu-4570.41.2/san/kasan-blacklist-dynamic', needed by
`xnu-4570.41.2/BUILD/obj/KASAN_X86_64/san/KASAN/kasan_blacklist_dynamic.h'.
Stop.
I see that 'kasan_blacklist_dynamic.h' is generated via
'san/tools/generate_dynamic_blacklist.py', but for it to work the script has
to be pointed to 'kasan-blacklist-dynamic' file, which is missing.
Is there any workaround available? Or is this functionality only for
internal use?
This should do the trick:
$ echo '__kernel__:_ZN6OSKext8copyInfoEP7OSArray:memld'   >
san/kasan-blacklist-dynamic
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (Darwin-kernel@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-kernel/scandium%40me.com
This email sent to scandium@me.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (Darwin-kernel@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists....

This email sent to site_archiver@lists.apple.com

N

tags

participants (1)