Unlike Linux kernel which has a static shadow region layout, we have
multiple stages in coreboot and thus require a different shadow offset
address. Unfortunately, GCC currently only supports adding a static
shadow offset at compile time using -fasan-shadow-offset flag.
For this reason, we enable GCC to determine asan shadow offset address
at runtime using a callback function named __asan_shadow_offset().
This supersedes the need to specify this address at compile time. GCC
then makes use of this shadow offset to protect stack buffers by
inserting red zones around them.
Some other benefits of having this GCC patch are:
a. We can place the shadow region in a separate linker section with
all its advantages like automatic fit insurance. This ensures if
a platform doesn't have enough memory space to hold shadow region,
the build will fail. (However, if we use a fixed shadow offset on a
platform that actually doesn't have enough memory, it may still
build without any errors.)
b. We don't modify the memory layout compared to the current one, as
we are placing the shadow region at the end of the space already
occupied by the program.
c. We can be much more flexible later if needed (thinking of other
stages like bootblock).
d. Since we are appending the shadow buffer to the region already
occupied, we make efficient use of the limited memory available
which is highly beneficial when using cache as ram.
Further, we have made sure that if you compile you tree with ASan
enabled but missed this patch, it will end up in the following
compilation error:
"invalid --param name 'asan-use-shadow-offset-callback'"
So, you cannot accidentally enable the feature without having your
compiler patched.
Change-Id: I401631938532a406a6d41e77c6c9716b6b2bf48d
Signed-off-by: Harshit Sharma <harshitsharmajs@gmail.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/42794
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Werner Zeh <werner.zeh@siemens.com>
abuild - coreboot autobuild script builds coreboot images for all
available targets. bash
acpi - Walk through all ACPI tables with their addresses. bash
amdfwtool - Create AMD Firmware combination C
amdtools - A set of tools to compare extended) K8 memory
settings. Perl
archive - Concatenate files and create an archive C
autoport - Automated porting coreboot to Sandy Bridge/Ivy Bridge
platforms Go
bincfg - Compiler/Decompiler for data blobs with specs LexYacc
board_status - Tools to collect logs and upload them to the board
status repository BashGo
bucts - A tool to manipulate the BUC.TS bit on Intel targets. C
cavium - Devicetree_convert Tool to convert a DTB to a static C
file Python
cbfstool
cbfstool - For manipulating CBFS file C
fmaptool - Converts plaintext fmd files into fmap blobs C
rmodtool - Creates rmodules C
ifwitool - For manipulating IFWI C
cbmem - CBMEM parser to read e.g. timestamps and console log C
chromeos - These scripts can be used to access Chrome OS
resources, for example to extract System Agent reference code and other
blobs (e.g. mrc.bin, refcode, VGA option roms) from a Chrome OS
recovery image. C
crossgcc - A cross toolchain builder for -elf toolchains (ie. no
libc support)
docker - Dockerfiles for coreboot-sdk, coreboot-jenkins-node,
coreboot.org-status and docs.coreboot.org
dtd_parser - DTD structure parser Python2
ectool - Dumps the RAM of a laptop's Embedded/Environmental
Controller (EC). C
exynos - Computes and fills Exynos ROM checksum (for BL1 or BL2).
Python2
find_usbdebug - Help find USB debug ports
futility - Firmware utility for signing ChromeOS images Make
fuzz-tests - Create test cases that crash the jpeg code. C
genbuild_h - Generate build system definitions Shell
ifdtool - Extract and dump Intel Firmware Descriptor information
C
intelmetool - Dump interesting things about Management Engine
even if hidden C
inteltool - Provides information about the Intel CPU/chipset
hardware configuration (register contents, MSRs, etc). C
intelvbttool - Parse VBT from VGA BIOS C
ipqheader
createxbl.py - Concatentates XBL segments into one ELF
image Python
ipqheader.py - Returns a packed MBN header image with the
specified base and size Python
mbncat.py - Generate ipq8064 uber SBL Python
mbn_tools.py - Contains all MBN Utilities for image
generation Python
kbc1126 - Tools used to dump the two blobs from the factory
firmware of many HP laptops with 8051-based SMSC KBC1098/KBC1126
embedded controller and insert them to the firmware image. C
kconfig - Build system Make
lint - Source linter and linting rules Shell
marvell - Add U-Boot boot loader for Marvell ARMADA38X C
me_cleaner - Tool for
partial deblobbing of Intel ME/TXE firmware images Python
nvramtool - Reads and writes coreboot parameters and displaying
information from the coreboot table in CMOS/NVRAM. C
pgtblgen - Generates page tables based on fixed physical address.
C
pmh7tool - Dumps, reads and writes PMH7 registers on Lenovo
ThinkPads. PMH7 is used for switching on and off the power of some
devices on the board such as dGPU. C
post - Userspace utility that can be used to test POST cards. C
qualcomm - CMM script to debug Qualcomm coreboot environments.
CMM
release - Generate coreboot release Bash
riscv
make-spike-elf.sh - Converts a flat file into an ELF, that
can be passed to SPIKE, the RISC-V reference emulator.Bash
sifive-gpt.py - Wraps the bootblock in a GPT partition for
SiFive's bootrom. Python3
config - Manipulate options in a .config file from the
command line Bash
cross-repo-cherrypick - Pull in patches from another tree
from a gerrit repository. Shell
decode_spd.sh - Decodes Serial Presence Detect (SPD) files
into various human readable formats.
dts-to-fmd.sh -Converts a depthcharge fmap.dts into an
fmaptool compatible .fmd format Bash
find-unused-kconfig-symbols.sh - Points out Kconfig
variables that may be unused. There are some false positives, but it
serves as a starting point Shell
gerrit-rebase - Applies all commits that from-branch has
over to-branch, based on a common ancestor and gerrit meta-data Bash
get_maintainer.pl - Print selected MAINTAINERS information
for the files modified in a patch or for a file Perl
maintainers.go - Build subsystem Maintainers Go
no-fsf-addresses.sh - Removes various FSF addresses from
license headers Shell
parse-maintainers.pl - Script to alphabetize MAINTAINERS
file Perl
update_submodules - Check all submodules for updates Bash
showdevicetree - Compile and dump the device tree C
spdtool - Dumps SPD ROMs from a given blob to separate files
using known patterns and reserved bits. Useful for analysing firmware
that holds SPDs on boards that have soldered down DRAM. python
spkmodem_recv - Decode spkmodem signals C
superiotool - A user-space utility to detect Super I/O of a
mainboard and provide detailed information about the register contents
of the Super I/O. C
smcbiosinfo - Generates SMC biosinfo for BMC BIOS updates C
testing - coreboot test targets Make
uio_usbdebug - Debug coreboot's usbdebug driver inside a running
operating system (only Linux at this time). C
util_readme - Creates README.md of description files in ./util
subdirectories Bash
vboot_list - Tools to generate a list of vboot enabled devices to
the documentation Bash
vgabios - emulated vga driver for qemu C
x86 - Generates 32-bit PAE page tables based on a CSV input file.
Go