tools/testing/selftests/bpf/libarena/src/asan.bpf.c

Source file repositories/reference/linux-study-clean/tools/testing/selftests/bpf/libarena/src/asan.bpf.c

File Facts

System
Linux kernel
Corpus path
tools/testing/selftests/bpf/libarena/src/asan.bpf.c
Extension
.c
Size
16056 bytes
Lines
554
Domain
Support Tooling And Documentation
Bucket
tools
Inferred role
Support Tooling And Documentation: implementation source
Status
source implementation candidate

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

// SPDX-License-Identifier: LGPL-2.1 OR BSD-2-Clause
/* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */
#include <vmlinux.h>
#include <libarena/common.h>
#include <libarena/asan.h>


enum {
	/*
	 * Is the access checked by check_region_inline
	 * a read or a write?
	 */
	ASAN_READ		= 0x0U,
	ASAN_WRITE		= 0x1U,
};

/*
 * Address sanitizer (ASAN) for arena-based BPF programs, inspired
 * by KASAN.
 *
 * The API
 * -------
 *
 * The implementation includes two kinds of components: Implementation
 * of ASAN hooks injected by LLVM into the program, and API calls that
 * allocators use to mark memory as valid or invalid. The full list is:
 *
 * LLVM stubs:
 *
 * void __asan_{load, store}<size>(intptr_t addr)
 *	Checks whether an access is valid. All variations covered
 *	by check_region_inline().
 *
 * void __asan_{store, load}((intptr_t addr, ssize_t size)
 *
 * void __asan_report_{load, store}<size>(intptr_t addr)
 *	Report an access violation for the program. Used when LLVM
 *	uses direct code generation for shadow map checks.
 *
 * void *__asan_memcpy(void *d, const void *s, size_t n)
 * void *__asan_memmove(void *d, const void *s, size_t n)
 * void *__asan_memset(void *p, int c, size_t n)
 *	Hooks for ASAN instrumentation of the LLVM mem* builtins.
 *	Currently unimplemented just like the builtins themselves.
 *
 * API methods:
 *
 * asan_init()
 *	Initialize the ASAN map for the arena.
 *
 * asan_poison()
 *	Mark a region of memory as poisoned. Accessing poisoned memory
 *	causes asan_report() to fire. Invoked during free().
 *
 * asan_unpoison()
 *	Mark a region as unpoisoned after alloc().
 *
 * asan_shadow_set()
 *	Check a byte's validity directly.
 *
 * The Algorithm In Brief
 * ----------------------
 * Each group of 8 bytes is mapped to a "granule" in the shadow map. This
 * granule is the size of the byte and describes which bytes are valid.
 * Possible values are:
 *
 * 0: All bytes are valid. Makes checks in the middle of an allocated region
 * (most of them) fast.
 * (0, 7]: How many consecutive bytes are valid, starting from the lowest one.
 * The tradeoff is that we can't poison individual bytes in the middle of a
 * valid region.
 * [0x80, 0xff]: Special poison values, can be used to denote specific error
 * modes (e.g., recently freed vs uninitialized memory).
 *
 * The mapping between a memory location and its shadow is:
 * shadow_addr = shadow_base + (addr >> 3). We retain the 8:1 data:shadow
 * ratio of existing ASAN implementations as a compromise between tracking
 * granularity and space usage/scan overhead.
 */

#ifdef BPF_ARENA_ASAN

#pragma clang attribute push(__attribute__((no_sanitize("address"))), \
			     apply_to = function)

#define SHADOW_ALL_ZEROES ((u64)-1)

/*
 * Canary variable for ASAN violations. Set to the offending address.
 */

Annotation

Implementation Notes