#ifndef _KASAN_INTERNAL_H_
#define _KASAN_INTERNAL_H_
#include <stdbool.h>
#include <mach/mach_vm.h>
#include <kern/zalloc.h>
typedef uintptr_t uptr;
#define MiB(x) ((x) * 1024UL * 1024)
#define FAKESTACK 1
#define FAKESTACK_QUARANTINE (1 && FAKESTACK)
#define QUARANTINE_ENTRIES 5000
#define QUARANTINE_MAXSIZE MiB(10)
#ifdef __arm64__
# define STOLEN_MEM_PERCENT 13UL
# define STOLEN_MEM_BYTES MiB(40)
# define HW_PAGE_SIZE (ARM_PGBYTES)
# define HW_PAGE_MASK (ARM_PGMASK)
#else
# define STOLEN_MEM_PERCENT 25UL
# define STOLEN_MEM_BYTES 0
# define HW_PAGE_SIZE (PAGE_SIZE)
# define HW_PAGE_MASK (PAGE_MASK)
#endif
#define KASAN_ARGS_FAKESTACK 0x0010U
#define KASAN_ARGS_REPORTIGNORED 0x0020U
#define KASAN_ARGS_NODYCHECKS 0x0100U
#define KASAN_ARGS_NOPOISON_HEAP 0x0200U
#define KASAN_ARGS_NOPOISON_GLOBAL 0x0400U
#define KASAN_ARGS_CHECK_LEAKS 0x0800U
#define KASAN_UNINITIALIZED_HEAP 0xbe
#ifndef KASAN
# error KASAN undefined
#endif
#ifndef KASAN_OFFSET
# error KASAN_OFFSET undefined
#endif
#ifndef KASAN_SCALE
# error KASAN_SCALE undefined
#endif
#define KASAN_GRANULE (1UL << KASAN_SCALE)
#define KASAN_GRANULE_MASK (KASAN_GRANULE - 1UL)
static inline uintptr_t
kasan_granule_trunc(uintptr_t x)
{
return x & ~KASAN_GRANULE_MASK;
}
static inline uintptr_t
kasan_granule_round(uintptr_t x)
{
return (x + KASAN_GRANULE_MASK) & ~KASAN_GRANULE_MASK;
}
static inline size_t
kasan_granule_partial(uintptr_t x)
{
return x & KASAN_GRANULE_MASK;
}
#define ADDRESS_FOR_SHADOW(x) (((x) - KASAN_OFFSET) << KASAN_SCALE)
#define SHADOW_FOR_ADDRESS(x) (uint8_t *)(((x) >> KASAN_SCALE) + KASAN_OFFSET)
#if KASAN_DEBUG
# define NOINLINE OS_NOINLINE
#else
# define NOINLINE
#endif
#define ALWAYS_INLINE inline __attribute__((always_inline))
#define CLANG_MIN_VERSION(x) (defined(__apple_build_version__) && (__apple_build_version__ >= (x)))
#define BIT(x) (1U << (x))
enum __attribute__((flag_enum)) kasan_access_types {
TYPE_LOAD = BIT(0),
TYPE_STORE = BIT(1),
TYPE_MEMR = BIT(2),
TYPE_MEMW = BIT(3),
TYPE_STRR = BIT(4),
TYPE_STRW = BIT(5),
TYPE_KFREE = BIT(6),
TYPE_ZFREE = BIT(7),
TYPE_FSFREE = BIT(8),
TYPE_UAF = BIT(12),
TYPE_POISON_GLOBAL = BIT(13),
TYPE_POISON_HEAP = BIT(14),
TYPE_TEST = BIT(15),
TYPE_LEAK = BIT(16),
TYPE_MEM = TYPE_MEMR | TYPE_MEMW,
TYPE_STR = TYPE_STRR | TYPE_STRW,
TYPE_READ = TYPE_LOAD | TYPE_MEMR | TYPE_STRR,
TYPE_WRITE = TYPE_STORE | TYPE_MEMW | TYPE_STRW,
TYPE_RW = TYPE_READ | TYPE_WRITE,
TYPE_FREE = TYPE_KFREE | TYPE_ZFREE | TYPE_FSFREE,
TYPE_NORMAL = TYPE_RW | TYPE_FREE,
TYPE_DYNAMIC = TYPE_NORMAL | TYPE_UAF,
TYPE_POISON = TYPE_POISON_GLOBAL | TYPE_POISON_HEAP,
TYPE_ALL = ~0U,
};
enum kasan_violation_types {
REASON_POISONED = 0,
REASON_BAD_METADATA = 1,
REASON_INVALID_SIZE = 2,
REASON_MOD_AFTER_FREE = 3,
REASON_MOD_OOB = 4,
REASON_UNINITIALIZED = 5,
};
typedef enum kasan_access_types access_t;
typedef enum kasan_violation_types violation_t;
bool kasan_range_poisoned(vm_offset_t base, vm_size_t size, vm_offset_t *first_invalid);
void kasan_check_range(const void *x, size_t sz, access_t);
void kasan_test(int testno, int fail);
void kasan_handle_test(void);
void kasan_free_internal(void **addrp, vm_size_t *sizep, int type, zone_t *, vm_size_t user_size, int locked, bool doquarantine);
void kasan_poison(vm_offset_t base, vm_size_t size, vm_size_t leftrz, vm_size_t rightrz, uint8_t flags);
void kasan_lock(boolean_t *b);
void kasan_unlock(boolean_t b);
bool kasan_lock_held(thread_t thread);
void kasan_init_fakestack(void);
void kasan_init_dybl(void);
bool kasan_is_blacklisted(access_t);
void kasan_dybl_load_kext(uintptr_t addr, const char *kextname);
void kasan_dybl_unload_kext(uintptr_t addr);
void kasan_arch_init(void);
bool kasan_is_shadow_mapped(uintptr_t shadowp);
extern vm_address_t kernel_vbase;
extern vm_address_t kernel_vtop;
extern unsigned shadow_pages_used;
extern int fakestack_enabled;
struct asan_global_source_location {
const char *filename;
int line_no;
int column_no;
};
struct asan_global {
uptr addr;
uptr size;
uptr size_with_redzone;
const char *name;
const char *module;
uptr has_dynamic_init;
struct asan_global_source_location *location;
#if CLANG_MIN_VERSION(8020000)
uptr odr_indicator;
#endif
};
#if defined(__x86_64__)
# define _JBLEN ((9 * 2) + 3 + 16)
#elif defined(__arm64__)
# define _JBLEN ((14 + 8 + 2) * 2)
#else
# error "Unknown arch"
#endif
typedef int jmp_buf[_JBLEN];
void _longjmp(jmp_buf env, int val) OS_NORETURN;
int _setjmp(jmp_buf env) __attribute__((returns_twice));
#endif