1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * KMSAN API for subsystems.
4 *
5 * Copyright (C) 2017-2022 Google LLC
6 * Author: Alexander Potapenko <glider@google.com>
7 *
8 */
9#ifndef _LINUX_KMSAN_H
10#define _LINUX_KMSAN_H
11
12#include <linux/dma-direction.h>
13#include <linux/gfp.h>
14#include <linux/kmsan-checks.h>
15#include <linux/types.h>
16
17struct page;
18struct kmem_cache;
19struct task_struct;
20struct scatterlist;
21struct urb;
22
23#ifdef CONFIG_KMSAN
24
25/**
26 * kmsan_task_create() - Initialize KMSAN state for the task.
27 * @task: task to initialize.
28 */
29void kmsan_task_create(struct task_struct *task);
30
31/**
32 * kmsan_task_exit() - Notify KMSAN that a task has exited.
33 * @task: task about to finish.
34 */
35void kmsan_task_exit(struct task_struct *task);
36
37/**
38 * kmsan_init_shadow() - Initialize KMSAN shadow at boot time.
39 *
40 * Allocate and initialize KMSAN metadata for early allocations.
41 */
42void __init kmsan_init_shadow(void);
43
44/**
45 * kmsan_init_runtime() - Initialize KMSAN state and enable KMSAN.
46 */
47void __init kmsan_init_runtime(void);
48
49/**
50 * kmsan_memblock_free_pages() - handle freeing of memblock pages.
51 * @page: struct page to free.
52 * @order: order of @page.
53 *
54 * Freed pages are either returned to buddy allocator or held back to be used
55 * as metadata pages.
56 */
57bool __init __must_check kmsan_memblock_free_pages(struct page *page,
58 unsigned int order);
59
60/**
61 * kmsan_alloc_page() - Notify KMSAN about an alloc_pages() call.
62 * @page: struct page pointer returned by alloc_pages().
63 * @order: order of allocated struct page.
64 * @flags: GFP flags used by alloc_pages()
65 *
66 * KMSAN marks 1<<@order pages starting at @page as uninitialized, unless
67 * @flags contain __GFP_ZERO.
68 */
69void kmsan_alloc_page(struct page *page, unsigned int order, gfp_t flags);
70
71/**
72 * kmsan_free_page() - Notify KMSAN about a free_pages() call.
73 * @page: struct page pointer passed to free_pages().
74 * @order: order of deallocated struct page.
75 *
76 * KMSAN marks freed memory as uninitialized.
77 */
78void kmsan_free_page(struct page *page, unsigned int order);
79
80/**
81 * kmsan_copy_page_meta() - Copy KMSAN metadata between two pages.
82 * @dst: destination page.
83 * @src: source page.
84 *
85 * KMSAN copies the contents of metadata pages for @src into the metadata pages
86 * for @dst. If @dst has no associated metadata pages, nothing happens.
87 * If @src has no associated metadata pages, @dst metadata pages are unpoisoned.
88 */
89void kmsan_copy_page_meta(struct page *dst, struct page *src);
90
91/**
92 * kmsan_slab_alloc() - Notify KMSAN about a slab allocation.
93 * @s: slab cache the object belongs to.
94 * @object: object pointer.
95 * @flags: GFP flags passed to the allocator.
96 *
97 * Depending on cache flags and GFP flags, KMSAN sets up the metadata of the
98 * newly created object, marking it as initialized or uninitialized.
99 */
100void kmsan_slab_alloc(struct kmem_cache *s, void *object, gfp_t flags);
101
102/**
103 * kmsan_slab_free() - Notify KMSAN about a slab deallocation.
104 * @s: slab cache the object belongs to.
105 * @object: object pointer.
106 *
107 * KMSAN marks the freed object as uninitialized.
108 */
109void kmsan_slab_free(struct kmem_cache *s, void *object);
110
111/**
112 * kmsan_kmalloc_large() - Notify KMSAN about a large slab allocation.
113 * @ptr: object pointer.
114 * @size: object size.
115 * @flags: GFP flags passed to the allocator.
116 *
117 * Similar to kmsan_slab_alloc(), but for large allocations.
118 */
119void kmsan_kmalloc_large(const void *ptr, size_t size, gfp_t flags);
120
121/**
122 * kmsan_kfree_large() - Notify KMSAN about a large slab deallocation.
123 * @ptr: object pointer.
124 *
125 * Similar to kmsan_slab_free(), but for large allocations.
126 */
127void kmsan_kfree_large(const void *ptr);
128
129/**
130 * kmsan_map_kernel_range_noflush() - Notify KMSAN about a vmap.
131 * @start: start of vmapped range.
132 * @end: end of vmapped range.
133 * @prot: page protection flags used for vmap.
134 * @pages: array of pages.
135 * @page_shift: page_shift passed to vmap_range_noflush().
136 *
137 * KMSAN maps shadow and origin pages of @pages into contiguous ranges in
138 * vmalloc metadata address range. Returns 0 on success, callers must check
139 * for non-zero return value.
140 */
141int __must_check kmsan_vmap_pages_range_noflush(unsigned long start,
142 unsigned long end,
143 pgprot_t prot,
144 struct page **pages,
145 unsigned int page_shift);
146
147/**
148 * kmsan_vunmap_kernel_range_noflush() - Notify KMSAN about a vunmap.
149 * @start: start of vunmapped range.
150 * @end: end of vunmapped range.
151 *
152 * KMSAN unmaps the contiguous metadata ranges created by
153 * kmsan_map_kernel_range_noflush().
154 */
155void kmsan_vunmap_range_noflush(unsigned long start, unsigned long end);
156
157/**
158 * kmsan_ioremap_page_range() - Notify KMSAN about a ioremap_page_range() call.
159 * @addr: range start.
160 * @end: range end.
161 * @phys_addr: physical range start.
162 * @prot: page protection flags used for ioremap_page_range().
163 * @page_shift: page_shift argument passed to vmap_range_noflush().
164 *
165 * KMSAN creates new metadata pages for the physical pages mapped into the
166 * virtual memory. Returns 0 on success, callers must check for non-zero return
167 * value.
168 */
169int __must_check kmsan_ioremap_page_range(unsigned long addr, unsigned long end,
170 phys_addr_t phys_addr, pgprot_t prot,
171 unsigned int page_shift);
172
173/**
174 * kmsan_iounmap_page_range() - Notify KMSAN about a iounmap_page_range() call.
175 * @start: range start.
176 * @end: range end.
177 *
178 * KMSAN unmaps the metadata pages for the given range and, unlike for
179 * vunmap_page_range(), also deallocates them.
180 */
181void kmsan_iounmap_page_range(unsigned long start, unsigned long end);
182
183/**
184 * kmsan_handle_dma() - Handle a DMA data transfer.
185 * @phys: physical address of the buffer.
186 * @size: buffer size.
187 * @dir: one of possible dma_data_direction values.
188 *
189 * Depending on @direction, KMSAN:
190 * * checks the buffer, if it is copied to device;
191 * * initializes the buffer, if it is copied from device;
192 * * does both, if this is a DMA_BIDIRECTIONAL transfer.
193 */
194void kmsan_handle_dma(phys_addr_t phys, size_t size,
195 enum dma_data_direction dir);
196
197/**
198 * kmsan_handle_dma_sg() - Handle a DMA transfer using scatterlist.
199 * @sg: scatterlist holding DMA buffers.
200 * @nents: number of scatterlist entries.
201 * @dir: one of possible dma_data_direction values.
202 *
203 * Depending on @direction, KMSAN:
204 * * checks the buffers in the scatterlist, if they are copied to device;
205 * * initializes the buffers, if they are copied from device;
206 * * does both, if this is a DMA_BIDIRECTIONAL transfer.
207 */
208void kmsan_handle_dma_sg(struct scatterlist *sg, int nents,
209 enum dma_data_direction dir);
210
211/**
212 * kmsan_handle_urb() - Handle a USB data transfer.
213 * @urb: struct urb pointer.
214 * @is_out: data transfer direction (true means output to hardware).
215 *
216 * If @is_out is true, KMSAN checks the transfer buffer of @urb. Otherwise,
217 * KMSAN initializes the transfer buffer.
218 */
219void kmsan_handle_urb(const struct urb *urb, bool is_out);
220
221/**
222 * kmsan_unpoison_entry_regs() - Handle pt_regs in low-level entry code.
223 * @regs: struct pt_regs pointer received from assembly code.
224 *
225 * KMSAN unpoisons the contents of the passed pt_regs, preventing potential
226 * false positive reports. Unlike kmsan_unpoison_memory(),
227 * kmsan_unpoison_entry_regs() can be called from the regions where
228 * kmsan_in_runtime() returns true, which is the case in early entry code.
229 */
230void kmsan_unpoison_entry_regs(const struct pt_regs *regs);
231
232/**
233 * kmsan_get_metadata() - Return a pointer to KMSAN shadow or origins.
234 * @addr: kernel address.
235 * @is_origin: whether to return origins or shadow.
236 *
237 * Return NULL if metadata cannot be found.
238 */
239void *kmsan_get_metadata(void *addr, bool is_origin);
240
241/**
242 * kmsan_enable_current(): Enable KMSAN for the current task.
243 *
244 * Each kmsan_enable_current() current call must be preceded by a
245 * kmsan_disable_current() call. These call pairs may be nested.
246 */
247void kmsan_enable_current(void);
248
249/**
250 * kmsan_disable_current(): Disable KMSAN for the current task.
251 *
252 * Each kmsan_disable_current() current call must be followed by a
253 * kmsan_enable_current() call. These call pairs may be nested.
254 */
255void kmsan_disable_current(void);
256
257/**
258 * memset_no_sanitize_memory(): Fill memory without KMSAN instrumentation.
259 * @s: address of kernel memory to fill.
260 * @c: constant byte to fill the memory with.
261 * @n: number of bytes to fill.
262 *
263 * This is like memset(), but without KMSAN instrumentation.
264 */
265static inline void *memset_no_sanitize_memory(void *s, int c, size_t n)
266{
267 return __memset(s, c, n);
268}
269
270extern bool kmsan_enabled;
271extern int panic_on_kmsan;
272
273/*
274 * KMSAN performs a lot of consistency checks that are currently enabled by
275 * default. BUG_ON is normally discouraged in the kernel, unless used for
276 * debugging, but KMSAN itself is a debugging tool, so it makes little sense to
277 * recover if something goes wrong.
278 */
279#define KMSAN_WARN_ON(cond) \
280 ({ \
281 const bool __cond = WARN_ON(cond); \
282 if (unlikely(__cond)) { \
283 WRITE_ONCE(kmsan_enabled, false); \
284 if (panic_on_kmsan) { \
285 /* Can't call panic() here because */ \
286 /* of uaccess checks. */ \
287 BUG(); \
288 } \
289 } \
290 __cond; \
291 })
292
293#else
294
295static inline void kmsan_init_shadow(void)
296{
297}
298
299static inline void kmsan_init_runtime(void)
300{
301}
302
303static inline bool __must_check kmsan_memblock_free_pages(struct page *page,
304 unsigned int order)
305{
306 return true;
307}
308
309static inline void kmsan_task_create(struct task_struct *task)
310{
311}
312
313static inline void kmsan_task_exit(struct task_struct *task)
314{
315}
316
317static inline void kmsan_alloc_page(struct page *page, unsigned int order,
318 gfp_t flags)
319{
320}
321
322static inline void kmsan_free_page(struct page *page, unsigned int order)
323{
324}
325
326static inline void kmsan_copy_page_meta(struct page *dst, struct page *src)
327{
328}
329
330static inline void kmsan_slab_alloc(struct kmem_cache *s, void *object,
331 gfp_t flags)
332{
333}
334
335static inline void kmsan_slab_free(struct kmem_cache *s, void *object)
336{
337}
338
339static inline void kmsan_kmalloc_large(const void *ptr, size_t size,
340 gfp_t flags)
341{
342}
343
344static inline void kmsan_kfree_large(const void *ptr)
345{
346}
347
348static inline int __must_check kmsan_vmap_pages_range_noflush(
349 unsigned long start, unsigned long end, pgprot_t prot,
350 struct page **pages, unsigned int page_shift)
351{
352 return 0;
353}
354
355static inline void kmsan_vunmap_range_noflush(unsigned long start,
356 unsigned long end)
357{
358}
359
360static inline int __must_check kmsan_ioremap_page_range(unsigned long start,
361 unsigned long end,
362 phys_addr_t phys_addr,
363 pgprot_t prot,
364 unsigned int page_shift)
365{
366 return 0;
367}
368
369static inline void kmsan_iounmap_page_range(unsigned long start,
370 unsigned long end)
371{
372}
373
374static inline void kmsan_handle_dma(phys_addr_t phys, size_t size,
375 enum dma_data_direction dir)
376{
377}
378
379static inline void kmsan_handle_dma_sg(struct scatterlist *sg, int nents,
380 enum dma_data_direction dir)
381{
382}
383
384static inline void kmsan_handle_urb(const struct urb *urb, bool is_out)
385{
386}
387
388static inline void kmsan_unpoison_entry_regs(const struct pt_regs *regs)
389{
390}
391
392static inline void kmsan_enable_current(void)
393{
394}
395
396static inline void kmsan_disable_current(void)
397{
398}
399
400static inline void *memset_no_sanitize_memory(void *s, int c, size_t n)
401{
402 return memset(s, c, n);
403}
404
405#define KMSAN_WARN_ON WARN_ON
406
407#endif
408
409#endif /* _LINUX_KMSAN_H */
410