Касан на основе MTE на Android Pixel 8 не работает ⇐ Android

[Anonymous]

Я работаю над устройством Pixel 8 с помощью Calyxos. Uname -a: Linux localhost 5.15.137-android14-11-gbc062a78e195-ab12057991 #1 SMP Preempt Mon Jul 8 12:34:46 UTC 2024 Aarch64 Toybox. Функция присутствует unser /proc/cpuinfo).
Я пытаюсь включить его в ядро. Ячейка памяти с использованием неправильно отмеченного указателя.
Я заметил, что я получаю отчет о KASAN в DMESG, но: < /p>

• Я получаю его только , как только < /strong>, то есть, если я повторный модуль моего ядра, который приносит одинаковую ошибку доступа, я снова не получал отчет. производится (и во всех других пробегах после этого). Я хочу, чтобы доступ поднял исключение и раздавление (то есть я хочу, чтобы он работал в режиме MTE-Sync).

Как я могу внести эти изменения?
Согласно https://source.android.com/docs/securit ... figuration, sybecurity/test/memory-safety/mte-configuration. /> Код несоответствия следующим: < /p>

Код: Выделить всё

static long __nocfi tester_ioctl(struct file* file, unsigned int cmd, unsigned long arg) {
int err = 13056;
unsigned long flags = 0;
raw_local_irq_save(flags);
for(int i = 0; i < 20; ++i) {
module_err("Loaded with errorcode: %d", err);
module_err("measurement code at: %px", measurement_code);
if(0 
Отчет, который я получаю: < /p>

[10708.040449] testing_trace: Loaded with errorcode: 13056
[10708.040451] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040477] ==================================================================
[10708.040485] BUG: KASAN: invalid-access in tester_ioctl+0x134/0x18c [testing_trace]
[10708.040501] Write at addr f5ffffe4dae450a0 by task executor_userla/8710
[10708.040506] Pointer tag: [f5], memory tag: [f7]
[10708.040510]
[10708.040517] CPU: 5 PID: 8710 Comm: executor_userla Tainted: G S  B   W  OE     5.15.137-android14-11-gbc062a78e195-ab12057991 #1
[10708.040524] Hardware name: ZUMA SHIBA MP based on ZUMA (DT)
[10708.040528] Call trace:
[10708.040532] dump_backtrace+0xf8/0x1e8
[10708.040565] dump_stack_lvl+0x74/0xa4
[10708.040594] print_report+0x344/0x958
[10708.040624] kasan_report+0x90/0xe4
[10708.040631] __do_kernel_fault+0xc4/0x2ac
[10708.040642] do_bad_area+0x3c/0x154
[10708.040647] do_tag_check_fault+0x18/0x24
[10708.040651] do_mem_abort+0x60/0x134
[10708.040656] el1_abort+0x38/0x54
[10708.040687] el1h_64_sync_handler+0x58/0x9c
[10708.040693] el1h_64_sync+0x78/0x7c
[10708.040700] tester_ioctl+0x134/0x18c [testing_trace]
[10708.040707] __arm64_sys_ioctl+0x178/0x1f8
[10708.040733] invoke_syscall+0x58/0x138
[10708.040746] el0_svc_common+0xb0/0xe8
[10708.040752] do_el0_svc+0x20/0x7c
[10708.040756] el0_svc+0x28/0x9c
[10708.040764] el0t_64_sync_handler+0x7c/0xe4
[10708.040770] el0t_64_sync+0x1b4/0x1b8
[10708.040774]
[10708.040777] The buggy address belongs to the variable:
[10708.040781] sandbox+0x0/0xffffffffffff5f60 [testing_trace]
[10708.040789]
[10708.040811] The buggy address belongs to the virtual mapping at
[f8ffffe4dae36000, f8ffffe4dae69000) created by:
load_module+0x130c/0x18fc
[10708.040836]
[10708.040842] The buggy address belongs to the physical page:
[10708.040847] page:0000000086eff88f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90a04b
[10708.040855] flags: 0x41c0000000000000(zone=1|kasantag=0x7)
[10708.040864] raw: 41c0000000000000 0000000000000000 dead000000000122 0000000000000000
[10708.040870] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[10708.040873] page dumped because: kasan: bad access detected
[10708.040878]
[10708.040881] Memory state around the buggy address:
[10708.040888] ffffffe4dae44e00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[10708.040892] ffffffe4dae44f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[10708.040896] >ffffffe4dae45000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f7 f6 f6 f6 f6 f6
[10708.040899] ^
[10708.040905] ffffffe4dae45100: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
[10708.040909] ffffffe4dae45200: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6
[10708.040928] ==================================================================
[10708.040934] testing_trace: Loaded with errorcode: 13056
[10708.040935] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040939] testing_trace: Loaded with errorcode: 13056
[10708.040943] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040946] testing_trace: Loaded with errorcode: 13056
[10708.040950] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040953] testing_trace: Loaded with errorcode: 13056
[10708.040957] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040960] testing_trace: Loaded with errorcode: 13056
[10708.040963] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040967] testing_trace: Loaded with errorcode: 13056
[10708.040970] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040974] testing_trace: Loaded with errorcode: 13056
[10708.040977] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040980] testing_trace: Loaded with errorcode: 13056
[10708.040984] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040987] testing_trace: Loaded with errorcode: 13056
[10708.040990] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.040994] testing_trace: Loaded with errorcode: 13056
[10708.040997] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041001] testing_trace: Loaded with errorcode: 13056
[10708.041004] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041008] testing_trace: Loaded with errorcode: 13056
[10708.041011] testing_trace: measurement code at:  ffffffe4dae3d0a0
[10708.041015] testing_trace: Loaded with errorcode: 13056
[10708.041018] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041021] testing_trace: Loaded with errorcode: 13056
[10708.041025] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041028] testing_trace: Loaded with errorcode: 13056
[10708.041031] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041035] testing_trace: Loaded with errorcode: 13056
[10708.041038] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041042] testing_trace: Loaded with errorcode: 13056
[10708.041045] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041049] testing_trace: Loaded with errorcode: 13056
[10708.041052] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041056] testing_trace: Loaded with errorcode: 13056
[10708.041059] testing_trace: measurement code at: ffffffe4dae3d0a0
[10708.041101] testing_trace: finished
< /code>
< /blockquote>
Командная строка ядра: < /p>
shiba:/data/local/tmp # cat /proc/cmdline

console=ttynull stack_depot_disable=on cgroup_disable=pressure kasan.page_alloc.sample=10 kasan.stacktrace=off bootconfig ioremap_guard kvm-arm.mode=protected root=/dev/ram0 rw clocksource=arch_sys_counter clk_ignore_unused loop.max_part=7 loop.hw_queue_depth=31 coherent_pool=4M firmware_class.path=/vendor/firmware irqaffinity=0 swiotlb=noforce sysrq_always_enabled no_console_suspend softlockup_panic=1 kasan_multi_shot kvm-arm.protected_modules=exynos-pd,pkvm_s2mpu-v9 exynos_drm.load_sequential=1 g2d.load_sequential=1 samsung_iommu_v9.load_sequential=1 swiotlb=noforce disable_dma32=on printk.devkmsg=on cma_sysfs.experimental=Y cgroup_disable=memory rcupdate.rcu_expedited=1 rcu_nocbs=all swiotlb=1024 cgroup.memory=nokmem sysctl.kernel.sched_pelt_multiplier=4 kasan=off at24.write_timeout=100 log_buf_len=1024K bootconfig console=null exynos_drm.panel_name=google-bigsurf.04a050 tcpci_max77759.conf_sbu=0 kasan=on ufs_pixel_fips140.fips_first_lba=151942 ufs_pixel_fips140.fips_last_lba=152453 ufs_pixel_fips140.fips_lu=0 id_aa64mmfr1.vh=0  bootconfig

Спасибо!

Подробнее здесь: https://stackoverflow.com/questions/796 ... s-not-work