Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys Provide a code argument in kasan_mark(), and give a code...



details:   https://anonhg.NetBSD.org/src/rev/50396ac6a3ea
branches:  trunk
changeset: 840473:50396ac6a3ea
user:      maxv <maxv%NetBSD.org@localhost>
date:      Sun Apr 07 09:20:04 2019 +0000

description:
Provide a code argument in kasan_mark(), and give a code to each caller.
Five codes used: GenericRedZone, MallocRedZone, KmemRedZone, PoolRedZone,
and PoolUseAfterFree.

This can greatly help debugging complex memory corruptions.

diffstat:

 sys/kern/kern_malloc.c |   8 +++---
 sys/kern/subr_asan.c   |  51 ++++++++++++++++++++++---------------------------
 sys/kern/subr_kmem.c   |   8 +++---
 sys/kern/subr_pool.c   |  13 ++++++-----
 sys/sys/asan.h         |  20 ++++++++++++++++--
 sys/uvm/uvm_glue.c     |   8 +++---
 6 files changed, 59 insertions(+), 49 deletions(-)

diffs (truncated from 329 to 300 lines):

diff -r c89e5f7838e3 -r 50396ac6a3ea sys/kern/kern_malloc.c
--- a/sys/kern/kern_malloc.c    Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/kern/kern_malloc.c    Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $   */
+/*     $NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $   */
 
 /*
  * Copyright (c) 1987, 1991, 1993
@@ -70,7 +70,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/malloc.h>
@@ -139,7 +139,7 @@
 #endif
        mh++;
 
-       kasan_mark(mh, origsize, size);
+       kasan_mark(mh, origsize, size, KASAN_MALLOC_REDZONE);
 
        return mh;
 }
@@ -153,7 +153,7 @@
        mh--;
 
        kasan_mark(addr, mh->mh_size - sizeof(struct malloc_header),
-           mh->mh_size - sizeof(struct malloc_header));
+           mh->mh_size - sizeof(struct malloc_header), KASAN_MALLOC_REDZONE);
 
        if (mh->mh_size >= PAGE_SIZE + sizeof(struct malloc_header))
                kmem_intr_free((char *)addr - PAGE_SIZE,
diff -r c89e5f7838e3 -r 50396ac6a3ea sys/kern/subr_asan.c
--- a/sys/kern/subr_asan.c      Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/kern/subr_asan.c      Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $       */
+/*     $NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $       */
 
 /*
  * Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/device.h>
@@ -51,17 +51,6 @@
 /* The MD code. */
 #include <machine/asan.h>
 
-/* Our redzone values. */
-#define KASAN_MEMORY_FREED     0xFA
-#define KASAN_MEMORY_REDZONE   0xFB
-
-/* Stack redzone values. Part of the compiler ABI. */
-#define KASAN_STACK_LEFT       0xF1
-#define KASAN_STACK_MID                0xF2
-#define KASAN_STACK_RIGHT      0xF3
-#define KASAN_STACK_PARTIAL    0xF4
-#define KASAN_USE_AFTER_SCOPE  0xF8
-
 /* ASAN ABI version. */
 #if defined(__clang__) && (__clang_major__ - 0 >= 6)
 #define ASAN_ABI_VERSION       8
@@ -167,10 +156,16 @@
 kasan_code_name(uint8_t code)
 {
        switch (code) {
-       case KASAN_MEMORY_FREED:
-               return "UseAfterFree";
-       case KASAN_MEMORY_REDZONE:
-               return "RedZone";
+       case KASAN_GENERIC_REDZONE:
+               return "GenericRedZone";
+       case KASAN_MALLOC_REDZONE:
+               return "MallocRedZone";
+       case KASAN_KMEM_REDZONE:
+               return "KmemRedZone";
+       case KASAN_POOL_REDZONE:
+               return "PoolRedZone";
+       case KASAN_POOL_FREED:
+               return "PoolUseAfterFree";
        case 1 ... 7:
                return "RedZonePartial";
        case KASAN_STACK_LEFT:
@@ -217,7 +212,7 @@
 }
 
 static __always_inline void
-kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t val)
+kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t code)
 {
        void *shad;
 
@@ -232,7 +227,7 @@
        shad = (void *)kasan_md_addr_to_shad(addr);
        size = size >> KASAN_SHADOW_SCALE_SHIFT;
 
-       __builtin_memset(shad, val, size);
+       __builtin_memset(shad, code, size);
 }
 
 void
@@ -243,13 +238,13 @@
 }
 
 static void
-kasan_markmem(const void *addr, size_t size, bool valid)
+kasan_markmem(const void *addr, size_t size, bool valid, uint8_t code)
 {
        KASSERT((vaddr_t)addr % KASAN_SHADOW_SCALE_SIZE == 0);
        if (valid) {
                kasan_shadow_Nbyte_markvalid(addr, size);
        } else {
-               kasan_shadow_Nbyte_fill(addr, size, KASAN_MEMORY_REDZONE);
+               kasan_shadow_Nbyte_fill(addr, size, code);
        }
 }
 
@@ -265,16 +260,16 @@
  * In an area of size 'sz_with_redz', mark the 'size' first bytes as valid,
  * and the rest as invalid. There are generally two use cases:
  *
- *  o kasan_mark(addr, origsize, size), with origsize < size. This marks the
- *    redzone at the end of the buffer as invalid.
+ *  o kasan_mark(addr, origsize, size, code), with origsize < size. This marks
+ *    the redzone at the end of the buffer as invalid.
  *
- *  o kasan_mark(addr, size, size). This marks the entire buffer as valid.
+ *  o kasan_mark(addr, size, size, 0). This marks the entire buffer as valid.
  */
 void
-kasan_mark(const void *addr, size_t size, size_t sz_with_redz)
+kasan_mark(const void *addr, size_t size, size_t sz_with_redz, uint8_t code)
 {
-       kasan_markmem(addr, sz_with_redz, false);
-       kasan_markmem(addr, size, true);
+       kasan_markmem(addr, sz_with_redz, false, code);
+       kasan_markmem(addr, size, true, code);
 }
 
 /* -------------------------------------------------------------------------- */
@@ -496,7 +491,7 @@
 
        for (i = 0; i < n; i++) {
                kasan_mark(globals[i].beg, globals[i].size,
-                   globals[i].size_with_redzone);
+                   globals[i].size_with_redzone, KASAN_GENERIC_REDZONE);
        }
 }
 
diff -r c89e5f7838e3 -r 50396ac6a3ea sys/kern/subr_kmem.c
--- a/sys/kern/subr_kmem.c      Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/kern/subr_kmem.c      Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $      */
+/*     $NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $      */
 
 /*-
  * Copyright (c) 2009-2015 The NetBSD Foundation, Inc.
@@ -92,7 +92,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_kmem.h"
@@ -271,7 +271,7 @@
                FREECHECK_OUT(&kmem_freecheck, p);
                kmem_size_set(p, requested_size);
                p += SIZE_SIZE;
-               kasan_mark(p, origsize, size);
+               kasan_mark(p, origsize, size, KASAN_KMEM_REDZONE);
                return p;
        }
        return p;
@@ -331,7 +331,7 @@
                return;
        }
 
-       kasan_mark(p, size, size);
+       kasan_mark(p, size, size, 0);
 
        p = (uint8_t *)p - SIZE_SIZE;
        kmem_size_check(p, requested_size);
diff -r c89e5f7838e3 -r 50396ac6a3ea sys/kern/subr_pool.c
--- a/sys/kern/subr_pool.c      Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/kern/subr_pool.c      Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $     */
+/*     $NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $     */
 
 /*
  * Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008, 2010, 2014, 2015, 2018
@@ -33,7 +33,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_ddb.h"
@@ -357,7 +357,7 @@
                 * Mark the pool_item as valid. The rest is already
                 * invalid.
                 */
-               kasan_mark(pi, sizeof(*pi), sizeof(*pi));
+               kasan_mark(pi, sizeof(*pi), sizeof(*pi), 0);
        }
 
        LIST_INSERT_HEAD(&ph->ph_itemlist, pi, pi_list);
@@ -2785,7 +2785,7 @@
        struct pool_allocator *pa = pp->pr_alloc;
 
        if (pp->pr_redzone) {
-               kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz);
+               kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz, 0);
        }
        (*pa->pa_free)(pp, v);
 }
@@ -2920,7 +2920,8 @@
        if (!pp->pr_redzone)
                return;
 #ifdef KASAN
-       kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone);
+       kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone,
+           KASAN_POOL_REDZONE);
 #else
        uint8_t *cp, pat;
        const uint8_t *ep;
@@ -2949,7 +2950,7 @@
        if (!pp->pr_redzone)
                return;
 #ifdef KASAN
-       kasan_mark(p, 0, pp->pr_reqsize_with_redzone);
+       kasan_mark(p, 0, pp->pr_reqsize_with_redzone, KASAN_POOL_FREED);
 #else
        uint8_t *cp, pat, expected;
        const uint8_t *ep;
diff -r c89e5f7838e3 -r 50396ac6a3ea sys/sys/asan.h
--- a/sys/sys/asan.h    Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/sys/asan.h    Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: asan.h,v 1.9 2018/12/23 12:15:01 maxv Exp $    */
+/*     $NetBSD: asan.h,v 1.10 2019/04/07 09:20:04 maxv Exp $   */
 
 /*
  * Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -38,6 +38,20 @@
 
 #include <sys/types.h>
 
+/* Stack redzone values. Part of the compiler ABI. */
+#define KASAN_STACK_LEFT       0xF1
+#define KASAN_STACK_MID                0xF2
+#define KASAN_STACK_RIGHT      0xF3
+#define KASAN_STACK_PARTIAL    0xF4
+#define KASAN_USE_AFTER_SCOPE  0xF8
+
+/* Our redzone values. */
+#define KASAN_GENERIC_REDZONE  0xFA
+#define KASAN_MALLOC_REDZONE   0xFB
+#define KASAN_KMEM_REDZONE     0xFC
+#define KASAN_POOL_REDZONE     0xFD
+#define KASAN_POOL_FREED       0xFE
+
 #ifdef KASAN
 void kasan_shadow_map(void *, size_t);
 void kasan_early_init(void *);
@@ -45,10 +59,10 @@
 void kasan_softint(struct lwp *);
 
 void kasan_add_redzone(size_t *);
-void kasan_mark(const void *, size_t, size_t);
+void kasan_mark(const void *, size_t, size_t, uint8_t);
 #else
 #define kasan_add_redzone(s)   __nothing
-#define kasan_mark(p, s, l)    __nothing
+#define kasan_mark(p, s, l, c) __nothing
 #endif
 
 #endif /* !_SYS_ASAN_H_ */
diff -r c89e5f7838e3 -r 50396ac6a3ea sys/uvm/uvm_glue.c
--- a/sys/uvm/uvm_glue.c        Sun Apr 07 08:37:38 2019 +0000
+++ b/sys/uvm/uvm_glue.c        Sun Apr 07 09:20:04 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: uvm_glue.c,v 1.166 2018/12/23 12:15:01 maxv Exp $      */
+/*     $NetBSD: uvm_glue.c,v 1.167 2019/04/07 09:20:04 maxv Exp $      */
 



Home | Main Index | Thread Index | Old Index