Module Name: src
Committed By: maxv
Date: Sun Apr 7 09:20:04 UTC 2019
Modified Files:
src/sys/kern: kern_malloc.c subr_asan.c subr_kmem.c subr_pool.c
src/sys/sys: asan.h
src/sys/uvm: uvm_glue.c
Log Message:
Provide a code argument in kasan_mark(), and give a code to each caller.
Five codes used: GenericRedZone, MallocRedZone, KmemRedZone, PoolRedZone,
and PoolUseAfterFree.
This can greatly help debugging complex memory corruptions.
To generate a diff of this commit:
cvs rdiff -u -r1.156 -r1.157 src/sys/kern/kern_malloc.c
cvs rdiff -u -r1.5 -r1.6 src/sys/kern/subr_asan.c
cvs rdiff -u -r1.74 -r1.75 src/sys/kern/subr_kmem.c
cvs rdiff -u -r1.247 -r1.248 src/sys/kern/subr_pool.c
cvs rdiff -u -r1.9 -r1.10 src/sys/sys/asan.h
cvs rdiff -u -r1.166 -r1.167 src/sys/uvm/uvm_glue.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/kern/kern_malloc.c
diff -u src/sys/kern/kern_malloc.c:1.156 src/sys/kern/kern_malloc.c:1.157
--- src/sys/kern/kern_malloc.c:1.156 Thu Mar 7 18:32:10 2019
+++ src/sys/kern/kern_malloc.c Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $ */
+/* $NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $ */
/*
* Copyright (c) 1987, 1991, 1993
@@ -70,7 +70,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $");
#include <sys/param.h>
#include <sys/malloc.h>
@@ -139,7 +139,7 @@ kern_malloc(unsigned long reqsize, int f
#endif
mh++;
- kasan_mark(mh, origsize, size);
+ kasan_mark(mh, origsize, size, KASAN_MALLOC_REDZONE);
return mh;
}
@@ -153,7 +153,7 @@ kern_free(void *addr)
mh--;
kasan_mark(addr, mh->mh_size - sizeof(struct malloc_header),
- mh->mh_size - sizeof(struct malloc_header));
+ mh->mh_size - sizeof(struct malloc_header), KASAN_MALLOC_REDZONE);
if (mh->mh_size >= PAGE_SIZE + sizeof(struct malloc_header))
kmem_intr_free((char *)addr - PAGE_SIZE,
Index: src/sys/kern/subr_asan.c
diff -u src/sys/kern/subr_asan.c:1.5 src/sys/kern/subr_asan.c:1.6
--- src/sys/kern/subr_asan.c:1.5 Sun Feb 24 10:44:41 2019
+++ src/sys/kern/subr_asan.c Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $ */
+/* $NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -51,17 +51,6 @@ __KERNEL_RCSID(0, "$NetBSD: subr_asan.c,
/* The MD code. */
#include <machine/asan.h>
-/* Our redzone values. */
-#define KASAN_MEMORY_FREED 0xFA
-#define KASAN_MEMORY_REDZONE 0xFB
-
-/* Stack redzone values. Part of the compiler ABI. */
-#define KASAN_STACK_LEFT 0xF1
-#define KASAN_STACK_MID 0xF2
-#define KASAN_STACK_RIGHT 0xF3
-#define KASAN_STACK_PARTIAL 0xF4
-#define KASAN_USE_AFTER_SCOPE 0xF8
-
/* ASAN ABI version. */
#if defined(__clang__) && (__clang_major__ - 0 >= 6)
#define ASAN_ABI_VERSION 8
@@ -167,10 +156,16 @@ static inline const char *
kasan_code_name(uint8_t code)
{
switch (code) {
- case KASAN_MEMORY_FREED:
- return "UseAfterFree";
- case KASAN_MEMORY_REDZONE:
- return "RedZone";
+ case KASAN_GENERIC_REDZONE:
+ return "GenericRedZone";
+ case KASAN_MALLOC_REDZONE:
+ return "MallocRedZone";
+ case KASAN_KMEM_REDZONE:
+ return "KmemRedZone";
+ case KASAN_POOL_REDZONE:
+ return "PoolRedZone";
+ case KASAN_POOL_FREED:
+ return "PoolUseAfterFree";
case 1 ... 7:
return "RedZonePartial";
case KASAN_STACK_LEFT:
@@ -217,7 +212,7 @@ kasan_shadow_Nbyte_markvalid(const void
}
static __always_inline void
-kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t val)
+kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t code)
{
void *shad;
@@ -232,7 +227,7 @@ kasan_shadow_Nbyte_fill(const void *addr
shad = (void *)kasan_md_addr_to_shad(addr);
size = size >> KASAN_SHADOW_SCALE_SHIFT;
- __builtin_memset(shad, val, size);
+ __builtin_memset(shad, code, size);
}
void
@@ -243,13 +238,13 @@ kasan_add_redzone(size_t *size)
}
static void
-kasan_markmem(const void *addr, size_t size, bool valid)
+kasan_markmem(const void *addr, size_t size, bool valid, uint8_t code)
{
KASSERT((vaddr_t)addr % KASAN_SHADOW_SCALE_SIZE == 0);
if (valid) {
kasan_shadow_Nbyte_markvalid(addr, size);
} else {
- kasan_shadow_Nbyte_fill(addr, size, KASAN_MEMORY_REDZONE);
+ kasan_shadow_Nbyte_fill(addr, size, code);
}
}
@@ -265,16 +260,16 @@ kasan_softint(struct lwp *l)
* In an area of size 'sz_with_redz', mark the 'size' first bytes as valid,
* and the rest as invalid. There are generally two use cases:
*
- * o kasan_mark(addr, origsize, size), with origsize < size. This marks the
- * redzone at the end of the buffer as invalid.
+ * o kasan_mark(addr, origsize, size, code), with origsize < size. This marks
+ * the redzone at the end of the buffer as invalid.
*
- * o kasan_mark(addr, size, size). This marks the entire buffer as valid.
+ * o kasan_mark(addr, size, size, 0). This marks the entire buffer as valid.
*/
void
-kasan_mark(const void *addr, size_t size, size_t sz_with_redz)
+kasan_mark(const void *addr, size_t size, size_t sz_with_redz, uint8_t code)
{
- kasan_markmem(addr, sz_with_redz, false);
- kasan_markmem(addr, size, true);
+ kasan_markmem(addr, sz_with_redz, false, code);
+ kasan_markmem(addr, size, true, code);
}
/* -------------------------------------------------------------------------- */
@@ -496,7 +491,7 @@ __asan_register_globals(struct __asan_gl
for (i = 0; i < n; i++) {
kasan_mark(globals[i].beg, globals[i].size,
- globals[i].size_with_redzone);
+ globals[i].size_with_redzone, KASAN_GENERIC_REDZONE);
}
}
Index: src/sys/kern/subr_kmem.c
diff -u src/sys/kern/subr_kmem.c:1.74 src/sys/kern/subr_kmem.c:1.75
--- src/sys/kern/subr_kmem.c:1.74 Tue Mar 26 20:05:18 2019
+++ src/sys/kern/subr_kmem.c Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $ */
+/* $NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $ */
/*-
* Copyright (c) 2009-2015 The NetBSD Foundation, Inc.
@@ -92,7 +92,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_kmem.h"
@@ -271,7 +271,7 @@ kmem_intr_alloc(size_t requested_size, k
FREECHECK_OUT(&kmem_freecheck, p);
kmem_size_set(p, requested_size);
p += SIZE_SIZE;
- kasan_mark(p, origsize, size);
+ kasan_mark(p, origsize, size, KASAN_KMEM_REDZONE);
return p;
}
return p;
@@ -331,7 +331,7 @@ kmem_intr_free(void *p, size_t requested
return;
}
- kasan_mark(p, size, size);
+ kasan_mark(p, size, size, 0);
p = (uint8_t *)p - SIZE_SIZE;
kmem_size_check(p, requested_size);
Index: src/sys/kern/subr_pool.c
diff -u src/sys/kern/subr_pool.c:1.247 src/sys/kern/subr_pool.c:1.248
--- src/sys/kern/subr_pool.c:1.247 Sun Apr 7 08:37:38 2019
+++ src/sys/kern/subr_pool.c Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $ */
+/* $NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $ */
/*
* Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008, 2010, 2014, 2015, 2018
@@ -33,7 +33,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $");
#ifdef _KERNEL_OPT
#include "opt_ddb.h"
@@ -357,7 +357,7 @@ pr_item_linkedlist_put(const struct pool
* Mark the pool_item as valid. The rest is already
* invalid.
*/
- kasan_mark(pi, sizeof(*pi), sizeof(*pi));
+ kasan_mark(pi, sizeof(*pi), sizeof(*pi), 0);
}
LIST_INSERT_HEAD(&ph->ph_itemlist, pi, pi_list);
@@ -2785,7 +2785,7 @@ pool_allocator_free(struct pool *pp, voi
struct pool_allocator *pa = pp->pr_alloc;
if (pp->pr_redzone) {
- kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz);
+ kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz, 0);
}
(*pa->pa_free)(pp, v);
}
@@ -2920,7 +2920,8 @@ pool_redzone_fill(struct pool *pp, void
if (!pp->pr_redzone)
return;
#ifdef KASAN
- kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone);
+ kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone,
+ KASAN_POOL_REDZONE);
#else
uint8_t *cp, pat;
const uint8_t *ep;
@@ -2949,7 +2950,7 @@ pool_redzone_check(struct pool *pp, void
if (!pp->pr_redzone)
return;
#ifdef KASAN
- kasan_mark(p, 0, pp->pr_reqsize_with_redzone);
+ kasan_mark(p, 0, pp->pr_reqsize_with_redzone, KASAN_POOL_FREED);
#else
uint8_t *cp, pat, expected;
const uint8_t *ep;
Index: src/sys/sys/asan.h
diff -u src/sys/sys/asan.h:1.9 src/sys/sys/asan.h:1.10
--- src/sys/sys/asan.h:1.9 Sun Dec 23 12:15:01 2018
+++ src/sys/sys/asan.h Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: asan.h,v 1.9 2018/12/23 12:15:01 maxv Exp $ */
+/* $NetBSD: asan.h,v 1.10 2019/04/07 09:20:04 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -38,6 +38,20 @@
#include <sys/types.h>
+/* Stack redzone values. Part of the compiler ABI. */
+#define KASAN_STACK_LEFT 0xF1
+#define KASAN_STACK_MID 0xF2
+#define KASAN_STACK_RIGHT 0xF3
+#define KASAN_STACK_PARTIAL 0xF4
+#define KASAN_USE_AFTER_SCOPE 0xF8
+
+/* Our redzone values. */
+#define KASAN_GENERIC_REDZONE 0xFA
+#define KASAN_MALLOC_REDZONE 0xFB
+#define KASAN_KMEM_REDZONE 0xFC
+#define KASAN_POOL_REDZONE 0xFD
+#define KASAN_POOL_FREED 0xFE
+
#ifdef KASAN
void kasan_shadow_map(void *, size_t);
void kasan_early_init(void *);
@@ -45,10 +59,10 @@ void kasan_init(void);
void kasan_softint(struct lwp *);
void kasan_add_redzone(size_t *);
-void kasan_mark(const void *, size_t, size_t);
+void kasan_mark(const void *, size_t, size_t, uint8_t);
#else
#define kasan_add_redzone(s) __nothing
-#define kasan_mark(p, s, l) __nothing
+#define kasan_mark(p, s, l, c) __nothing
#endif
#endif /* !_SYS_ASAN_H_ */
Index: src/sys/uvm/uvm_glue.c
diff -u src/sys/uvm/uvm_glue.c:1.166 src/sys/uvm/uvm_glue.c:1.167
--- src/sys/uvm/uvm_glue.c:1.166 Sun Dec 23 12:15:01 2018
+++ src/sys/uvm/uvm_glue.c Sun Apr 7 09:20:04 2019
@@ -1,4 +1,4 @@
-/* $NetBSD: uvm_glue.c,v 1.166 2018/12/23 12:15:01 maxv Exp $ */
+/* $NetBSD: uvm_glue.c,v 1.167 2019/04/07 09:20:04 maxv Exp $ */
/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uvm_glue.c,v 1.166 2018/12/23 12:15:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uvm_glue.c,v 1.167 2019/04/07 09:20:04 maxv Exp $");
#include "opt_kgdb.h"
#include "opt_kstack.h"
@@ -384,7 +384,7 @@ void
uvm_uarea_free(vaddr_t uaddr)
{
- kasan_mark((void *)uaddr, USPACE, USPACE);
+ kasan_mark((void *)uaddr, USPACE, USPACE, 0);
pool_cache_put(uvm_uarea_cache, (void *)uaddr);
}
@@ -392,7 +392,7 @@ void
uvm_uarea_system_free(vaddr_t uaddr)
{
- kasan_mark((void *)uaddr, USPACE, USPACE);
+ kasan_mark((void *)uaddr, USPACE, USPACE, 0);
pool_cache_put(uvm_uarea_system_cache, (void *)uaddr);
}
