Module Name: src Committed By: maxv Date: Sun Apr 7 09:20:04 UTC 2019
Modified Files: src/sys/kern: kern_malloc.c subr_asan.c subr_kmem.c subr_pool.c src/sys/sys: asan.h src/sys/uvm: uvm_glue.c Log Message: Provide a code argument in kasan_mark(), and give a code to each caller. Five codes used: GenericRedZone, MallocRedZone, KmemRedZone, PoolRedZone, and PoolUseAfterFree. This can greatly help debugging complex memory corruptions. To generate a diff of this commit: cvs rdiff -u -r1.156 -r1.157 src/sys/kern/kern_malloc.c cvs rdiff -u -r1.5 -r1.6 src/sys/kern/subr_asan.c cvs rdiff -u -r1.74 -r1.75 src/sys/kern/subr_kmem.c cvs rdiff -u -r1.247 -r1.248 src/sys/kern/subr_pool.c cvs rdiff -u -r1.9 -r1.10 src/sys/sys/asan.h cvs rdiff -u -r1.166 -r1.167 src/sys/uvm/uvm_glue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/kern/kern_malloc.c diff -u src/sys/kern/kern_malloc.c:1.156 src/sys/kern/kern_malloc.c:1.157 --- src/sys/kern/kern_malloc.c:1.156 Thu Mar 7 18:32:10 2019 +++ src/sys/kern/kern_malloc.c Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $ */ +/* $NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $ */ /* * Copyright (c) 1987, 1991, 1993 @@ -70,7 +70,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.156 2019/03/07 18:32:10 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: kern_malloc.c,v 1.157 2019/04/07 09:20:04 maxv Exp $"); #include <sys/param.h> #include <sys/malloc.h> @@ -139,7 +139,7 @@ kern_malloc(unsigned long reqsize, int f #endif mh++; - kasan_mark(mh, origsize, size); + kasan_mark(mh, origsize, size, KASAN_MALLOC_REDZONE); return mh; } @@ -153,7 +153,7 @@ kern_free(void *addr) mh--; kasan_mark(addr, mh->mh_size - sizeof(struct malloc_header), - mh->mh_size - sizeof(struct malloc_header)); + mh->mh_size - sizeof(struct malloc_header), KASAN_MALLOC_REDZONE); if (mh->mh_size >= PAGE_SIZE + sizeof(struct malloc_header)) kmem_intr_free((char *)addr - PAGE_SIZE, Index: src/sys/kern/subr_asan.c diff -u src/sys/kern/subr_asan.c:1.5 src/sys/kern/subr_asan.c:1.6 --- src/sys/kern/subr_asan.c:1.5 Sun Feb 24 10:44:41 2019 +++ src/sys/kern/subr_asan.c Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $ */ +/* $NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $ */ /* * Copyright (c) 2018 The NetBSD Foundation, Inc. @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.5 2019/02/24 10:44:41 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.6 2019/04/07 09:20:04 maxv Exp $"); #include <sys/param.h> #include <sys/device.h> @@ -51,17 +51,6 @@ __KERNEL_RCSID(0, "$NetBSD: subr_asan.c, /* The MD code. */ #include <machine/asan.h> -/* Our redzone values. */ -#define KASAN_MEMORY_FREED 0xFA -#define KASAN_MEMORY_REDZONE 0xFB - -/* Stack redzone values. Part of the compiler ABI. */ -#define KASAN_STACK_LEFT 0xF1 -#define KASAN_STACK_MID 0xF2 -#define KASAN_STACK_RIGHT 0xF3 -#define KASAN_STACK_PARTIAL 0xF4 -#define KASAN_USE_AFTER_SCOPE 0xF8 - /* ASAN ABI version. */ #if defined(__clang__) && (__clang_major__ - 0 >= 6) #define ASAN_ABI_VERSION 8 @@ -167,10 +156,16 @@ static inline const char * kasan_code_name(uint8_t code) { switch (code) { - case KASAN_MEMORY_FREED: - return "UseAfterFree"; - case KASAN_MEMORY_REDZONE: - return "RedZone"; + case KASAN_GENERIC_REDZONE: + return "GenericRedZone"; + case KASAN_MALLOC_REDZONE: + return "MallocRedZone"; + case KASAN_KMEM_REDZONE: + return "KmemRedZone"; + case KASAN_POOL_REDZONE: + return "PoolRedZone"; + case KASAN_POOL_FREED: + return "PoolUseAfterFree"; case 1 ... 7: return "RedZonePartial"; case KASAN_STACK_LEFT: @@ -217,7 +212,7 @@ kasan_shadow_Nbyte_markvalid(const void } static __always_inline void -kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t val) +kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t code) { void *shad; @@ -232,7 +227,7 @@ kasan_shadow_Nbyte_fill(const void *addr shad = (void *)kasan_md_addr_to_shad(addr); size = size >> KASAN_SHADOW_SCALE_SHIFT; - __builtin_memset(shad, val, size); + __builtin_memset(shad, code, size); } void @@ -243,13 +238,13 @@ kasan_add_redzone(size_t *size) } static void -kasan_markmem(const void *addr, size_t size, bool valid) +kasan_markmem(const void *addr, size_t size, bool valid, uint8_t code) { KASSERT((vaddr_t)addr % KASAN_SHADOW_SCALE_SIZE == 0); if (valid) { kasan_shadow_Nbyte_markvalid(addr, size); } else { - kasan_shadow_Nbyte_fill(addr, size, KASAN_MEMORY_REDZONE); + kasan_shadow_Nbyte_fill(addr, size, code); } } @@ -265,16 +260,16 @@ kasan_softint(struct lwp *l) * In an area of size 'sz_with_redz', mark the 'size' first bytes as valid, * and the rest as invalid. There are generally two use cases: * - * o kasan_mark(addr, origsize, size), with origsize < size. This marks the - * redzone at the end of the buffer as invalid. + * o kasan_mark(addr, origsize, size, code), with origsize < size. This marks + * the redzone at the end of the buffer as invalid. * - * o kasan_mark(addr, size, size). This marks the entire buffer as valid. + * o kasan_mark(addr, size, size, 0). This marks the entire buffer as valid. */ void -kasan_mark(const void *addr, size_t size, size_t sz_with_redz) +kasan_mark(const void *addr, size_t size, size_t sz_with_redz, uint8_t code) { - kasan_markmem(addr, sz_with_redz, false); - kasan_markmem(addr, size, true); + kasan_markmem(addr, sz_with_redz, false, code); + kasan_markmem(addr, size, true, code); } /* -------------------------------------------------------------------------- */ @@ -496,7 +491,7 @@ __asan_register_globals(struct __asan_gl for (i = 0; i < n; i++) { kasan_mark(globals[i].beg, globals[i].size, - globals[i].size_with_redzone); + globals[i].size_with_redzone, KASAN_GENERIC_REDZONE); } } Index: src/sys/kern/subr_kmem.c diff -u src/sys/kern/subr_kmem.c:1.74 src/sys/kern/subr_kmem.c:1.75 --- src/sys/kern/subr_kmem.c:1.74 Tue Mar 26 20:05:18 2019 +++ src/sys/kern/subr_kmem.c Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $ */ +/* $NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $ */ /*- * Copyright (c) 2009-2015 The NetBSD Foundation, Inc. @@ -92,7 +92,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.74 2019/03/26 20:05:18 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.75 2019/04/07 09:20:04 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_kmem.h" @@ -271,7 +271,7 @@ kmem_intr_alloc(size_t requested_size, k FREECHECK_OUT(&kmem_freecheck, p); kmem_size_set(p, requested_size); p += SIZE_SIZE; - kasan_mark(p, origsize, size); + kasan_mark(p, origsize, size, KASAN_KMEM_REDZONE); return p; } return p; @@ -331,7 +331,7 @@ kmem_intr_free(void *p, size_t requested return; } - kasan_mark(p, size, size); + kasan_mark(p, size, size, 0); p = (uint8_t *)p - SIZE_SIZE; kmem_size_check(p, requested_size); Index: src/sys/kern/subr_pool.c diff -u src/sys/kern/subr_pool.c:1.247 src/sys/kern/subr_pool.c:1.248 --- src/sys/kern/subr_pool.c:1.247 Sun Apr 7 08:37:38 2019 +++ src/sys/kern/subr_pool.c Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $ */ +/* $NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $ */ /* * Copyright (c) 1997, 1999, 2000, 2002, 2007, 2008, 2010, 2014, 2015, 2018 @@ -33,7 +33,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.247 2019/04/07 08:37:38 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: subr_pool.c,v 1.248 2019/04/07 09:20:04 maxv Exp $"); #ifdef _KERNEL_OPT #include "opt_ddb.h" @@ -357,7 +357,7 @@ pr_item_linkedlist_put(const struct pool * Mark the pool_item as valid. The rest is already * invalid. */ - kasan_mark(pi, sizeof(*pi), sizeof(*pi)); + kasan_mark(pi, sizeof(*pi), sizeof(*pi), 0); } LIST_INSERT_HEAD(&ph->ph_itemlist, pi, pi_list); @@ -2785,7 +2785,7 @@ pool_allocator_free(struct pool *pp, voi struct pool_allocator *pa = pp->pr_alloc; if (pp->pr_redzone) { - kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz); + kasan_mark(v, pa->pa_pagesz, pa->pa_pagesz, 0); } (*pa->pa_free)(pp, v); } @@ -2920,7 +2920,8 @@ pool_redzone_fill(struct pool *pp, void if (!pp->pr_redzone) return; #ifdef KASAN - kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone); + kasan_mark(p, pp->pr_reqsize, pp->pr_reqsize_with_redzone, + KASAN_POOL_REDZONE); #else uint8_t *cp, pat; const uint8_t *ep; @@ -2949,7 +2950,7 @@ pool_redzone_check(struct pool *pp, void if (!pp->pr_redzone) return; #ifdef KASAN - kasan_mark(p, 0, pp->pr_reqsize_with_redzone); + kasan_mark(p, 0, pp->pr_reqsize_with_redzone, KASAN_POOL_FREED); #else uint8_t *cp, pat, expected; const uint8_t *ep; Index: src/sys/sys/asan.h diff -u src/sys/sys/asan.h:1.9 src/sys/sys/asan.h:1.10 --- src/sys/sys/asan.h:1.9 Sun Dec 23 12:15:01 2018 +++ src/sys/sys/asan.h Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: asan.h,v 1.9 2018/12/23 12:15:01 maxv Exp $ */ +/* $NetBSD: asan.h,v 1.10 2019/04/07 09:20:04 maxv Exp $ */ /* * Copyright (c) 2018 The NetBSD Foundation, Inc. @@ -38,6 +38,20 @@ #include <sys/types.h> +/* Stack redzone values. Part of the compiler ABI. */ +#define KASAN_STACK_LEFT 0xF1 +#define KASAN_STACK_MID 0xF2 +#define KASAN_STACK_RIGHT 0xF3 +#define KASAN_STACK_PARTIAL 0xF4 +#define KASAN_USE_AFTER_SCOPE 0xF8 + +/* Our redzone values. */ +#define KASAN_GENERIC_REDZONE 0xFA +#define KASAN_MALLOC_REDZONE 0xFB +#define KASAN_KMEM_REDZONE 0xFC +#define KASAN_POOL_REDZONE 0xFD +#define KASAN_POOL_FREED 0xFE + #ifdef KASAN void kasan_shadow_map(void *, size_t); void kasan_early_init(void *); @@ -45,10 +59,10 @@ void kasan_init(void); void kasan_softint(struct lwp *); void kasan_add_redzone(size_t *); -void kasan_mark(const void *, size_t, size_t); +void kasan_mark(const void *, size_t, size_t, uint8_t); #else #define kasan_add_redzone(s) __nothing -#define kasan_mark(p, s, l) __nothing +#define kasan_mark(p, s, l, c) __nothing #endif #endif /* !_SYS_ASAN_H_ */ Index: src/sys/uvm/uvm_glue.c diff -u src/sys/uvm/uvm_glue.c:1.166 src/sys/uvm/uvm_glue.c:1.167 --- src/sys/uvm/uvm_glue.c:1.166 Sun Dec 23 12:15:01 2018 +++ src/sys/uvm/uvm_glue.c Sun Apr 7 09:20:04 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: uvm_glue.c,v 1.166 2018/12/23 12:15:01 maxv Exp $ */ +/* $NetBSD: uvm_glue.c,v 1.167 2019/04/07 09:20:04 maxv Exp $ */ /* * Copyright (c) 1997 Charles D. Cranor and Washington University. @@ -62,7 +62,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: uvm_glue.c,v 1.166 2018/12/23 12:15:01 maxv Exp $"); +__KERNEL_RCSID(0, "$NetBSD: uvm_glue.c,v 1.167 2019/04/07 09:20:04 maxv Exp $"); #include "opt_kgdb.h" #include "opt_kstack.h" @@ -384,7 +384,7 @@ void uvm_uarea_free(vaddr_t uaddr) { - kasan_mark((void *)uaddr, USPACE, USPACE); + kasan_mark((void *)uaddr, USPACE, USPACE, 0); pool_cache_put(uvm_uarea_cache, (void *)uaddr); } @@ -392,7 +392,7 @@ void uvm_uarea_system_free(vaddr_t uaddr) { - kasan_mark((void *)uaddr, USPACE, USPACE); + kasan_mark((void *)uaddr, USPACE, USPACE, 0); pool_cache_put(uvm_uarea_system_cache, (void *)uaddr); }