From nobody Sat Nov 23 02:36:45 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XwGM16mQzz5dmJr; Sat, 23 Nov 2024 02:36:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XwGM14n1Bz45f9; Sat, 23 Nov 2024 02:36:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732329405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uU5vk22tNUDP8W+mzXM1+i9pts0735umcTdbBFXWGh0=; b=AGXTjwnhc8GAUGPnZ8kTYBuJGQBqkfwpPqYnmnKX+SwDvKjFCJnSgfF3iTKb8PmrCARkzQ WL2rEKdVivwEMiTlhfORxGjnwLhkUl+iOjxxg2bb+QADU5AE9+1sDAnqDiDf8/5pizJ9IT QTBCxoJxPw4ONVxSm72zjA+1ezCVNEKczYq6z6/13hlr3XOVlPyZAYt/shy0/EMt9h9+S1 yHXkN04JwYIquGP6StfTj/K7fTuXjTsXDKfM0RX/dWNpjnZfdmWDxjm0SPtT0lWpj6Cx2l U6N/fmRtnLvHTYsf+FiPisR5K3kNhui00Y+1N8JaeIU+l2ojhei7sPb1duzA5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732329405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uU5vk22tNUDP8W+mzXM1+i9pts0735umcTdbBFXWGh0=; b=oEicN10bLULCug1krxpc4FCp2+zN6TCv6deQkyed9+sobG/kSNtbuJLTlpS7ewxIB68y9J b2H/73bpv0E1S6XFTdCPTQ2cRnLJa9a9yEuaprnEbUpVelo7DBDhcseOXXBeVfDWPmrkpH 3Ml1d/edrICBZuSx3emVkZGBct9L4ozP05Ga0YCY8XyO0h90Fu/8XY7E0l2g7xRQXiWeJe rZ9T65ZV8Kgmhxk5ei9uRlOf2T6f9cijOKUF7nfVAoDFbddatY00SgxTvtyFovu4Eit1xi 83S9XLWkhFqjNoe28Z03H9a/o/S5LHSnmknUkmSep1FTVUGBC2Ntwg+QkhqNhA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732329405; a=rsa-sha256; cv=none; b=Sx/x5hyh8FT9p6dZy5cPoF/Z6pz1wZyS+nUxgRbSd7CqfyNriicASgcM4RMM5ZusVNrrYq 9SThWnl3MH4YPuwhznYVQmuYCQHe92CtbKxlHtn6hT0agJI5g3wYzJjQ2AP3HL3z44Tzcf oA6ufO+0O2TWe//kQkCADcd6UFUipd2HP9Ac2MIzhLWI7qPa2p3bM/biCLCRl3cVa4wMJh Ev/1KXYGtpgGsuOinQyOICs22WvbEMQSCL12Wl6GQMNkDa4P0uJcgPWSi0YFpFV0GexZjY shHfVH0C3B2/YRGPHDoTjWfSGlBFk/L0/WRml/uHp6O33A0P86oXaXwd35QRcg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XwGM14LL9zrCD; Sat, 23 Nov 2024 02:36:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AN2ajca065148; Sat, 23 Nov 2024 02:36:45 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AN2ajeb065145; Sat, 23 Nov 2024 02:36:45 GMT (envelope-from git) Date: Sat, 23 Nov 2024 02:36:45 GMT Message-Id: <202411230236.4AN2ajeb065145@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: fdeb273d49bf - main - dtrace: Add some more annotations for KMSAN List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fdeb273d49bf2fa2544d3c98114859db10385550 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=fdeb273d49bf2fa2544d3c98114859db10385550 commit fdeb273d49bf2fa2544d3c98114859db10385550 Author: Mark Johnston AuthorDate: 2024-11-23 02:32:36 +0000 Commit: Mark Johnston CommitDate: 2024-11-23 02:36:08 +0000 dtrace: Add some more annotations for KMSAN - Don't allow FBT and kinst to instrument the KMSAN runtime. - When fetching data from the traced thread's stack, mark it as initialized. It may well be uninitialized, but as dtrace permits arbitrary inspection of kernel memory, it isn't very useful to raise KMSAN reports. - Mark data copied in from userspace as initialized, as we do for copyin() etc. using interceptors. MFC after: 2 weeks --- sys/cddl/dev/dtrace/amd64/dtrace_isa.c | 55 +++++++++++++++++++++++++++------- sys/cddl/dev/fbt/fbt.c | 7 +++++ sys/cddl/dev/kinst/kinst.c | 7 +++++ 3 files changed, 59 insertions(+), 10 deletions(-) diff --git a/sys/cddl/dev/dtrace/amd64/dtrace_isa.c b/sys/cddl/dev/dtrace/amd64/dtrace_isa.c index 83d34abbd270..f14e90d974bc 100644 --- a/sys/cddl/dev/dtrace/amd64/dtrace_isa.c +++ b/sys/cddl/dev/dtrace/amd64/dtrace_isa.c @@ -29,6 +29,7 @@ #include #include #include +#include #include #include @@ -73,6 +74,8 @@ dtrace_getpcstack(pc_t *pcstack, int pcstack_limit, int aframes, frame = (struct amd64_frame *)rbp; td = curthread; while (depth < pcstack_limit) { + kmsan_mark(frame, sizeof(*frame), KMSAN_STATE_INITED); + if (!kstack_contains(curthread, (vm_offset_t)frame, sizeof(*frame))) break; @@ -99,6 +102,7 @@ dtrace_getpcstack(pc_t *pcstack, int pcstack_limit, int aframes, for (; depth < pcstack_limit; depth++) { pcstack[depth] = 0; } + kmsan_check(pcstack, pcstack_limit * sizeof(*pcstack), "dtrace"); } static int @@ -399,8 +403,10 @@ dtrace_getarg(int arg, int aframes) goto load; } - for (i = 1; i <= aframes; i++) + for (i = 1; i <= aframes; i++) { + kmsan_mark(fp, sizeof(*fp), KMSAN_STATE_INITED); fp = fp->f_frame; + } /* * We know that we did not come through a trap to get into @@ -430,6 +436,8 @@ load: val = stack[arg]; DTRACE_CPUFLAG_CLEAR(CPU_DTRACE_NOFAULT); + kmsan_mark(&val, sizeof(val), KMSAN_STATE_INITED); + return (val); } @@ -444,10 +452,13 @@ dtrace_getstackdepth(int aframes) rbp = dtrace_getfp(); frame = (struct amd64_frame *)rbp; depth++; - for(;;) { + for (;;) { + kmsan_mark(frame, sizeof(*frame), KMSAN_STATE_INITED); + if (!kstack_contains(curthread, (vm_offset_t)frame, sizeof(*frame))) break; + depth++; if (frame->f_frame <= frame) break; @@ -574,76 +585,100 @@ void dtrace_copyin(uintptr_t uaddr, uintptr_t kaddr, size_t size, volatile uint16_t *flags) { - if (dtrace_copycheck(uaddr, kaddr, size)) + if (dtrace_copycheck(uaddr, kaddr, size)) { dtrace_copy(uaddr, kaddr, size); + kmsan_mark((void *)kaddr, size, KMSAN_STATE_INITED); + } } void dtrace_copyout(uintptr_t kaddr, uintptr_t uaddr, size_t size, volatile uint16_t *flags) { - if (dtrace_copycheck(uaddr, kaddr, size)) + if (dtrace_copycheck(uaddr, kaddr, size)) { + kmsan_check((void *)kaddr, size, "dtrace_copyout"); dtrace_copy(kaddr, uaddr, size); + } } void dtrace_copyinstr(uintptr_t uaddr, uintptr_t kaddr, size_t size, volatile uint16_t *flags) { - if (dtrace_copycheck(uaddr, kaddr, size)) + if (dtrace_copycheck(uaddr, kaddr, size)) { dtrace_copystr(uaddr, kaddr, size, flags); + kmsan_mark((void *)kaddr, size, KMSAN_STATE_INITED); + } } void dtrace_copyoutstr(uintptr_t kaddr, uintptr_t uaddr, size_t size, volatile uint16_t *flags) { - if (dtrace_copycheck(uaddr, kaddr, size)) + if (dtrace_copycheck(uaddr, kaddr, size)) { + kmsan_check((void *)kaddr, size, "dtrace_copyoutstr"); dtrace_copystr(kaddr, uaddr, size, flags); + } } uint8_t dtrace_fuword8(void *uaddr) { + uint8_t val; + if ((uintptr_t)uaddr > VM_MAXUSER_ADDRESS) { DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); cpu_core[curcpu].cpuc_dtrace_illval = (uintptr_t)uaddr; return (0); } - return (dtrace_fuword8_nocheck(uaddr)); + val = dtrace_fuword8_nocheck(uaddr); + kmsan_mark(&val, sizeof(val), KMSAN_STATE_INITED); + return (val); } uint16_t dtrace_fuword16(void *uaddr) { + uint16_t val; + if ((uintptr_t)uaddr > VM_MAXUSER_ADDRESS) { DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); cpu_core[curcpu].cpuc_dtrace_illval = (uintptr_t)uaddr; return (0); } - return (dtrace_fuword16_nocheck(uaddr)); + val = dtrace_fuword16_nocheck(uaddr); + kmsan_mark(&val, sizeof(val), KMSAN_STATE_INITED); + return (val); } uint32_t dtrace_fuword32(void *uaddr) { + uint32_t val; + if ((uintptr_t)uaddr > VM_MAXUSER_ADDRESS) { DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); cpu_core[curcpu].cpuc_dtrace_illval = (uintptr_t)uaddr; return (0); } - return (dtrace_fuword32_nocheck(uaddr)); + val = dtrace_fuword32_nocheck(uaddr); + kmsan_mark(&val, sizeof(val), KMSAN_STATE_INITED); + return (val); } uint64_t dtrace_fuword64(void *uaddr) { + uint64_t val; + if ((uintptr_t)uaddr > VM_MAXUSER_ADDRESS) { DTRACE_CPUFLAG_SET(CPU_DTRACE_BADADDR); cpu_core[curcpu].cpuc_dtrace_illval = (uintptr_t)uaddr; return (0); } - return (dtrace_fuword64_nocheck(uaddr)); + val = dtrace_fuword64_nocheck(uaddr); + kmsan_mark(&val, sizeof(val), KMSAN_STATE_INITED); + return (val); } /* diff --git a/sys/cddl/dev/fbt/fbt.c b/sys/cddl/dev/fbt/fbt.c index 481c896e9775..99a77ba65eb8 100644 --- a/sys/cddl/dev/fbt/fbt.c +++ b/sys/cddl/dev/fbt/fbt.c @@ -136,6 +136,13 @@ fbt_excluded(const char *name) strcmp(name, "owner_sx") == 0) return (1); + /* + * The KMSAN runtime can't be instrumented safely. + */ + if (strncmp(name, "__msan", 6) == 0 || + strncmp(name, "kmsan_", 6) == 0) + return (1); + /* * Stack unwinders may be called from probe context on some * platforms. diff --git a/sys/cddl/dev/kinst/kinst.c b/sys/cddl/dev/kinst/kinst.c index 60400a452b95..82b78d98987c 100644 --- a/sys/cddl/dev/kinst/kinst.c +++ b/sys/cddl/dev/kinst/kinst.c @@ -132,6 +132,13 @@ kinst_excluded(const char *name) strcmp(name, "owner_sx") == 0) return (true); + /* + * The KMSAN runtime can't be instrumented safely. + */ + if (strncmp(name, "__msan", 6) == 0 || + strncmp(name, "kmsan_", 6) == 0) + return (1); + /* * When DTrace is built into the kernel we need to exclude the kinst * functions from instrumentation.