git: f115c0612131 - main - amd64: Add MD bits for KASAN
Mark Johnston
markj at FreeBSD.org
Tue Apr 13 21:42:34 UTC 2021
The branch main has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=f115c0612131d8f939f6f357f57bdd85bd6a59de
commit f115c0612131d8f939f6f357f57bdd85bd6a59de
Author: Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-04-13 21:39:35 +0000
Commit: Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-04-13 21:42:20 +0000
amd64: Add MD bits for KASAN
- Initialize KASAN before executing SYSINITs.
- Add a GENERIC-KASAN kernel config, akin to GENERIC-KCSAN.
- Increase the kernel stack size if KASAN is enabled. Some of the
ASAN instrumentation increases stack usage and it's enough to
trigger stack overflows in ZFS.
- Mark the trapframe as valid in interrupt handlers if it is
assigned to td_intr_frame. Otherwise, an interrupt in a function
which creates a poisoned alloca region can trigger false positives.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29455
---
sys/amd64/amd64/machdep.c | 3 +++
sys/amd64/conf/GENERIC-KASAN | 7 +++++++
sys/amd64/include/param.h | 4 ++++
sys/x86/isa/atpic.c | 4 ++++
sys/x86/x86/local_apic.c | 7 +++++++
5 files changed, 25 insertions(+)
diff --git a/sys/amd64/amd64/machdep.c b/sys/amd64/amd64/machdep.c
index 362ea6eea825..0951f3f71a0a 100644
--- a/sys/amd64/amd64/machdep.c
+++ b/sys/amd64/amd64/machdep.c
@@ -58,6 +58,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/systm.h>
+#include <sys/asan.h>
#include <sys/bio.h>
#include <sys/buf.h>
#include <sys/bus.h>
@@ -1916,6 +1917,8 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
#endif
thread0.td_critnest = 0;
+ kasan_init();
+
TSEXIT();
/* Location of kernel stack for locore */
diff --git a/sys/amd64/conf/GENERIC-KASAN b/sys/amd64/conf/GENERIC-KASAN
new file mode 100644
index 000000000000..8d5703141e86
--- /dev/null
+++ b/sys/amd64/conf/GENERIC-KASAN
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+include GENERIC
+
+ident GENERIC-KASAN
+
+options KASAN
diff --git a/sys/amd64/include/param.h b/sys/amd64/include/param.h
index 93ee524e1de2..cf1d2bd0a586 100644
--- a/sys/amd64/include/param.h
+++ b/sys/amd64/include/param.h
@@ -134,8 +134,12 @@
#define IOPERM_BITMAP_SIZE (IOPAGES * PAGE_SIZE + 1)
#ifndef KSTACK_PAGES
+#ifdef KASAN
+#define KSTACK_PAGES 6
+#else
#define KSTACK_PAGES 4 /* pages of kstack (with pcb) */
#endif
+#endif
#define KSTACK_GUARD_PAGES 1 /* pages of kstack guard; 0 disables */
/*
diff --git a/sys/x86/isa/atpic.c b/sys/x86/isa/atpic.c
index 07d63b041d0b..28c10ee7009f 100644
--- a/sys/x86/isa/atpic.c
+++ b/sys/x86/isa/atpic.c
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/asan.h>
#include <sys/bus.h>
#include <sys/interrupt.h>
#include <sys/kernel.h>
@@ -522,6 +523,9 @@ atpic_handle_intr(u_int vector, struct trapframe *frame)
{
struct intsrc *isrc;
+ /* The frame may have been written into a poisoned region. */
+ kasan_mark(frame, sizeof(*frame), sizeof(*frame), 0);
+
KASSERT(vector < NUM_ISA_IRQS, ("unknown int %u\n", vector));
isrc = &atintrs[vector].at_intsrc;
diff --git a/sys/x86/x86/local_apic.c b/sys/x86/x86/local_apic.c
index 65ea602c0101..85c3cfb69277 100644
--- a/sys/x86/x86/local_apic.c
+++ b/sys/x86/x86/local_apic.c
@@ -43,6 +43,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/asan.h>
#include <sys/bus.h>
#include <sys/kernel.h>
#include <sys/lock.h>
@@ -1299,6 +1300,9 @@ lapic_handle_intr(int vector, struct trapframe *frame)
{
struct intsrc *isrc;
+ /* The frame may have been written into a poisoned region. */
+ kasan_mark(frame, sizeof(*frame), sizeof(*frame), 0);
+
isrc = intr_lookup_source(apic_idt_to_irq(PCPU_GET(apic_id),
vector));
intr_execute_handlers(isrc, frame);
@@ -1314,6 +1318,9 @@ lapic_handle_timer(struct trapframe *frame)
/* Send EOI first thing. */
lapic_eoi();
+ /* The frame may have been written into a poisoned region. */
+ kasan_mark(frame, sizeof(*frame), sizeof(*frame), 0);
+
#if defined(SMP) && !defined(SCHED_ULE)
/*
* Don't do any accounting for the disabled HTT cores, since it
More information about the dev-commits-src-main
mailing list