Now
MAIN commitmail json YAML
src/sys/arch/amd64/amd64/asan.c@1.3
/
diff
/
nxr@1.3
src/sys/arch/amd64/amd64/machdep.c@1.316 / diff / nxr@1.316
src/sys/arch/amd64/conf/Makefile.amd64@1.73 / diff / nxr@1.73
src/sys/arch/amd64/include/param.h@1.26 / diff / nxr@1.26
src/sys/arch/x86/x86/cpu_rng.c@1.9 / diff / nxr@1.9
src/sys/arch/x86/x86/pmap.c@1.305 / diff / nxr@1.305
src/sys/sys/cdefs.h@1.137 / diff / nxr@1.137
src/sys/uvm/uvm_glue.c@1.164 / diff / nxr@1.164
src/sys/arch/amd64/amd64/machdep.c@1.316 / diff / nxr@1.316
src/sys/arch/amd64/conf/Makefile.amd64@1.73 / diff / nxr@1.73
src/sys/arch/amd64/include/param.h@1.26 / diff / nxr@1.26
src/sys/arch/x86/x86/cpu_rng.c@1.9 / diff / nxr@1.9
src/sys/arch/x86/x86/pmap.c@1.305 / diff / nxr@1.305
src/sys/sys/cdefs.h@1.137 / diff / nxr@1.137
src/sys/uvm/uvm_glue.c@1.164 / diff / nxr@1.164
Add support for monitoring the stack with kASan. This allows us to detect
illegal memory accesses occuring there.
The compiler inlines a piece of code in each function that adds redzones
around the local variables and poisons them. The illegal accesses are then
detected using the usual kASan machinery.
The stack size is doubled, from 4 pages to 8 pages.
Several boot functions are marked with the __noasan flag, to prevent the
compiler from adding redzones in them (because we haven't yet initialized
kASan). The kasan_early_init function is called early at boot time to
quickly create the shadow for the current stack; after this is done, we
don't need __noasan anymore in the boot path.
We pass -fasan-shadow-offset=0xDFFF900000000000, because the compiler
wants to do
shad = shadow-offset + (addr >> 3)
and we do, in kasan_addr_to_shad
shad = KASAN_SHADOW_START + ((addr - CANONICAL_BASE) >> 3)
hence
shad = KASAN_SHADOW_START + (addr >> 3) - (CANONICAL_BASE >> 3)
= [KASAN_SHADOW_START - (CANONICAL_BASE >> 3)] + (addr >> 3)
implies
shadow-offset = KASAN_SHADOW_START - (CANONICAL_BASE >> 3)
= 0xFFFF800000000000 - (0xFFFF800000000000 >> 3)
= 0xDFFF900000000000
In UVM, we add a kasan_free (that is not preceded by a kasan_alloc). We
don't add poisoned redzones ourselves, but all the functions we execute
do, so we need to manually clear the poison before freeing the stack.
With the help of Kamil for the makefile stuff.
illegal memory accesses occuring there.
The compiler inlines a piece of code in each function that adds redzones
around the local variables and poisons them. The illegal accesses are then
detected using the usual kASan machinery.
The stack size is doubled, from 4 pages to 8 pages.
Several boot functions are marked with the __noasan flag, to prevent the
compiler from adding redzones in them (because we haven't yet initialized
kASan). The kasan_early_init function is called early at boot time to
quickly create the shadow for the current stack; after this is done, we
don't need __noasan anymore in the boot path.
We pass -fasan-shadow-offset=0xDFFF900000000000, because the compiler
wants to do
shad = shadow-offset + (addr >> 3)
and we do, in kasan_addr_to_shad
shad = KASAN_SHADOW_START + ((addr - CANONICAL_BASE) >> 3)
hence
shad = KASAN_SHADOW_START + (addr >> 3) - (CANONICAL_BASE >> 3)
= [KASAN_SHADOW_START - (CANONICAL_BASE >> 3)] + (addr >> 3)
implies
shadow-offset = KASAN_SHADOW_START - (CANONICAL_BASE >> 3)
= 0xFFFF800000000000 - (0xFFFF800000000000 >> 3)
= 0xDFFF900000000000
In UVM, we add a kasan_free (that is not preceded by a kasan_alloc). We
don't add poisoned redzones ourselves, but all the functions we execute
do, so we need to manually clear the poison before freeing the stack.
With the help of Kamil for the makefile stuff.