Received: by mail.netbsd.org (Postfix, from userid 605) id 8564F84D6F; Wed, 22 Aug 2018 12:07:45 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A935684D55 for ; Wed, 22 Aug 2018 12:07:44 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id vz7oL8OeP_Q6 for ; Wed, 22 Aug 2018 12:07:44 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id ED43F84CD6 for ; Wed, 22 Aug 2018 12:07:43 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D678BFBEC; Wed, 22 Aug 2018 12:07:43 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Wed, 22 Aug 2018 12:07:43 +0000 From: "Maxime Villard" Subject: CVS commit: src/sys To: source-changes@NetBSD.org X-Mailer: log_accum Message-Id: <20180822120743.D678BFBEC@cvs.NetBSD.org> Sender: source-changes-owner@NetBSD.org List-Id: source-changes.NetBSD.org Precedence: bulk Reply-To: source-changes-d@NetBSD.org Mail-Reply-To: "Maxime Villard" Mail-Followup-To: source-changes-d@NetBSD.org List-Unsubscribe: Module Name: src Committed By: maxv Date: Wed Aug 22 12:07:43 UTC 2018 Modified Files: src/sys/arch/amd64/amd64: asan.c machdep.c src/sys/arch/amd64/conf: Makefile.amd64 src/sys/arch/amd64/include: param.h src/sys/arch/x86/x86: cpu_rng.c pmap.c src/sys/sys: cdefs.h src/sys/uvm: uvm_glue.c Log Message: Add support for monitoring the stack with kASan. This allows us to detect illegal memory accesses occuring there. The compiler inlines a piece of code in each function that adds redzones around the local variables and poisons them. The illegal accesses are then detected using the usual kASan machinery. The stack size is doubled, from 4 pages to 8 pages. Several boot functions are marked with the __noasan flag, to prevent the compiler from adding redzones in them (because we haven't yet initialized kASan). The kasan_early_init function is called early at boot time to quickly create the shadow for the current stack; after this is done, we don't need __noasan anymore in the boot path. We pass -fasan-shadow-offset=0xDFFF900000000000, because the compiler wants to do shad = shadow-offset + (addr >> 3) and we do, in kasan_addr_to_shad shad = KASAN_SHADOW_START + ((addr - CANONICAL_BASE) >> 3) hence shad = KASAN_SHADOW_START + (addr >> 3) - (CANONICAL_BASE >> 3) = [KASAN_SHADOW_START - (CANONICAL_BASE >> 3)] + (addr >> 3) implies shadow-offset = KASAN_SHADOW_START - (CANONICAL_BASE >> 3) = 0xFFFF800000000000 - (0xFFFF800000000000 >> 3) = 0xDFFF900000000000 In UVM, we add a kasan_free (that is not preceded by a kasan_alloc). We don't add poisoned redzones ourselves, but all the functions we execute do, so we need to manually clear the poison before freeing the stack. With the help of Kamil for the makefile stuff. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/sys/arch/amd64/amd64/asan.c cvs rdiff -u -r1.315 -r1.316 src/sys/arch/amd64/amd64/machdep.c cvs rdiff -u -r1.72 -r1.73 src/sys/arch/amd64/conf/Makefile.amd64 cvs rdiff -u -r1.25 -r1.26 src/sys/arch/amd64/include/param.h cvs rdiff -u -r1.8 -r1.9 src/sys/arch/x86/x86/cpu_rng.c cvs rdiff -u -r1.304 -r1.305 src/sys/arch/x86/x86/pmap.c cvs rdiff -u -r1.136 -r1.137 src/sys/sys/cdefs.h cvs rdiff -u -r1.163 -r1.164 src/sys/uvm/uvm_glue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.