The NetBSD Project

CVS log for src/sys/arch/amd64/amd64/Attic/asan.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / arch / amd64 / amd64

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.7.2.4
Mon Nov 26 01:52:16 2018 UTC (6 years, 2 months ago) by pgoyette
Branches: pgoyette-compat
CVS tags: pgoyette-compat-merge-20190127
FILE REMOVED
Changes since revision 1.7.2.3: +2 -2 lines
Sync with HEAD, resolve a couple of conflicts

Revision 1.11
Wed Oct 31 06:26:25 2018 UTC (6 years, 3 months ago) by maxv
Branches: MAIN
CVS tags: thorpej-futex-base, phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs, isaki-audio2-base, isaki-audio2, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, bouyer-sunxi-drm-base, bouyer-sunxi-drm, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache, HEAD
FILE REMOVED
Changes since revision 1.10: +2 -2 lines
Move the MI parts of KASAN into kern/subr_asan.c. This file includes
machine/asan.h, which contains the MD functions. We use an include rather
than a plain C file, because we want GCC to optimize/inline some functions
into one single block.

The amd64 MD parts of KASAN are moved accordingly.

The naming convention we use is:

	kasan_*
		a generic kasan object, declared in subr_asan.c
	kasan_md_*
		an MD kasan object, declared in machine/asan.h, and used
		in subr_asan.c
	__md_*
		an MD object, declared in machine/asan.h, and not used
		outside

Overall this makes it easier to add KASAN support on more architectures.

Discussed with several people.

Revision 1.10: download - view: text, markup, annotated - select for diffs
Sat Oct 27 06:35:54 2018 UTC (6 years, 3 months ago) by maxv
Branches: MAIN
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +15 -33 lines
Rename kasan_shadow_fill, remove one check in it, and inline it. Remove
the use-after-scope code for now, because our GCC does not support that
and when it does we will want to test the feature for real rather than
letting a potentially broken code compile.

Revision 1.9: download - view: text, markup, annotated - select for diffs
Sat Oct 27 06:06:31 2018 UTC (6 years, 3 months ago) by maxv
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -16 lines
Remove functions that aren't supposed to be used.

Revision 1.7.2.3: download - view: text, markup, annotated - select for diffs
Sun Sep 30 01:45:36 2018 UTC (6 years, 4 months ago) by pgoyette
Branches: pgoyette-compat
Diff to: previous 1.7.2.2: preferred, colored; branchpoint 1.7: preferred, colored
Changes since revision 1.7.2.2: +5 -2 lines
Ssync with HEAD

Revision 1.8: download - view: text, markup, annotated - select for diffs
Mon Sep 24 05:47:33 2018 UTC (6 years, 4 months ago) by maxv
Branches: MAIN
CVS tags: pgoyette-compat-1020, pgoyette-compat-0930
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +5 -2 lines
Don't go beyond start().

Revision 1.7.2.2: download - view: text, markup, annotated - select for diffs
Thu Sep 6 06:55:24 2018 UTC (6 years, 5 months ago) by pgoyette
Branches: pgoyette-compat
Diff to: previous 1.7.2.1: preferred, colored; branchpoint 1.7: preferred, colored
Changes since revision 1.7.2.1: +754 -0 lines
Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)

Revision 1.7.2.1
Mon Aug 27 08:53:19 2018 UTC (6 years, 5 months ago) by pgoyette
Branches: pgoyette-compat
FILE REMOVED
Changes since revision 1.7: +0 -754 lines
file asan.c was added on branch pgoyette-compat on 2018-09-06 06:55:24 +0000

Revision 1.7: download - view: text, markup, annotated - select for diffs
Mon Aug 27 08:53:19 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
CVS tags: pgoyette-compat-0906
Branch point for: pgoyette-compat
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +51 -2 lines
Add kasan interceptors for strcpy/strcmp/strlen.

Revision 1.6: download - view: text, markup, annotated - select for diffs
Thu Aug 23 11:56:10 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +9 -16 lines
Improve the detection on global variables, no need to round up.

Revision 1.5: download - view: text, markup, annotated - select for diffs
Wed Aug 22 17:25:02 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +60 -2 lines
Unwind the stack on error, to get the full path that led to the illegal
access. Example of output:

kASan: Unauthorized Access In 0xffffffff80e6219c: Addr 0xffffbb007a39fd03 [1 byte, read]
#0 0xffffffff80e6219c in ras_purgeall <netbsd>
#1 0xffffffff80e62330 in sys_rasctl <netbsd>
#2 0xffffffff80265008 in syscall <netbsd>

(I manually added a one-byte stack read overflow in rasctl to demonstrate.)

Revision 1.4: download - view: text, markup, annotated - select for diffs
Wed Aug 22 17:04:36 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +11 -2 lines
Explicitly unpoison the stack when entering a softint.

Softints are the only place where we "discard" a part of the stack: we may
have left the thread without allowing the asan instrumentation to clear
the poison, and in this case, we can get false positives when we hit a
poisoned area of the stack while executing another handler within the same
softint thread.

(I was actually getting a rare false positive in ip6intr.)

Revision 1.3: download - view: text, markup, annotated - select for diffs
Wed Aug 22 12:07:42 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +51 -4 lines
Add support for monitoring the stack with kASan. This allows us to detect
illegal memory accesses occuring there.

The compiler inlines a piece of code in each function that adds redzones
around the local variables and poisons them. The illegal accesses are then
detected using the usual kASan machinery.

The stack size is doubled, from 4 pages to 8 pages.

Several boot functions are marked with the __noasan flag, to prevent the
compiler from adding redzones in them (because we haven't yet initialized
kASan). The kasan_early_init function is called early at boot time to
quickly create the shadow for the current stack; after this is done, we
don't need __noasan anymore in the boot path.

We pass -fasan-shadow-offset=0xDFFF900000000000, because the compiler
wants to do
	shad = shadow-offset + (addr >> 3)
and we do, in kasan_addr_to_shad
	shad = KASAN_SHADOW_START + ((addr - CANONICAL_BASE) >> 3)
hence
	shad = KASAN_SHADOW_START + (addr >> 3) - (CANONICAL_BASE >> 3)
	     = [KASAN_SHADOW_START - (CANONICAL_BASE >> 3)] + (addr >> 3)
implies
	shadow-offset = KASAN_SHADOW_START - (CANONICAL_BASE >> 3)
	              = 0xFFFF800000000000 - (0xFFFF800000000000 >> 3)
	              = 0xDFFF900000000000

In UVM, we add a kasan_free (that is not preceded by a kasan_alloc). We
don't add poisoned redzones ourselves, but all the functions we execute
do, so we need to manually clear the poison before freeing the stack.

With the help of Kamil for the makefile stuff.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Wed Aug 22 09:11:47 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +15 -8 lines
Fix the computation in kasan_shadow_map, we may need one more page because
of the rounddown.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Aug 20 15:04:51 2018 UTC (6 years, 5 months ago) by maxv
Branches: MAIN
Add support for kASan on amd64. Written by me, with some parts inspired
from Siddharth Muralee's initial work. This feature can detect several
kinds of memory bugs, and it's an excellent feature.

It can be enabled by uncommenting these three lines in GENERIC:

	#makeoptions 	KASAN=1		# Kernel Address Sanitizer
	#options 	KASAN
	#no options	SVS

The kernel is compiled without SVS, without DMAP and without PCPU area.
A shadow area is created at boot time, and it can cover the upper 128TB
of the address space. This area is populated gradually as we allocate
memory. With this design the memory consumption is kept at its lowest
level.

The compiler calls the __asan_* functions each time a memory access is
done. We verify whether this access is legal by looking at the shadow
area.

We declare our own special memcpy/memset/etc functions, because the
compiler's builtins don't add the __asan_* instrumentation.

Initially all the mappings are marked as valid. During dynamic
allocations, we add a redzone, which we mark as invalid. Any access on
it will trigger a kASan error message. Additionally, the compiler adds
a redzone on global variables, and we mark these redzones as invalid too.
The illegal-access detection works with a 1-byte granularity.

For now, we cover three areas:

	- global variables
	- kmem_alloc-ated areas
	- malloc-ated areas

More will come, but that's a good start.

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>