[src/trunk]: src/sys/arch/amd64/amd64 Explicitly unpoison the stack when ente...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/09a053c0db11
branches:  trunk
changeset: 364052:09a053c0db11
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Aug 22 17:04:36 2018 +0000

description:
Explicitly unpoison the stack when entering a softint.

Softints are the only place where we "discard" a part of the stack: we may
have left the thread without allowing the asan instrumentation to clear
the poison, and in this case, we can get false positives when we hit a
poisoned area of the stack while executing another handler within the same
softint thread.

(I was actually getting a rare false positive in ip6intr.)

diffstat:

 sys/arch/amd64/amd64/asan.c |  13 +++++++++++--
 sys/arch/amd64/amd64/spl.S  |  14 +++++++++++++-
 2 files changed, 24 insertions(+), 3 deletions(-)

diffs (76 lines):

diff -r e8efcad62fc7 -r 09a053c0db11 sys/arch/amd64/amd64/asan.c
--- a/sys/arch/amd64/amd64/asan.c       Wed Aug 22 14:12:30 2018 +0000
+++ b/sys/arch/amd64/amd64/asan.c       Wed Aug 22 17:04:36 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: asan.c,v 1.3 2018/08/22 12:07:42 maxv Exp $    */
+/*     $NetBSD: asan.c,v 1.4 2018/08/22 17:04:36 maxv Exp $    */
 
 /*
  * Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: asan.c,v 1.3 2018/08/22 12:07:42 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: asan.c,v 1.4 2018/08/22 17:04:36 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/device.h>
@@ -59,6 +59,7 @@
 
 #define __RET_ADDR     (unsigned long)__builtin_return_address(0)
 
+void kasan_softint(struct lwp *);
 void kasan_shadow_map(void *, size_t);
 void kasan_early_init(void);
 void kasan_init(void);
@@ -323,6 +324,14 @@
 }
 
 void
+kasan_softint(struct lwp *l)
+{
+       const void *stk = (const void *)uvm_lwp_getuarea(l);
+
+       kasan_shadow_fill(stk, USPACE, 0);
+}
+
+void
 kasan_alloc(const void *addr, size_t size, size_t sz_with_redz)
 {
        kasan_markmem(addr, sz_with_redz, false);
diff -r e8efcad62fc7 -r 09a053c0db11 sys/arch/amd64/amd64/spl.S
--- a/sys/arch/amd64/amd64/spl.S        Wed Aug 22 14:12:30 2018 +0000
+++ b/sys/arch/amd64/amd64/spl.S        Wed Aug 22 17:04:36 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: spl.S,v 1.35 2018/07/14 14:29:40 maxv Exp $    */
+/*     $NetBSD: spl.S,v 1.36 2018/08/22 17:04:36 maxv Exp $    */
 
 /*
  * Copyright (c) 2003 Wasabi Systems, Inc.
@@ -65,6 +65,7 @@
  */
 
 #include "opt_ddb.h"
+#include "opt_kasan.h"
 
 #define ALIGN_TEXT     .align 16,0x90
 
@@ -105,6 +106,17 @@
        movq    L_PCB(%r15),%rcx
        movq    %rdi,CPUVAR(CURLWP)
 
+#ifdef KASAN
+       /* clear the new stack */
+       pushq   %rax
+       pushq   %rdx
+       pushq   %rcx
+       callq   _C_LABEL(kasan_softint)
+       popq    %rcx
+       popq    %rdx
+       popq    %rax
+#endif
+
        /* save old context */
        movq    %rsp,PCB_RSP(%rcx)
        movq    %rbp,PCB_RBP(%rcx)