Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys Add support for use-after-scope detection in KASAN. It i...
details: https://anonhg.NetBSD.org/src/rev/3060b1695eda
branches: trunk
changeset: 449143:3060b1695eda
user: maxv <maxv%NetBSD.org@localhost>
date: Sun Feb 24 08:02:45 2019 +0000
description:
Add support for use-after-scope detection in KASAN. It is available since
GCC7, and we have GCC7 by default now.
Slightly reorder the code, and remove a duplicated KASSERT too.
Tested on amd64-KASAN. Not yet enabled on aarch64-KASAN, but it should
work as-is.
diffstat:
sys/arch/amd64/conf/Makefile.amd64 | 3 ++-
sys/kern/subr_asan.c | 36 +++++++++++++++++++++++++++---------
2 files changed, 29 insertions(+), 10 deletions(-)
diffs (88 lines):
diff -r 95c48623991c -r 3060b1695eda sys/arch/amd64/conf/Makefile.amd64
--- a/sys/arch/amd64/conf/Makefile.amd64 Sun Feb 24 07:39:33 2019 +0000
+++ b/sys/arch/amd64/conf/Makefile.amd64 Sun Feb 24 08:02:45 2019 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.amd64,v 1.75 2018/10/31 06:26:25 maxv Exp $
+# $NetBSD: Makefile.amd64,v 1.76 2019/02/24 08:02:45 maxv Exp $
# Makefile for NetBSD
#
@@ -52,6 +52,7 @@
.if ${KASAN:U0} > 0 && ${HAVE_GCC:U0} > 0
KASANFLAGS= -fsanitize=kernel-address \
--param asan-globals=1 --param asan-stack=1 \
+ -fsanitize-address-use-after-scope \
-fasan-shadow-offset=0xDFFF900000000000
.for f in subr_asan.c
KASANFLAGS.${f}= # empty
diff -r 95c48623991c -r 3060b1695eda sys/kern/subr_asan.c
--- a/sys/kern/subr_asan.c Sun Feb 24 07:39:33 2019 +0000
+++ b/sys/kern/subr_asan.c Sun Feb 24 08:02:45 2019 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: subr_asan.c,v 1.3 2019/02/13 14:55:29 kamil Exp $ */
+/* $NetBSD: subr_asan.c,v 1.4 2019/02/24 08:02:45 maxv Exp $ */
/*
* Copyright (c) 2018 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.3 2019/02/13 14:55:29 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.4 2019/02/24 08:02:45 maxv Exp $");
#include <sys/param.h>
#include <sys/device.h>
@@ -182,6 +182,16 @@
}
static __always_inline void
+kasan_shadow_Nbyte_markvalid(const void *addr, size_t size)
+{
+ size_t i;
+
+ for (i = 0; i < size; i++) {
+ kasan_shadow_1byte_markvalid((unsigned long)addr+i);
+ }
+}
+
+static __always_inline void
kasan_shadow_Nbyte_fill(const void *addr, size_t size, uint8_t val)
{
void *shad;
@@ -210,16 +220,10 @@
static void
kasan_markmem(const void *addr, size_t size, bool valid)
{
- size_t i;
-
KASSERT((vaddr_t)addr % KASAN_SHADOW_SCALE_SIZE == 0);
-
if (valid) {
- for (i = 0; i < size; i++) {
- kasan_shadow_1byte_markvalid((unsigned long)addr+i);
- }
+ kasan_shadow_Nbyte_markvalid(addr, size);
} else {
- KASSERT(size % KASAN_SHADOW_SCALE_SIZE == 0);
kasan_shadow_Nbyte_fill(addr, size, KASAN_MEMORY_REDZONE);
}
}
@@ -537,3 +541,17 @@
ASAN_SET_SHADOW(f3);
ASAN_SET_SHADOW(f5);
ASAN_SET_SHADOW(f8);
+
+void __asan_poison_stack_memory(const void *, size_t);
+void __asan_unpoison_stack_memory(const void *, size_t);
+
+void __asan_poison_stack_memory(const void *addr, size_t size)
+{
+ size = roundup(size, KASAN_SHADOW_SCALE_SIZE);
+ kasan_shadow_Nbyte_fill(addr, size, KASAN_USE_AFTER_SCOPE);
+}
+
+void __asan_unpoison_stack_memory(const void *addr, size_t size)
+{
+ kasan_shadow_Nbyte_markvalid(addr, size);
+}
Home |
Main Index |
Thread Index |
Old Index