[src/trunk]: src/sys/kern Add KASAN instrumentation on on-stack VLAs.

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/800b82ce96ec
branches:  trunk
changeset: 1008794:800b82ce96ec
user:      maxv <maxv%NetBSD.org@localhost>
date:      Fri Apr 03 18:12:39 2020 +0000

description:
Add KASAN instrumentation on on-stack VLAs.

diffstat:

 sys/arch/amd64/conf/Makefile.amd64 |   3 ++-
 sys/kern/subr_asan.c               |  36 ++++++++++++++++++++++++++++++++++--
 2 files changed, 36 insertions(+), 3 deletions(-)

diffs (78 lines):

diff -r 9af4e485083b -r 800b82ce96ec sys/arch/amd64/conf/Makefile.amd64
--- a/sys/arch/amd64/conf/Makefile.amd64        Fri Apr 03 18:11:29 2020 +0000
+++ b/sys/arch/amd64/conf/Makefile.amd64        Fri Apr 03 18:12:39 2020 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile.amd64,v 1.80 2019/11/14 16:23:52 maxv Exp $
+#      $NetBSD: Makefile.amd64,v 1.81 2020/04/03 18:12:39 maxv Exp $
 
 # Makefile for NetBSD
 #
@@ -52,6 +52,7 @@
 .if ${KASAN:U0} > 0 && ${HAVE_GCC:U0} > 0
 KASANFLAGS=    -fsanitize=kernel-address \
                --param asan-globals=1 --param asan-stack=1 \
+               --param asan-instrument-allocas=1 \
                -fsanitize-address-use-after-scope \
                -fasan-shadow-offset=0xDFFF900000000000
 .for f in subr_asan.c subr_kcov.c subr_lwp_specificdata.c subr_specificdata.c
diff -r 9af4e485083b -r 800b82ce96ec sys/kern/subr_asan.c
--- a/sys/kern/subr_asan.c      Fri Apr 03 18:11:29 2020 +0000
+++ b/sys/kern/subr_asan.c      Fri Apr 03 18:12:39 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_asan.c,v 1.18 2020/02/08 09:05:08 maxv Exp $      */
+/*     $NetBSD: subr_asan.c,v 1.19 2020/04/03 18:12:39 maxv Exp $      */
 
 /*
  * Copyright (c) 2018-2020 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.18 2020/02/08 09:05:08 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_asan.c,v 1.19 2020/04/03 18:12:39 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/device.h>
@@ -53,6 +53,7 @@
 #define KASAN_SHADOW_SCALE_SHIFT       3
 #define KASAN_SHADOW_SCALE_SIZE                (1UL << KASAN_SHADOW_SCALE_SHIFT)
 #define KASAN_SHADOW_MASK              (KASAN_SHADOW_SCALE_SIZE - 1)
+#define KASAN_ALLOCA_SCALE_SIZE                32
 
 /* The MD code. */
 #include <machine/asan.h>
@@ -1247,3 +1248,34 @@
 {
        kasan_shadow_Nbyte_markvalid(addr, size);
 }
+
+void __asan_alloca_poison(const void *, size_t);
+void __asan_allocas_unpoison(const void *, const void *);
+
+void __asan_alloca_poison(const void *addr, size_t size)
+{
+       const void *l, *r;
+
+       KASSERT((vaddr_t)addr % KASAN_ALLOCA_SCALE_SIZE == 0);
+
+       l = (const uint8_t *)addr - KASAN_ALLOCA_SCALE_SIZE;
+       r = (const uint8_t *)addr + roundup(size, KASAN_ALLOCA_SCALE_SIZE);
+
+       kasan_shadow_Nbyte_fill(l, KASAN_ALLOCA_SCALE_SIZE, KASAN_STACK_LEFT);
+       kasan_mark(addr, size, roundup(size, KASAN_ALLOCA_SCALE_SIZE),
+           KASAN_STACK_MID);
+       kasan_shadow_Nbyte_fill(r, KASAN_ALLOCA_SCALE_SIZE, KASAN_STACK_RIGHT);
+}
+
+void __asan_allocas_unpoison(const void *stkbegin, const void *stkend)
+{
+       size_t size;
+
+       if (__predict_false(!stkbegin))
+               return;
+       if (__predict_false((uintptr_t)stkbegin > (uintptr_t)stkend))
+               return;
+       size = (uintptr_t)stkend - (uintptr_t)stkbegin;
+
+       kasan_shadow_Nbyte_fill(stkbegin, size, 0);
+}