From nobody Mon Nov 01 14:33:05 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 72316182DBBD; Mon, 1 Nov 2021 14:33:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hjb9d18Sdz3sFH; Mon, 1 Nov 2021 14:33:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 065B513615; Mon, 1 Nov 2021 14:33:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1A1EX5VC021493; Mon, 1 Nov 2021 14:33:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1A1EX5Si021492; Mon, 1 Nov 2021 14:33:05 GMT (envelope-from git) Date: Mon, 1 Nov 2021 14:33:05 GMT Message-Id: <202111011433.1A1EX5Si021492@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mark Johnston Subject: git: 28c338b34263 - stable/13 - realloc: Fix KASAN(9) shadow map updates List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 28c338b3426330b5c9668651e4e91b2dfafde6cf Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=28c338b3426330b5c9668651e4e91b2dfafde6cf commit 28c338b3426330b5c9668651e4e91b2dfafde6cf Author: Mark Johnston AuthorDate: 2021-05-05 21:05:46 +0000 Commit: Mark Johnston CommitDate: 2021-11-01 14:05:22 +0000 realloc: Fix KASAN(9) shadow map updates When copying from the old buffer to the new buffer, we don't know the requested size of the old allocation, but only the size of the allocation provided by UMA. This value is "alloc". Because the copy may access bytes in the old allocation's red zone, we must mark the full allocation valid in the shadow map. Do so using the correct size. Reported by: kp Tested by: kp Sponsored by: The FreeBSD Foundation (cherry picked from commit 9a7c2de36460cdb916734a6969aac666707a639b) --- sys/kern/kern_malloc.c | 2 +- sys/vm/uma_core.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c index 6adb16c95528..3061cb91568f 100644 --- a/sys/kern/kern_malloc.c +++ b/sys/kern/kern_malloc.c @@ -1033,7 +1033,7 @@ realloc(void *addr, size_t size, struct malloc_type *mtp, int flags) * Copy over original contents. For KASAN, the redzone must be marked * valid before performing the copy. */ - kasan_mark(addr, size, size, 0); + kasan_mark(addr, alloc, alloc, 0); bcopy(addr, newaddr, min(size, alloc)); free(addr, mtp); return (newaddr); diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c index 1398796ee2e7..e3c7e2cc81e9 100644 --- a/sys/vm/uma_core.c +++ b/sys/vm/uma_core.c @@ -540,6 +540,9 @@ bucket_zone_drain(int domain) } #ifdef KASAN +_Static_assert(UMA_SMALLEST_UNIT % KASAN_SHADOW_SCALE == 0, + "Base UMA allocation size not a multiple of the KASAN scale factor"); + static void kasan_mark_item_valid(uma_zone_t zone, void *item) {