git: 2748ecec950d - stable/13 - execve: Mark exec argument buffers

From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 01 Nov 2021 14:33:03 UTC 
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=2748ecec950de38d50f8a3c4ec917fd489cb4628

commit 2748ecec950de38d50f8a3c4ec917fd489cb4628
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-04-13 21:40:19 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-11-01 14:03:28 +0000

    execve: Mark exec argument buffers
    
    We cache mapped execve argument buffers to avoid the overhead of TLB
    shootdowns.  Mark them invalid when they are freed to the cache.
    
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit f1c3adefd95d35115bd4597293e0b904ae401245)
---
 sys/kern/kern_exec.c | 5 +++++
 sys/kern/subr_asan.c | 2 ++
 sys/sys/asan.h       | 1 +
 3 files changed, 8 insertions(+)

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 2ea0efc4a2cb..eb2d7d9986e2 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/acct.h>
+#include <sys/asan.h>
 #include <sys/capsicum.h>
 #include <sys/eventhandler.h>
 #include <sys/exec.h>
@@ -1347,6 +1348,8 @@ exec_alloc_args_kva(void **cookie)
 		SLIST_REMOVE_HEAD(&exec_args_kva_freelist, next);
 		mtx_unlock(&exec_args_kva_mtx);
 	}
+	kasan_mark((void *)argkva->addr, exec_map_entry_size,
+	    exec_map_entry_size, 0);
 	*(struct exec_args_kva **)cookie = argkva;
 	return (argkva->addr);
 }
@@ -1357,6 +1360,8 @@ exec_release_args_kva(struct exec_args_kva *argkva, u_int gen)
 	vm_offset_t base;
 
 	base = argkva->addr;
+	kasan_mark((void *)argkva->addr, 0, exec_map_entry_size,
+	    KASAN_EXEC_ARGS_FREED);
 	if (argkva->gen != gen) {
 		(void)vm_map_madvise(exec_map, base, base + exec_map_entry_size,
 		    MADV_FREE);
diff --git a/sys/kern/subr_asan.c b/sys/kern/subr_asan.c
index 842370ad1e63..d0478899e8c7 100644
--- a/sys/kern/subr_asan.c
+++ b/sys/kern/subr_asan.c
@@ -153,6 +153,8 @@ kasan_code_name(uint8_t code)
 		return "UMAUseAfterFree";
 	case KASAN_KSTACK_FREED:
 		return "KernelStack";
+	case KASAN_EXEC_ARGS_FREED:
+		return "ExecKVA";
 	case 1 ... 7:
 		return "RedZonePartial";
 	case KASAN_STACK_LEFT:
diff --git a/sys/sys/asan.h b/sys/sys/asan.h
index a8e07b765028..c86202222c72 100644
--- a/sys/sys/asan.h
+++ b/sys/sys/asan.h
@@ -53,6 +53,7 @@
 #define KASAN_KMEM_REDZONE	0xFC
 #define	KASAN_UMA_FREED		0xFD
 #define	KASAN_KSTACK_FREED	0xFE
+#define	KASAN_EXEC_ARGS_FREED	0xFF
 
 void kasan_init(void);
 void kasan_shadow_map(void *, size_t);