git: db33d492c807 - stable/13 - uma: Fix a few problems with KASAN integration

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Mon, 01 Nov 2021 14:33:13 UTC
The branch stable/13 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=db33d492c807ff1a83640049b8e569d03a4975ad

commit db33d492c807ff1a83640049b8e569d03a4975ad
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-07-10 00:38:21 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-11-01 14:07:04 +0000

    uma: Fix a few problems with KASAN integration
    
    - Ensure that all items returned by UMA are aligned to
      KASAN_SHADOW_SCALE (8).  This was true in practice since smaller
      alignments are not used by any consumers, but we should enforce it
      anyway.
    - Use a non-zero code for marking redzones that appear naturally in
      items that are not a multiple of the scale factor in size.  Currently
      we do not modify keg layouts to force the creation of redzones.
    - Use a non-zero code for marking freed per-CPU items, otherwise
      accesses of freed per-CPU items are not detected by the runtime.
    
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit b0dfc48684780024a3d736c5a5449284dad97f4e)
---
 sys/vm/uma_core.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
index e3c7e2cc81e9..b71527b3049f 100644
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@@ -556,11 +556,12 @@ kasan_mark_item_valid(uma_zone_t zone, void *item)
 	sz = zone->uz_size;
 	rsz = roundup2(sz, KASAN_SHADOW_SCALE);
 	if ((zone->uz_flags & UMA_ZONE_PCPU) == 0) {
-		kasan_mark(item, sz, rsz, 0);
+		kasan_mark(item, sz, rsz, KASAN_GENERIC_REDZONE);
 	} else {
 		pcpu_item = zpcpu_base_to_offset(item);
 		for (i = 0; i <= mp_maxid; i++)
-			kasan_mark(zpcpu_get_cpu(pcpu_item, i), sz, rsz, 0);
+			kasan_mark(zpcpu_get_cpu(pcpu_item, i), sz, rsz,
+			    KASAN_GENERIC_REDZONE);
 	}
 }
 
@@ -580,7 +581,8 @@ kasan_mark_item_invalid(uma_zone_t zone, void *item)
 	} else {
 		pcpu_item = zpcpu_base_to_offset(item);
 		for (i = 0; i <= mp_maxid; i++)
-			kasan_mark(zpcpu_get_cpu(pcpu_item, i), 0, sz, 0);
+			kasan_mark(zpcpu_get_cpu(pcpu_item, i), 0, sz,
+			    KASAN_UMA_FREED);
 	}
 }
 
@@ -2238,6 +2240,14 @@ keg_layout(uma_keg_t keg)
 	     PRINT_UMA_ZFLAGS));
 
 	alignsize = keg->uk_align + 1;
+#ifdef KASAN
+	/*
+	 * ASAN requires that each allocation be aligned to the shadow map
+	 * scale factor.
+	 */
+	if (alignsize < KASAN_SHADOW_SCALE)
+		alignsize = KASAN_SHADOW_SCALE;
+#endif
 
 	/*
 	 * Calculate the size of each allocation (rsize) according to