git: b0dfc4868478 - main - uma: Fix a few problems with KASAN integration

Mark Johnston markj at FreeBSD.org
Sat Jul 10 00:48:12 UTC 2021 

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=b0dfc48684780024a3d736c5a5449284dad97f4e

commit b0dfc48684780024a3d736c5a5449284dad97f4e
Author:     Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-07-10 00:38:21 +0000
Commit:     Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-07-10 00:38:50 +0000

    uma: Fix a few problems with KASAN integration
    
    - Ensure that all items returned by UMA are aligned to
      KASAN_SHADOW_SCALE (8).  This was true in practice since smaller
      alignments are not used by any consumers, but we should enforce it
      anyway.
    - Use a non-zero code for marking redzones that appear naturally in
      items that are not a multiple of the scale factor in size.  Currently
      we do not modify keg layouts to force the creation of redzones.
    - Use a non-zero code for marking freed per-CPU items, otherwise
      accesses of freed per-CPU items are not detected by the runtime.
    
    Sponsored by:   The FreeBSD Foundation
---
 sys/vm/uma_core.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
index d2e01f3a0605..59cc960d3dd9 100644
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@@ -556,11 +556,12 @@ kasan_mark_item_valid(uma_zone_t zone, void *item)
 	sz = zone->uz_size;
 	rsz = roundup2(sz, KASAN_SHADOW_SCALE);
 	if ((zone->uz_flags & UMA_ZONE_PCPU) == 0) {
-		kasan_mark(item, sz, rsz, 0);
+		kasan_mark(item, sz, rsz, KASAN_GENERIC_REDZONE);
 	} else {
 		pcpu_item = zpcpu_base_to_offset(item);
 		for (i = 0; i <= mp_maxid; i++)
-			kasan_mark(zpcpu_get_cpu(pcpu_item, i), sz, rsz, 0);
+			kasan_mark(zpcpu_get_cpu(pcpu_item, i), sz, rsz,
+			    KASAN_GENERIC_REDZONE);
 	}
 }
 
@@ -580,7 +581,8 @@ kasan_mark_item_invalid(uma_zone_t zone, void *item)
 	} else {
 		pcpu_item = zpcpu_base_to_offset(item);
 		for (i = 0; i <= mp_maxid; i++)
-			kasan_mark(zpcpu_get_cpu(pcpu_item, i), 0, sz, 0);
+			kasan_mark(zpcpu_get_cpu(pcpu_item, i), 0, sz,
+			    KASAN_UMA_FREED);
 	}
 }
 
@@ -2238,6 +2240,14 @@ keg_layout(uma_keg_t keg)
 	     PRINT_UMA_ZFLAGS));
 
 	alignsize = keg->uk_align + 1;
+#ifdef KASAN
+	/*
+	 * ASAN requires that each allocation be aligned to the shadow map
+	 * scale factor.
+	 */
+	if (alignsize < KASAN_SHADOW_SCALE)
+		alignsize = KASAN_SHADOW_SCALE;
+#endif
 
 	/*
 	 * Calculate the size of each allocation (rsize) according to

More information about the dev-commits-src-main mailing list