git: 6f179693c5c4 - main - Add interceptors for atomic operations on userspace memory

Fri Jul 30 01:14:53 UTC 2021

The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=6f179693c5c4509a10eb76732dc98a7d01b0582f

commit 6f179693c5c4509a10eb76732dc98a7d01b0582f
Author:     Mark Johnston <markj at FreeBSD.org>
AuthorDate: 2021-07-30 01:05:03 +0000
Commit:     Mark Johnston <markj at FreeBSD.org>
CommitDate: 2021-07-30 01:14:36 +0000

    Add interceptors for atomic operations on userspace memory
    
    Implement them for KASAN.  KCSAN interceptors are left unimplemented for
    now.
    
    MFC after:      2 weeks
    Sponsored by:   The FreeBSD Foundation
---
 sys/kern/subr_asan.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 sys/sys/systm.h      | 31 ++++++++++++++++++++
 2 files changed, 114 insertions(+)

diff --git a/sys/kern/subr_asan.c b/sys/kern/subr_asan.c
index 7083a8e64540..5441d7be39a1 100644
--- a/sys/kern/subr_asan.c
+++ b/sys/kern/subr_asan.c
@@ -522,6 +522,89 @@ kasan_copyout(const void *kaddr, void *uaddr, size_t len)
 
 /* -------------------------------------------------------------------------- */
 
+int
+kasan_fubyte(volatile const void *base)
+{
+	return (fubyte(base));
+}
+
+int
+kasan_fuword16(volatile const void *base)
+{
+	return (fuword16(base));
+}
+
+int
+kasan_fueword(volatile const void *base, long *val)
+{
+	kasan_shadow_check((unsigned long)val, sizeof(*val), true, __RET_ADDR);
+	return (fueword(base, val));
+}
+
+int
+kasan_fueword32(volatile const void *base, int32_t *val)
+{
+	kasan_shadow_check((unsigned long)val, sizeof(*val), true, __RET_ADDR);
+	return (fueword32(base, val));
+}
+
+int
+kasan_fueword64(volatile const void *base, int64_t *val)
+{
+	kasan_shadow_check((unsigned long)val, sizeof(*val), true, __RET_ADDR);
+	return (fueword64(base, val));
+}
+
+int
+kasan_subyte(volatile void *base, int byte)
+{
+	return (subyte(base, byte));
+}
+
+int
+kasan_suword(volatile void *base, long word)
+{
+	return (suword(base, word));
+}
+
+int
+kasan_suword16(volatile void *base, int word)
+{
+	return (suword16(base, word));
+}
+
+int
+kasan_suword32(volatile void *base, int32_t word)
+{
+	return (suword32(base, word));
+}
+
+int
+kasan_suword64(volatile void *base, int64_t word)
+{
+	return (suword64(base, word));
+}
+
+int
+kasan_casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp,
+    uint32_t newval)
+{
+	kasan_shadow_check((unsigned long)oldvalp, sizeof(*oldvalp), true,
+	    __RET_ADDR);
+	return (casueword32(base, oldval, oldvalp, newval));
+}
+
+int
+kasan_casueword(volatile u_long *base, u_long oldval, u_long *oldvalp,
+    u_long newval)
+{
+	kasan_shadow_check((unsigned long)oldvalp, sizeof(*oldvalp), true,
+	    __RET_ADDR);
+	return (casueword(base, oldval, oldvalp, newval));
+}
+
+/* -------------------------------------------------------------------------- */
+
 #include <machine/atomic.h>
 #include <sys/atomic_san.h>
 
diff --git a/sys/sys/systm.h b/sys/sys/systm.h
index 671b5c2b8d38..da20492966cd 100644
--- a/sys/sys/systm.h
+++ b/sys/sys/systm.h
@@ -437,6 +437,37 @@ int	casueword32(volatile uint32_t *base, uint32_t oldval, uint32_t *oldvalp,
 int	casueword(volatile u_long *p, u_long oldval, u_long *oldvalp,
 	    u_long newval);
 
+#if defined(SAN_NEEDS_INTERCEPTORS) && !defined(KCSAN)
+int	SAN_INTERCEPTOR(fubyte)(volatile const void *base);
+int	SAN_INTERCEPTOR(fuword16)(volatile const void *base);
+int	SAN_INTERCEPTOR(fueword)(volatile const void *base, long *val);
+int	SAN_INTERCEPTOR(fueword32)(volatile const void *base, int32_t *val);
+int	SAN_INTERCEPTOR(fueword64)(volatile const void *base, int64_t *val);
+int	SAN_INTERCEPTOR(subyte)(volatile void *base, int byte);
+int	SAN_INTERCEPTOR(suword)(volatile void *base, long word);
+int	SAN_INTERCEPTOR(suword16)(volatile void *base, int word);
+int	SAN_INTERCEPTOR(suword32)(volatile void *base, int32_t word);
+int	SAN_INTERCEPTOR(suword64)(volatile void *base, int64_t word);
+int	SAN_INTERCEPTOR(casueword32)(volatile uint32_t *base, uint32_t oldval,
+	    uint32_t *oldvalp, uint32_t newval);
+int	SAN_INTERCEPTOR(casueword)(volatile u_long *p, u_long oldval,
+	    u_long *oldvalp, u_long newval);
+#ifndef SAN_RUNTIME
+#define	fubyte(b)		SAN_INTERCEPTOR(fubyte)((b))
+#define	fuword16(b)		SAN_INTERCEPTOR(fuword16)((b))
+#define	fueword(b, v)		SAN_INTERCEPTOR(fueword)((b), (v))
+#define	fueword32(b, v)		SAN_INTERCEPTOR(fueword32)((b), (v))
+#define	fueword64(b, v)		SAN_INTERCEPTOR(fueword64)((b), (v))
+#define	subyte(b, w)		SAN_INTERCEPTOR(subyte)((b), (w))
+#define	suword(b, w)		SAN_INTERCEPTOR(suword)((b), (w))
+#define	suword16(b, w)		SAN_INTERCEPTOR(suword16)((b), (w))
+#define	suword32(b, w)		SAN_INTERCEPTOR(suword32)((b), (w))
+#define	suword64(b, w)		SAN_INTERCEPTOR(suword64)((b), (w))
+#define	casueword32(b, o, p, n)	SAN_INTERCEPTOR(casueword32)((b), (o), (p), (n))
+#define	casueword(b, o, p, n)	SAN_INTERCEPTOR(casueword)((b), (o), (p), (n))
+#endif /* !SAN_RUNTIME */
+#endif /* SAN_NEEDS_INTERCEPTORS && !KCSAN */
+
 void	realitexpire(void *);
 
 int	sysbeep(int hertz, int period);
