Track the stack with kASan on aarch64. Same principle as on amd64. Illegal
accesses occurring there are now detected. Originally written by me, but reworked by ryo@, thanks.
This commit is contained in:
maxv
parent
16c07d020a
commit
f1cb8e8464
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: cpuswitch.S,v 1.5 2018/10/12 01:28:57 ryo Exp $ */
|
||||
/* $NetBSD: cpuswitch.S,v 1.6 2018/11/08 08:28:07 maxv Exp $ */
|
||||
|
||||
/*-
|
||||
* Copyright (c) 2014 The NetBSD Foundation, Inc.
|
||||
@ -35,8 +35,9 @@
|
||||
|
||||
#include "opt_compat_netbsd32.h"
|
||||
#include "opt_ddb.h"
|
||||
#include "opt_kasan.h"
|
||||
|
||||
RCSID("$NetBSD: cpuswitch.S,v 1.5 2018/10/12 01:28:57 ryo Exp $")
|
||||
RCSID("$NetBSD: cpuswitch.S,v 1.6 2018/11/08 08:28:07 maxv Exp $")
|
||||
|
||||
/*
|
||||
* At IPL_SCHED:
|
||||
@ -140,6 +141,13 @@ ENTRY_NP(cpu_switchto_softint)
|
||||
#endif
|
||||
str x0, [x3, #CI_CURLWP] /* curcpu()->ci_curlwp = softlwp; */
|
||||
|
||||
#ifdef KASAN
|
||||
/* clear the new stack */
|
||||
stp x0, xzr, [sp, #-16]!
|
||||
bl _C_LABEL(kasan_softint)
|
||||
ldp x0, xzr, [sp], #16
|
||||
#endif
|
||||
|
||||
/* onto new stack */
|
||||
ldr x4, [x0, #L_MD_UTF]
|
||||
sub sp, x4, #TF_SIZE /* new sp := softlwp->l_md_utf - 1 */
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: locore.S,v 1.30 2018/10/18 09:01:51 skrll Exp $ */
|
||||
/* $NetBSD: locore.S,v 1.31 2018/11/08 08:28:07 maxv Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2017 Ryo Shimizu <ryo@nerv.org>
|
||||
@ -32,13 +32,14 @@
|
||||
#include "opt_cpuoptions.h"
|
||||
#include "opt_ddb.h"
|
||||
#include "opt_fdt.h"
|
||||
#include "opt_kasan.h"
|
||||
#include "opt_multiprocessor.h"
|
||||
|
||||
#include <aarch64/asm.h>
|
||||
#include <aarch64/hypervisor.h>
|
||||
#include "assym.h"
|
||||
|
||||
RCSID("$NetBSD: locore.S,v 1.30 2018/10/18 09:01:51 skrll Exp $")
|
||||
RCSID("$NetBSD: locore.S,v 1.31 2018/11/08 08:28:07 maxv Exp $")
|
||||
|
||||
|
||||
/*#define DEBUG_LOCORE /* debug print */
|
||||
@ -180,6 +181,10 @@ vstart:
|
||||
msr tpidr_el1, x0 /* curcpu is cpu_info[0] */
|
||||
DPRINTREG("curcpu = ", x0);
|
||||
|
||||
#ifdef KASAN
|
||||
ADDR x0, lwp0uspace
|
||||
bl _C_LABEL(kasan_early_init)
|
||||
#endif
|
||||
|
||||
mov fp, #0 /* trace back starts here */
|
||||
PRINT("initarm\n")
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# $NetBSD: Makefile.aarch64,v 1.13 2018/11/01 20:34:49 maxv Exp $
|
||||
# $NetBSD: Makefile.aarch64,v 1.14 2018/11/08 08:28:07 maxv Exp $
|
||||
|
||||
# Makefile for NetBSD
|
||||
#
|
||||
@ -41,7 +41,8 @@ CFLAGS+= -mno-omit-leaf-frame-pointer
|
||||
|
||||
.if ${KASAN:U0} > 0 && ${HAVE_GCC:U0} > 0
|
||||
KASANFLAGS= -fsanitize=kernel-address \
|
||||
--param asan-globals=1
|
||||
--param asan-globals=1 --param asan-stack=1 \
|
||||
-fasan-shadow-offset=0xDFFF208000000000
|
||||
.for f in subr_asan.c
|
||||
KASANFLAGS.${f}= # empty
|
||||
.endfor
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: asan.h,v 1.2 2018/11/02 08:18:18 skrll Exp $ */
|
||||
/* $NetBSD: asan.h,v 1.3 2018/11/08 08:28:07 maxv Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2018 The NetBSD Foundation, Inc.
|
||||
@ -36,6 +36,7 @@
|
||||
#include <aarch64/vmparam.h>
|
||||
#include <aarch64/cpufunc.h>
|
||||
#include <aarch64/armreg.h>
|
||||
#include <aarch64/machdep.h>
|
||||
|
||||
#define __MD_VIRTUAL_SHIFT 48 /* 49bit address space, cut half */
|
||||
#define __MD_CANONICAL_BASE 0xFFFF000000000000
|
||||
@ -44,6 +45,8 @@
|
||||
#define KASAN_MD_SHADOW_START (AARCH64_KSEG_END)
|
||||
#define KASAN_MD_SHADOW_END (KASAN_MD_SHADOW_START + __MD_SHADOW_SIZE)
|
||||
|
||||
static bool __md_early __read_mostly = true;
|
||||
|
||||
static inline int8_t *
|
||||
kasan_md_addr_to_shad(const void *addr)
|
||||
{
|
||||
@ -64,7 +67,10 @@ __md_palloc(void)
|
||||
{
|
||||
paddr_t pa;
|
||||
|
||||
pmap_alloc_pdp(pmap_kernel(), &pa);
|
||||
if (__predict_false(__md_early))
|
||||
pa = (paddr_t)bootpage_alloc();
|
||||
else
|
||||
pmap_alloc_pdp(pmap_kernel(), &pa);
|
||||
|
||||
return pa;
|
||||
}
|
||||
@ -78,7 +84,11 @@ kasan_md_shadow_map_page(vaddr_t va)
|
||||
size_t idx;
|
||||
|
||||
l0pa = reg_ttbr1_el1_read();
|
||||
l0 = (void *)AARCH64_PA_TO_KVA(l0pa);
|
||||
if (__predict_false(__md_early)) {
|
||||
l0 = (void *)KERN_PHYSTOV(l0pa);
|
||||
} else {
|
||||
l0 = (void *)AARCH64_PA_TO_KVA(l0pa);
|
||||
}
|
||||
|
||||
idx = l0pde_index(va);
|
||||
pde = l0[idx];
|
||||
@ -88,7 +98,11 @@ kasan_md_shadow_map_page(vaddr_t va)
|
||||
} else {
|
||||
pa = l0pde_pa(pde);
|
||||
}
|
||||
l1 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
if (__predict_false(__md_early)) {
|
||||
l1 = (void *)KERN_PHYSTOV(pa);
|
||||
} else {
|
||||
l1 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
}
|
||||
|
||||
idx = l1pde_index(va);
|
||||
pde = l1[idx];
|
||||
@ -98,7 +112,11 @@ kasan_md_shadow_map_page(vaddr_t va)
|
||||
} else {
|
||||
pa = l1pde_pa(pde);
|
||||
}
|
||||
l2 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
if (__predict_false(__md_early)) {
|
||||
l2 = (void *)KERN_PHYSTOV(pa);
|
||||
} else {
|
||||
l2 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
}
|
||||
|
||||
idx = l2pde_index(va);
|
||||
pde = l2[idx];
|
||||
@ -108,7 +126,11 @@ kasan_md_shadow_map_page(vaddr_t va)
|
||||
} else {
|
||||
pa = l2pde_pa(pde);
|
||||
}
|
||||
l3 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
if (__predict_false(__md_early)) {
|
||||
l3 = (void *)KERN_PHYSTOV(pa);
|
||||
} else {
|
||||
l3 = (void *)AARCH64_PA_TO_KVA(pa);
|
||||
}
|
||||
|
||||
idx = l3pte_index(va);
|
||||
pde = l3[idx];
|
||||
@ -120,7 +142,12 @@ kasan_md_shadow_map_page(vaddr_t va)
|
||||
}
|
||||
}
|
||||
|
||||
#define kasan_md_early_init(a) __nothing
|
||||
static void
|
||||
kasan_md_early_init(void *stack)
|
||||
{
|
||||
kasan_shadow_map(stack, USPACE);
|
||||
__md_early = false;
|
||||
}
|
||||
|
||||
static void
|
||||
kasan_md_init(void)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user