From nobody Tue Nov 28 16:35:40 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Sfp3c4Twpz52Bm0; Tue, 28 Nov 2023 16:35:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Sfp3c3rGCz3WGQ; Tue, 28 Nov 2023 16:35:40 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701189340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4LYlEunuO+EC3vUAa2qj0OIpOoDkxzvbRPsjAysjngE=; b=LmYHooWlOeG3bH/JYhd9epMrDh8DM0DddBwQev3Vrv8HggoXgzFubPLRmVXodhNztCdTSl 75tbp2exDqV1Mq60tqIkUQpnZsZAiDmLQafDbVBkQIIXUbktXUz61/107cnfK/MxlmvoN3 BJOJUoBWx/UfrdQeOhcOb3777IH5RAbKxq42zT9QjopTGoKuqk7hSCpLWnuMUsWBOlbC5x UNa81Mled4bS0vgqbSz6QMlD3hMAeY7VcW6NpzuVxK1tFZNwanA9F8Pft6lgSA0zTgQ2Pi M+5erCbIupLs97ovUInZDfta2EFdOEJZS0h9tTf8URl9i/xiJnBIQF0iLfU/JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1701189340; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4LYlEunuO+EC3vUAa2qj0OIpOoDkxzvbRPsjAysjngE=; b=dDVkCb3r7dHrzNRs4irLgV4/MYmDVaE9BPb9OKlp0Rk7TM5qMgqTpD7qFZD1bNpTxgkDje hebQ8ayN+V/I9nEKLT4j6CmnSe4aElBHUg2QWB8QoBNYlWuwQoK4myhTSQEPEwgTmRum5m mg0FDGvJPzaoVLyqI5b0mjD0sNMNFO4XxwnFmERltQqUzpwRd9aofOqBlhhFmPJ7N8t65y Ow3BmC0j0DL7gXjbZJE5VeArnQKp5oDKkT0Z1Q86l8GjmzhMG5Cy0EmahY8p8vOG6glcad DnuhPnmDUICYl/YlEuseVP7kszojAwCOCEXLFFnTdfHOT9ZsozsCna9I22iR1w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1701189340; a=rsa-sha256; cv=none; b=yfth/2160/Euk6b5//E+woOQAIisJ2JS35QEfgUNo3iqs8Uc4bZfbIw7Z5dE6Yv6mEfAXh J99BGeCQowHuoKdoQVuj+DzYNEgNJZyJeEEMuvpouOewYPSrIBZ+lJCXgxjZ2x7OFCa5z4 qqpGT8CEdDU1mTq2BLoxh3Msf/xsaxXt8Vz/aD1uzgrHmhqzj7zjPN//4xpv27DkAPq23T 7MWGjpuGFwSl+X8aKYNm9oh9C6H/CqqX1YqoYeKl0LlXhyuZdgzNbY2AQEOjHW1MWBv5rR 6npnhd+bvvVFQNu7npegkK2x+NBAhrxJy8SagzYviS6DOzKWDdeuSc+WsXONcg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Sfp3c2bkszTsK; Tue, 28 Nov 2023 16:35:40 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3ASGZevk027694; Tue, 28 Nov 2023 16:35:40 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3ASGZeew027691; Tue, 28 Nov 2023 16:35:40 GMT (envelope-from git) Date: Tue, 28 Nov 2023 16:35:40 GMT Message-Id: <202311281635.3ASGZeew027691@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Guzik Subject: git: e1e847374bcc - main - Add DEBUG_POISON_POINTER List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: e1e847374bcc287ca97e6cb16cb5e07a697cf055 Auto-Submitted: auto-generated The branch main has been updated by mjg: URL: https://cgit.FreeBSD.org/src/commit/?id=e1e847374bcc287ca97e6cb16cb5e07a697cf055 commit e1e847374bcc287ca97e6cb16cb5e07a697cf055 Author: Mateusz Guzik AuthorDate: 2023-11-28 15:23:25 +0000 Commit: Mateusz Guzik CommitDate: 2023-11-28 16:33:46 +0000 Add DEBUG_POISON_POINTER If you have a pointer which you know points to stale data, you can fill it with junk so that dereference later will trap Reviewed by: kib Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D40946 --- sys/kern/vfs_bio.c | 6 ++++++ sys/sys/kassert.h | 31 +++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c index 31059f1c0a94..4e0832475c3e 100644 --- a/sys/kern/vfs_bio.c +++ b/sys/kern/vfs_bio.c @@ -159,6 +159,9 @@ nbufp(unsigned i) } caddr_t __read_mostly unmapped_buf; +#ifdef INVARIANTS +caddr_t poisoned_buf = (void *)-1; +#endif /* Used below and for softdep flushing threads in ufs/ffs/ffs_softdep.c */ struct proc *bufdaemonproc; @@ -1211,6 +1214,9 @@ bufinit(void) mtx_init(&bdirtylock, "dirty buf lock", NULL, MTX_DEF); unmapped_buf = (caddr_t)kva_alloc(maxphys); +#ifdef INVARIANTS + poisoned_buf = unmapped_buf; +#endif /* finally, initialize each buffer header and stick on empty q */ for (i = 0; i < nbuf; i++) { diff --git a/sys/sys/kassert.h b/sys/sys/kassert.h index d7c1a21385f9..7b54ac6ae519 100644 --- a/sys/sys/kassert.h +++ b/sys/sys/kassert.h @@ -38,6 +38,37 @@ extern const char *panicstr; /* panic message */ extern bool panicked; #define KERNEL_PANICKED() __predict_false(panicked) +/* + * Trap accesses going through a pointer. Moreover if kasan is available trap + * reading the pointer itself. + * + * Sample usage: you have a struct with numerous fields and by API contract + * only some of them get populated, even if the implementation temporary writes + * to them. You can use DEBUG_POISON_POINTER so that the consumer which should + * no be looking at the field gets caught. + * + * DEBUG_POISON_POINTER(obj->ptr); + * .... + * if (obj->ptr != NULL) // traps with kasan, does not trap otherwise + * .... + * if (obj->ptr->field) // traps with and without kasan + */ +#ifdef INVARIANTS + +#include + +extern caddr_t poisoned_buf; +#define DEBUG_POISON_POINTER_VALUE poisoned_buf + +#define DEBUG_POISON_POINTER(x) ({ \ + x = (void *)(DEBUG_POISON_POINTER_VALUE); \ + kasan_mark(&x, 0, sizeof(x), KASAN_GENERIC_REDZONE); \ +}) + +#else +#define DEBUG_POISON_POINTER(x) +#endif + #ifdef INVARIANTS /* The option is always available */ #define VNASSERT(exp, vp, msg) do { \ if (__predict_false(!(exp))) { \