1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * KMSAN shadow implementation. 4 * 5 * Copyright (C) 2017-2022 Google LLC 6 * Author: Alexander Potapenko <glider@google.com> 7 * 8 */ 9 10 #include <asm/kmsan.h> 11 #include <asm/tlbflush.h> 12 #include <linux/cacheflush.h> 13 #include <linux/memblock.h> 14 #include <linux/mm_types.h> 15 #include <linux/percpu-defs.h> 16 #include <linux/slab.h> 17 #include <linux/smp.h> 18 #include <linux/stddef.h> 19 20 #include "../internal.h" 21 #include "kmsan.h" 22 23 #define shadow_page_for(page) ((page)->kmsan_shadow) 24 25 #define origin_page_for(page) ((page)->kmsan_origin) 26 27 static void *shadow_ptr_for(struct page *page) 28 { 29 return page_address(shadow_page_for(page)); 30 } 31 32 static void *origin_ptr_for(struct page *page) 33 { 34 return page_address(origin_page_for(page)); 35 } 36 37 static bool page_has_metadata(struct page *page) 38 { 39 return shadow_page_for(page) && origin_page_for(page); 40 } 41 42 static void set_no_shadow_origin_page(struct page *page) 43 { 44 shadow_page_for(page) = NULL; 45 origin_page_for(page) = NULL; 46 } 47 48 /* 49 * Dummy load and store pages to be used when the real metadata is unavailable. 50 * There are separate pages for loads and stores, so that every load returns a 51 * zero, and every store doesn't affect other loads. 52 */ 53 static char dummy_load_page[PAGE_SIZE] __aligned(PAGE_SIZE); 54 static char dummy_store_page[PAGE_SIZE] __aligned(PAGE_SIZE); 55 56 static unsigned long vmalloc_meta(void *addr, bool is_origin) 57 { 58 unsigned long addr64 = (unsigned long)addr, off; 59 60 KMSAN_WARN_ON(is_origin && !IS_ALIGNED(addr64, KMSAN_ORIGIN_SIZE)); 61 if (kmsan_internal_is_vmalloc_addr(addr)) { 62 off = addr64 - VMALLOC_START; 63 return off + (is_origin ? KMSAN_VMALLOC_ORIGIN_START : 64 KMSAN_VMALLOC_SHADOW_START); 65 } 66 if (kmsan_internal_is_module_addr(addr)) { 67 off = addr64 - MODULES_VADDR; 68 return off + (is_origin ? KMSAN_MODULES_ORIGIN_START : 69 KMSAN_MODULES_SHADOW_START); 70 } 71 return 0; 72 } 73 74 static struct page *virt_to_page_or_null(void *vaddr) 75 { 76 if (kmsan_virt_addr_valid(vaddr)) 77 return virt_to_page(vaddr); 78 else 79 return NULL; 80 } 81 82 struct shadow_origin_ptr kmsan_get_shadow_origin_ptr(void *address, u64 size, 83 bool store) 84 { 85 struct shadow_origin_ptr ret; 86 void *shadow; 87 88 /* 89 * Even if we redirect this memory access to the dummy page, it will 90 * go out of bounds. 91 */ 92 KMSAN_WARN_ON(size > PAGE_SIZE); 93 94 if (!kmsan_enabled) 95 goto return_dummy; 96 97 KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(address, size)); 98 shadow = kmsan_get_metadata(address, KMSAN_META_SHADOW); 99 if (!shadow) 100 goto return_dummy; 101 102 ret.shadow = shadow; 103 ret.origin = kmsan_get_metadata(address, KMSAN_META_ORIGIN); 104 return ret; 105 106 return_dummy: 107 if (store) { 108 /* Ignore this store. */ 109 ret.shadow = dummy_store_page; 110 ret.origin = dummy_store_page; 111 } else { 112 /* This load will return zero. */ 113 ret.shadow = dummy_load_page; 114 ret.origin = dummy_load_page; 115 } 116 return ret; 117 } 118 119 /* 120 * Obtain the shadow or origin pointer for the given address, or NULL if there's 121 * none. The caller must check the return value for being non-NULL if needed. 122 * The return value of this function should not depend on whether we're in the 123 * runtime or not. 124 */ 125 void *kmsan_get_metadata(void *address, bool is_origin) 126 { 127 u64 addr = (u64)address, pad, off; 128 struct page *page; 129 130 if (is_origin && !IS_ALIGNED(addr, KMSAN_ORIGIN_SIZE)) { 131 pad = addr % KMSAN_ORIGIN_SIZE; 132 addr -= pad; 133 } 134 address = (void *)addr; 135 if (kmsan_internal_is_vmalloc_addr(address) || 136 kmsan_internal_is_module_addr(address)) 137 return (void *)vmalloc_meta(address, is_origin); 138 139 page = virt_to_page_or_null(address); 140 if (!page) 141 return NULL; 142 if (!page_has_metadata(page)) 143 return NULL; 144 off = addr % PAGE_SIZE; 145 146 return (is_origin ? origin_ptr_for(page) : shadow_ptr_for(page)) + off; 147 } 148 149 void kmsan_copy_page_meta(struct page *dst, struct page *src) 150 { 151 if (!kmsan_enabled || kmsan_in_runtime()) 152 return; 153 if (!dst || !page_has_metadata(dst)) 154 return; 155 if (!src || !page_has_metadata(src)) { 156 kmsan_internal_unpoison_memory(page_address(dst), PAGE_SIZE, 157 /*checked*/ false); 158 return; 159 } 160 161 kmsan_enter_runtime(); 162 __memcpy(shadow_ptr_for(dst), shadow_ptr_for(src), PAGE_SIZE); 163 __memcpy(origin_ptr_for(dst), origin_ptr_for(src), PAGE_SIZE); 164 kmsan_leave_runtime(); 165 } 166 167 void kmsan_alloc_page(struct page *page, unsigned int order, gfp_t flags) 168 { 169 bool initialized = (flags & __GFP_ZERO) || !kmsan_enabled; 170 struct page *shadow, *origin; 171 depot_stack_handle_t handle; 172 int pages = 1 << order; 173 174 if (!page) 175 return; 176 177 shadow = shadow_page_for(page); 178 origin = origin_page_for(page); 179 180 if (initialized) { 181 __memset(page_address(shadow), 0, PAGE_SIZE * pages); 182 __memset(page_address(origin), 0, PAGE_SIZE * pages); 183 return; 184 } 185 186 /* Zero pages allocated by the runtime should also be initialized. */ 187 if (kmsan_in_runtime()) 188 return; 189 190 __memset(page_address(shadow), -1, PAGE_SIZE * pages); 191 kmsan_enter_runtime(); 192 handle = kmsan_save_stack_with_flags(flags, /*extra_bits*/ 0); 193 kmsan_leave_runtime(); 194 /* 195 * Addresses are page-aligned, pages are contiguous, so it's ok 196 * to just fill the origin pages with @handle. 197 */ 198 for (int i = 0; i < PAGE_SIZE * pages / sizeof(handle); i++) 199 ((depot_stack_handle_t *)page_address(origin))[i] = handle; 200 } 201 202 void kmsan_free_page(struct page *page, unsigned int order) 203 { 204 if (!kmsan_enabled || kmsan_in_runtime()) 205 return; 206 kmsan_enter_runtime(); 207 kmsan_internal_poison_memory(page_address(page), 208 PAGE_SIZE << compound_order(page), 209 GFP_KERNEL, 210 KMSAN_POISON_CHECK | KMSAN_POISON_FREE); 211 kmsan_leave_runtime(); 212 } 213 214 void kmsan_vmap_pages_range_noflush(unsigned long start, unsigned long end, 215 pgprot_t prot, struct page **pages, 216 unsigned int page_shift) 217 { 218 unsigned long shadow_start, origin_start, shadow_end, origin_end; 219 struct page **s_pages, **o_pages; 220 int nr, mapped; 221 222 if (!kmsan_enabled) 223 return; 224 225 shadow_start = vmalloc_meta((void *)start, KMSAN_META_SHADOW); 226 shadow_end = vmalloc_meta((void *)end, KMSAN_META_SHADOW); 227 if (!shadow_start) 228 return; 229 230 nr = (end - start) / PAGE_SIZE; 231 s_pages = kcalloc(nr, sizeof(*s_pages), GFP_KERNEL); 232 o_pages = kcalloc(nr, sizeof(*o_pages), GFP_KERNEL); 233 if (!s_pages || !o_pages) 234 goto ret; 235 for (int i = 0; i < nr; i++) { 236 s_pages[i] = shadow_page_for(pages[i]); 237 o_pages[i] = origin_page_for(pages[i]); 238 } 239 prot = __pgprot(pgprot_val(prot) | _PAGE_NX); 240 prot = PAGE_KERNEL; 241 242 origin_start = vmalloc_meta((void *)start, KMSAN_META_ORIGIN); 243 origin_end = vmalloc_meta((void *)end, KMSAN_META_ORIGIN); 244 kmsan_enter_runtime(); 245 mapped = __vmap_pages_range_noflush(shadow_start, shadow_end, prot, 246 s_pages, page_shift); 247 KMSAN_WARN_ON(mapped); 248 mapped = __vmap_pages_range_noflush(origin_start, origin_end, prot, 249 o_pages, page_shift); 250 KMSAN_WARN_ON(mapped); 251 kmsan_leave_runtime(); 252 flush_tlb_kernel_range(shadow_start, shadow_end); 253 flush_tlb_kernel_range(origin_start, origin_end); 254 flush_cache_vmap(shadow_start, shadow_end); 255 flush_cache_vmap(origin_start, origin_end); 256 257 ret: 258 kfree(s_pages); 259 kfree(o_pages); 260 } 261