execve: Mark exec argument buffers

We cache mapped execve argument buffers to avoid the overhead of TLB shootdowns. Mark them invalid when they are freed to the cache. MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29460
2021-04-13 17:40:19 -04:00 · 2021-04-13 17:40:19 -04:00 · f1c3adefd9
commit f1c3adefd9
parent b261bb4057
3 changed files with 8 additions and 0 deletions
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@ -37,6 +37,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/acct.h>
+#include <sys/asan.h>
 #include <sys/capsicum.h>
 #include <sys/eventhandler.h>
 #include <sys/exec.h>
@ -1328,6 +1329,8 @@ exec_alloc_args_kva(void **cookie)
 		SLIST_REMOVE_HEAD(&exec_args_kva_freelist, next);
 		mtx_unlock(&exec_args_kva_mtx);
 	}
+	kasan_mark((void *)argkva->addr, exec_map_entry_size,
+	    exec_map_entry_size, 0);
 	*(struct exec_args_kva **)cookie = argkva;
 	return (argkva->addr);
 }
@ -1338,6 +1341,8 @@ exec_release_args_kva(struct exec_args_kva *argkva, u_int gen)
 	vm_offset_t base;

 	base = argkva->addr;
+	kasan_mark((void *)argkva->addr, 0, exec_map_entry_size,
+	    KASAN_EXEC_ARGS_FREED);
 	if (argkva->gen != gen) {
 		(void)vm_map_madvise(exec_map, base, base + exec_map_entry_size,
 		    MADV_FREE);
--- a/sys/kern/subr_asan.c
+++ b/sys/kern/subr_asan.c
@ -153,6 +153,8 @@ kasan_code_name(uint8_t code)
 		return "UMAUseAfterFree";
 	case KASAN_KSTACK_FREED:
 		return "KernelStack";
+	case KASAN_EXEC_ARGS_FREED:
+		return "ExecKVA";
 	case 1 ... 7:
 		return "RedZonePartial";
 	case KASAN_STACK_LEFT:
--- a/sys/sys/asan.h
+++ b/sys/sys/asan.h
@ -53,6 +53,7 @@
 #define KASAN_KMEM_REDZONE	0xFC
 #define	KASAN_UMA_FREED		0xFD
 #define	KASAN_KSTACK_FREED	0xFE
+#define	KASAN_EXEC_ARGS_FREED	0xFF

 void kasan_init(void);
 void kasan_shadow_map(void *, size_t);