diff options
author | Mark Johnston <markj@FreeBSD.org> | 2021-11-03 16:28:48 +0000 |
---|---|---|
committer | Mark Johnston <markj@FreeBSD.org> | 2021-11-03 16:36:02 +0000 |
commit | 2a519c3b14c29688e42d11f916655318b13c8409 (patch) | |
tree | d15c62cd78099132eb1ce156ac22c88296830382 | |
parent | 175d3380a367954a5825ba7078f3bc948e9aca39 (diff) | |
download | src-2a519c3b14c29688e42d11f916655318b13c8409.tar.gz src-2a519c3b14c29688e42d11f916655318b13c8409.zip |
kasan: Disable validation of function parameters passed by value
It appears that the emitted code in the caller does not update shadow
state for values passed on the stack to the callee, which it seemingly
ought to do after pushing values on the stack and prior to the call
itself. This leaves open a window where an interrupt handler can cause
regions of the stack containing these values to be poisoned, resulting
in rare false positive reports. This happens particularly in the amd64
TLB invalidation code, where we liberally pass cpuset_t's around by
value.
LLVM has a flag to disable validation of accesses of function parameters
passed by value. Such validation is itself a relatively new feature.
Turn it off for now.
Reported by: pho, syzkaller
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
-rw-r--r-- | sys/conf/kern.pre.mk | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/conf/kern.pre.mk b/sys/conf/kern.pre.mk index 9d9e32027ec7..056963adcb2d 100644 --- a/sys/conf/kern.pre.mk +++ b/sys/conf/kern.pre.mk @@ -100,7 +100,8 @@ SAN_CFLAGS+= -DSAN_NEEDS_INTERCEPTORS -DSAN_INTERCEPTOR_PREFIX=kasan \ -mllvm -asan-instrument-dynamic-allocas=true \ -mllvm -asan-globals=true \ -mllvm -asan-use-after-scope=true \ - -mllvm -asan-instrumentation-with-call-threshold=0 + -mllvm -asan-instrumentation-with-call-threshold=0 \ + -mllvm -asan-instrument-byval=false .endif KCSAN_ENABLED!= grep KCSAN opt_global.h || true ; echo |