upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-25 02:35:01 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Mark Johnston a3d4c8e21d amd64: Implement a KASAN shadow map 
The idea behind KASAN is to use a region of memory to track the validity
of buffers in the kernel map.  This region is the shadow map.  The
compiler inserts calls to the KASAN runtime for every emitted load
and store, and the runtime uses the shadow map to decide whether the
access is valid.  Various kernel allocators call kasan_mark() to update
the shadow map.

Since the shadow map tracks only accesses to the kernel map, accesses to
other kernel maps are not validated by KASAN.  UMA_MD_SMALL_ALLOC is
disabled when KASAN is configured to reduce usage of the direct map.
Currently we have no mechanism to completely eliminate uses of the
direct map, so KASAN's coverage is not comprehensive.

The shadow map uses one byte per eight bytes in the kernel map.  In
pmap_bootstrap() we create an initial set of page tables for the kernel
and preloaded data.

When pmap_growkernel() is called, we call kasan_shadow_map() to extend
the shadow map.  kasan_shadow_map() uses pmap_kasan_enter() to allocate
memory for the shadow region and map it.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29417

(cherry picked from commit 6faf45b34b)
2021-11-01 09:57:30 -04:00
..
amd64 amd64: Implement a KASAN shadow map 2021-11-01 09:57:30 -04:00
arm Enable PPS_SYNC on amd64, arm64 and armv7 2021-10-17 03:28:13 +03:00
arm64 Only demote when needed in the arm64 pmap_change_props_locked 2021-10-25 14:46:44 +01:00
bsm
cam iscsi: Abort data-out tasks queued on a terminating session. 2021-10-29 16:43:48 -07:00
cddl kern: drop remaining references to removed makesyscalls.sh 2021-09-14 20:53:03 -05:00
compat LinuxKPI: Support lazy BAR allocation 2021-10-24 19:51:15 +01:00
conf Add the KASAN runtime 2021-11-01 09:56:31 -04:00
contrib Upgrade ENA to v2.4.1 2021-10-07 18:10:32 +02:00
crypto crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. 2021-10-21 14:19:30 -07:00
ddb ddb: reliably fail with ambiguous commands 2021-07-02 14:13:24 -07:00
dev hyperv: Register hyperv_timecounter later during boot 2021-11-01 08:56:16 -04:00
dts arm: allwinner: dtb: Add overlays to disable SD/MMC node 2021-07-22 19:29:21 +02:00
fs nfscl: Handle NFSv4.1/4.2 Close RPC NFSERR_DELAY replies better 2021-10-31 19:02:53 -07:00
gdb
geom geom_label: Add more validation for NTFS volume tasting 2021-10-18 09:07:58 -04:00
gnu
i386 cpuset(9): Add CPU_FOREACH_IS(SET|CLR) and modify consumers to use it 2021-11-01 09:20:11 -04:00
isa
kern amd64: Implement a KASAN shadow map 2021-11-01 09:57:30 -04:00
kgssapi
libkern Switch to an ifunc in the kernel for crc32c 2021-08-30 12:22:21 +01:00
mips crypto: Add a new type of crypto buffer for a single mbuf. 2021-10-21 08:51:26 -07:00
modules ossl: Add ChaCha20 cipher support. 2021-10-21 08:51:24 -07:00
net pf: remove unused field from pf_kanchor 2021-10-22 09:34:08 +02:00
net80211 net80211/LinuxKPI: add more radiotap definitions 2021-07-18 00:35:03 +00:00
netgraph ng_ppp(4): Fix a typo in a comment 2021-10-17 10:35:19 +02:00
netinet Change lowest address on subnet (host 0) not to broadcast by default. 2021-10-19 08:16:32 -05:00
netinet6 nd6: Make the DAD callout MPSAFE 2021-09-21 09:37:52 -04:00
netipsec ipsec: enter epoch before calling into ipsec_run_hhooks 2021-10-11 09:10:31 +00:00
netpfil pf: do not copy anchor_wildcard / anchor_relative from userspace 2021-10-22 09:34:18 +02:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed socket: Rename sb(un)lock() and interlock with listen(2) 2021-10-07 09:56:47 -04:00
opencrypto crypto: Support Chacha20-Poly1305 with a nonce size of 8 bytes. 2021-10-21 14:19:30 -07:00
powerpc Restore PPS_SYNC in NOTES 2021-10-17 03:28:13 +03:00
riscv riscv: Implement pmap_mapdev_attr 2021-10-24 19:51:10 +01:00
rpc rpc: Convert an SOLISTENING check to an assertion 2021-09-24 09:01:07 -04:00
security mac: cheaper check for ifnet_create_mbuf and ifnet_check_transmit 2021-07-05 11:32:14 +00:00
sys Add the KASAN runtime 2021-11-01 09:56:31 -04:00
teken
tests routing: add IPv6 fib validation procedure. 2021-09-07 21:02:58 +00:00
tools makesyscalls.lua: add a CAPENABLED flag 2021-10-20 00:19:56 +01:00
ufs ufs: remove write-only variables 2021-10-27 03:24:40 +03:00
vm sysctl vm.objects: yield if hog 2021-11-01 02:44:51 +02:00
x86 cpuset(9): Add CPU_FOREACH_IS(SET|CLR) and modify consumers to use it 2021-11-01 09:20:11 -04:00
xdr
xen
Makefile