162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * KMSAN shadow implementation. 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright (C) 2017-2022 Google LLC 662306a36Sopenharmony_ci * Author: Alexander Potapenko <glider@google.com> 762306a36Sopenharmony_ci * 862306a36Sopenharmony_ci */ 962306a36Sopenharmony_ci 1062306a36Sopenharmony_ci#include <asm/kmsan.h> 1162306a36Sopenharmony_ci#include <asm/tlbflush.h> 1262306a36Sopenharmony_ci#include <linux/cacheflush.h> 1362306a36Sopenharmony_ci#include <linux/memblock.h> 1462306a36Sopenharmony_ci#include <linux/mm_types.h> 1562306a36Sopenharmony_ci#include <linux/slab.h> 1662306a36Sopenharmony_ci#include <linux/smp.h> 1762306a36Sopenharmony_ci#include <linux/stddef.h> 1862306a36Sopenharmony_ci 1962306a36Sopenharmony_ci#include "../internal.h" 2062306a36Sopenharmony_ci#include "kmsan.h" 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ci#define shadow_page_for(page) ((page)->kmsan_shadow) 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ci#define origin_page_for(page) ((page)->kmsan_origin) 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_cistatic void *shadow_ptr_for(struct page *page) 2762306a36Sopenharmony_ci{ 2862306a36Sopenharmony_ci return page_address(shadow_page_for(page)); 2962306a36Sopenharmony_ci} 3062306a36Sopenharmony_ci 3162306a36Sopenharmony_cistatic void *origin_ptr_for(struct page *page) 3262306a36Sopenharmony_ci{ 3362306a36Sopenharmony_ci return page_address(origin_page_for(page)); 3462306a36Sopenharmony_ci} 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_cistatic bool page_has_metadata(struct page *page) 3762306a36Sopenharmony_ci{ 3862306a36Sopenharmony_ci return shadow_page_for(page) && origin_page_for(page); 3962306a36Sopenharmony_ci} 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_cistatic void set_no_shadow_origin_page(struct page *page) 4262306a36Sopenharmony_ci{ 4362306a36Sopenharmony_ci shadow_page_for(page) = NULL; 4462306a36Sopenharmony_ci origin_page_for(page) = NULL; 4562306a36Sopenharmony_ci} 4662306a36Sopenharmony_ci 4762306a36Sopenharmony_ci/* 4862306a36Sopenharmony_ci * Dummy load and store pages to be used when the real metadata is unavailable. 4962306a36Sopenharmony_ci * There are separate pages for loads and stores, so that every load returns a 5062306a36Sopenharmony_ci * zero, and every store doesn't affect other loads. 5162306a36Sopenharmony_ci */ 5262306a36Sopenharmony_cistatic char dummy_load_page[PAGE_SIZE] __aligned(PAGE_SIZE); 5362306a36Sopenharmony_cistatic char dummy_store_page[PAGE_SIZE] __aligned(PAGE_SIZE); 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_cistatic unsigned long vmalloc_meta(void *addr, bool is_origin) 5662306a36Sopenharmony_ci{ 5762306a36Sopenharmony_ci unsigned long addr64 = (unsigned long)addr, off; 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_ci KMSAN_WARN_ON(is_origin && !IS_ALIGNED(addr64, KMSAN_ORIGIN_SIZE)); 6062306a36Sopenharmony_ci if (kmsan_internal_is_vmalloc_addr(addr)) { 6162306a36Sopenharmony_ci off = addr64 - VMALLOC_START; 6262306a36Sopenharmony_ci return off + (is_origin ? KMSAN_VMALLOC_ORIGIN_START : 6362306a36Sopenharmony_ci KMSAN_VMALLOC_SHADOW_START); 6462306a36Sopenharmony_ci } 6562306a36Sopenharmony_ci if (kmsan_internal_is_module_addr(addr)) { 6662306a36Sopenharmony_ci off = addr64 - MODULES_VADDR; 6762306a36Sopenharmony_ci return off + (is_origin ? KMSAN_MODULES_ORIGIN_START : 6862306a36Sopenharmony_ci KMSAN_MODULES_SHADOW_START); 6962306a36Sopenharmony_ci } 7062306a36Sopenharmony_ci return 0; 7162306a36Sopenharmony_ci} 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_cistatic struct page *virt_to_page_or_null(void *vaddr) 7462306a36Sopenharmony_ci{ 7562306a36Sopenharmony_ci if (kmsan_virt_addr_valid(vaddr)) 7662306a36Sopenharmony_ci return virt_to_page(vaddr); 7762306a36Sopenharmony_ci else 7862306a36Sopenharmony_ci return NULL; 7962306a36Sopenharmony_ci} 8062306a36Sopenharmony_ci 8162306a36Sopenharmony_cistruct shadow_origin_ptr kmsan_get_shadow_origin_ptr(void *address, u64 size, 8262306a36Sopenharmony_ci bool store) 8362306a36Sopenharmony_ci{ 8462306a36Sopenharmony_ci struct shadow_origin_ptr ret; 8562306a36Sopenharmony_ci void *shadow; 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ci /* 8862306a36Sopenharmony_ci * Even if we redirect this memory access to the dummy page, it will 8962306a36Sopenharmony_ci * go out of bounds. 9062306a36Sopenharmony_ci */ 9162306a36Sopenharmony_ci KMSAN_WARN_ON(size > PAGE_SIZE); 9262306a36Sopenharmony_ci 9362306a36Sopenharmony_ci if (!kmsan_enabled) 9462306a36Sopenharmony_ci goto return_dummy; 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci KMSAN_WARN_ON(!kmsan_metadata_is_contiguous(address, size)); 9762306a36Sopenharmony_ci shadow = kmsan_get_metadata(address, KMSAN_META_SHADOW); 9862306a36Sopenharmony_ci if (!shadow) 9962306a36Sopenharmony_ci goto return_dummy; 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci ret.shadow = shadow; 10262306a36Sopenharmony_ci ret.origin = kmsan_get_metadata(address, KMSAN_META_ORIGIN); 10362306a36Sopenharmony_ci return ret; 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_cireturn_dummy: 10662306a36Sopenharmony_ci if (store) { 10762306a36Sopenharmony_ci /* Ignore this store. */ 10862306a36Sopenharmony_ci ret.shadow = dummy_store_page; 10962306a36Sopenharmony_ci ret.origin = dummy_store_page; 11062306a36Sopenharmony_ci } else { 11162306a36Sopenharmony_ci /* This load will return zero. */ 11262306a36Sopenharmony_ci ret.shadow = dummy_load_page; 11362306a36Sopenharmony_ci ret.origin = dummy_load_page; 11462306a36Sopenharmony_ci } 11562306a36Sopenharmony_ci return ret; 11662306a36Sopenharmony_ci} 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_ci/* 11962306a36Sopenharmony_ci * Obtain the shadow or origin pointer for the given address, or NULL if there's 12062306a36Sopenharmony_ci * none. The caller must check the return value for being non-NULL if needed. 12162306a36Sopenharmony_ci * The return value of this function should not depend on whether we're in the 12262306a36Sopenharmony_ci * runtime or not. 12362306a36Sopenharmony_ci */ 12462306a36Sopenharmony_civoid *kmsan_get_metadata(void *address, bool is_origin) 12562306a36Sopenharmony_ci{ 12662306a36Sopenharmony_ci u64 addr = (u64)address, pad, off; 12762306a36Sopenharmony_ci struct page *page; 12862306a36Sopenharmony_ci void *ret; 12962306a36Sopenharmony_ci 13062306a36Sopenharmony_ci if (is_origin && !IS_ALIGNED(addr, KMSAN_ORIGIN_SIZE)) { 13162306a36Sopenharmony_ci pad = addr % KMSAN_ORIGIN_SIZE; 13262306a36Sopenharmony_ci addr -= pad; 13362306a36Sopenharmony_ci } 13462306a36Sopenharmony_ci address = (void *)addr; 13562306a36Sopenharmony_ci if (kmsan_internal_is_vmalloc_addr(address) || 13662306a36Sopenharmony_ci kmsan_internal_is_module_addr(address)) 13762306a36Sopenharmony_ci return (void *)vmalloc_meta(address, is_origin); 13862306a36Sopenharmony_ci 13962306a36Sopenharmony_ci ret = arch_kmsan_get_meta_or_null(address, is_origin); 14062306a36Sopenharmony_ci if (ret) 14162306a36Sopenharmony_ci return ret; 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ci page = virt_to_page_or_null(address); 14462306a36Sopenharmony_ci if (!page) 14562306a36Sopenharmony_ci return NULL; 14662306a36Sopenharmony_ci if (!page_has_metadata(page)) 14762306a36Sopenharmony_ci return NULL; 14862306a36Sopenharmony_ci off = offset_in_page(addr); 14962306a36Sopenharmony_ci 15062306a36Sopenharmony_ci return (is_origin ? origin_ptr_for(page) : shadow_ptr_for(page)) + off; 15162306a36Sopenharmony_ci} 15262306a36Sopenharmony_ci 15362306a36Sopenharmony_civoid kmsan_copy_page_meta(struct page *dst, struct page *src) 15462306a36Sopenharmony_ci{ 15562306a36Sopenharmony_ci if (!kmsan_enabled || kmsan_in_runtime()) 15662306a36Sopenharmony_ci return; 15762306a36Sopenharmony_ci if (!dst || !page_has_metadata(dst)) 15862306a36Sopenharmony_ci return; 15962306a36Sopenharmony_ci if (!src || !page_has_metadata(src)) { 16062306a36Sopenharmony_ci kmsan_internal_unpoison_memory(page_address(dst), PAGE_SIZE, 16162306a36Sopenharmony_ci /*checked*/ false); 16262306a36Sopenharmony_ci return; 16362306a36Sopenharmony_ci } 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_ci kmsan_enter_runtime(); 16662306a36Sopenharmony_ci __memcpy(shadow_ptr_for(dst), shadow_ptr_for(src), PAGE_SIZE); 16762306a36Sopenharmony_ci __memcpy(origin_ptr_for(dst), origin_ptr_for(src), PAGE_SIZE); 16862306a36Sopenharmony_ci kmsan_leave_runtime(); 16962306a36Sopenharmony_ci} 17062306a36Sopenharmony_ciEXPORT_SYMBOL(kmsan_copy_page_meta); 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_civoid kmsan_alloc_page(struct page *page, unsigned int order, gfp_t flags) 17362306a36Sopenharmony_ci{ 17462306a36Sopenharmony_ci bool initialized = (flags & __GFP_ZERO) || !kmsan_enabled; 17562306a36Sopenharmony_ci struct page *shadow, *origin; 17662306a36Sopenharmony_ci depot_stack_handle_t handle; 17762306a36Sopenharmony_ci int pages = 1 << order; 17862306a36Sopenharmony_ci 17962306a36Sopenharmony_ci if (!page) 18062306a36Sopenharmony_ci return; 18162306a36Sopenharmony_ci 18262306a36Sopenharmony_ci shadow = shadow_page_for(page); 18362306a36Sopenharmony_ci origin = origin_page_for(page); 18462306a36Sopenharmony_ci 18562306a36Sopenharmony_ci if (initialized) { 18662306a36Sopenharmony_ci __memset(page_address(shadow), 0, PAGE_SIZE * pages); 18762306a36Sopenharmony_ci __memset(page_address(origin), 0, PAGE_SIZE * pages); 18862306a36Sopenharmony_ci return; 18962306a36Sopenharmony_ci } 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ci /* Zero pages allocated by the runtime should also be initialized. */ 19262306a36Sopenharmony_ci if (kmsan_in_runtime()) 19362306a36Sopenharmony_ci return; 19462306a36Sopenharmony_ci 19562306a36Sopenharmony_ci __memset(page_address(shadow), -1, PAGE_SIZE * pages); 19662306a36Sopenharmony_ci kmsan_enter_runtime(); 19762306a36Sopenharmony_ci handle = kmsan_save_stack_with_flags(flags, /*extra_bits*/ 0); 19862306a36Sopenharmony_ci kmsan_leave_runtime(); 19962306a36Sopenharmony_ci /* 20062306a36Sopenharmony_ci * Addresses are page-aligned, pages are contiguous, so it's ok 20162306a36Sopenharmony_ci * to just fill the origin pages with @handle. 20262306a36Sopenharmony_ci */ 20362306a36Sopenharmony_ci for (int i = 0; i < PAGE_SIZE * pages / sizeof(handle); i++) 20462306a36Sopenharmony_ci ((depot_stack_handle_t *)page_address(origin))[i] = handle; 20562306a36Sopenharmony_ci} 20662306a36Sopenharmony_ci 20762306a36Sopenharmony_civoid kmsan_free_page(struct page *page, unsigned int order) 20862306a36Sopenharmony_ci{ 20962306a36Sopenharmony_ci if (!kmsan_enabled || kmsan_in_runtime()) 21062306a36Sopenharmony_ci return; 21162306a36Sopenharmony_ci kmsan_enter_runtime(); 21262306a36Sopenharmony_ci kmsan_internal_poison_memory(page_address(page), 21362306a36Sopenharmony_ci page_size(page), 21462306a36Sopenharmony_ci GFP_KERNEL, 21562306a36Sopenharmony_ci KMSAN_POISON_CHECK | KMSAN_POISON_FREE); 21662306a36Sopenharmony_ci kmsan_leave_runtime(); 21762306a36Sopenharmony_ci} 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_ciint kmsan_vmap_pages_range_noflush(unsigned long start, unsigned long end, 22062306a36Sopenharmony_ci pgprot_t prot, struct page **pages, 22162306a36Sopenharmony_ci unsigned int page_shift) 22262306a36Sopenharmony_ci{ 22362306a36Sopenharmony_ci unsigned long shadow_start, origin_start, shadow_end, origin_end; 22462306a36Sopenharmony_ci struct page **s_pages, **o_pages; 22562306a36Sopenharmony_ci int nr, mapped, err = 0; 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_ci if (!kmsan_enabled) 22862306a36Sopenharmony_ci return 0; 22962306a36Sopenharmony_ci 23062306a36Sopenharmony_ci shadow_start = vmalloc_meta((void *)start, KMSAN_META_SHADOW); 23162306a36Sopenharmony_ci shadow_end = vmalloc_meta((void *)end, KMSAN_META_SHADOW); 23262306a36Sopenharmony_ci if (!shadow_start) 23362306a36Sopenharmony_ci return 0; 23462306a36Sopenharmony_ci 23562306a36Sopenharmony_ci nr = (end - start) / PAGE_SIZE; 23662306a36Sopenharmony_ci s_pages = kcalloc(nr, sizeof(*s_pages), GFP_KERNEL); 23762306a36Sopenharmony_ci o_pages = kcalloc(nr, sizeof(*o_pages), GFP_KERNEL); 23862306a36Sopenharmony_ci if (!s_pages || !o_pages) { 23962306a36Sopenharmony_ci err = -ENOMEM; 24062306a36Sopenharmony_ci goto ret; 24162306a36Sopenharmony_ci } 24262306a36Sopenharmony_ci for (int i = 0; i < nr; i++) { 24362306a36Sopenharmony_ci s_pages[i] = shadow_page_for(pages[i]); 24462306a36Sopenharmony_ci o_pages[i] = origin_page_for(pages[i]); 24562306a36Sopenharmony_ci } 24662306a36Sopenharmony_ci prot = __pgprot(pgprot_val(prot) | _PAGE_NX); 24762306a36Sopenharmony_ci prot = PAGE_KERNEL; 24862306a36Sopenharmony_ci 24962306a36Sopenharmony_ci origin_start = vmalloc_meta((void *)start, KMSAN_META_ORIGIN); 25062306a36Sopenharmony_ci origin_end = vmalloc_meta((void *)end, KMSAN_META_ORIGIN); 25162306a36Sopenharmony_ci kmsan_enter_runtime(); 25262306a36Sopenharmony_ci mapped = __vmap_pages_range_noflush(shadow_start, shadow_end, prot, 25362306a36Sopenharmony_ci s_pages, page_shift); 25462306a36Sopenharmony_ci if (mapped) { 25562306a36Sopenharmony_ci err = mapped; 25662306a36Sopenharmony_ci goto ret; 25762306a36Sopenharmony_ci } 25862306a36Sopenharmony_ci mapped = __vmap_pages_range_noflush(origin_start, origin_end, prot, 25962306a36Sopenharmony_ci o_pages, page_shift); 26062306a36Sopenharmony_ci if (mapped) { 26162306a36Sopenharmony_ci err = mapped; 26262306a36Sopenharmony_ci goto ret; 26362306a36Sopenharmony_ci } 26462306a36Sopenharmony_ci kmsan_leave_runtime(); 26562306a36Sopenharmony_ci flush_tlb_kernel_range(shadow_start, shadow_end); 26662306a36Sopenharmony_ci flush_tlb_kernel_range(origin_start, origin_end); 26762306a36Sopenharmony_ci flush_cache_vmap(shadow_start, shadow_end); 26862306a36Sopenharmony_ci flush_cache_vmap(origin_start, origin_end); 26962306a36Sopenharmony_ci 27062306a36Sopenharmony_ciret: 27162306a36Sopenharmony_ci kfree(s_pages); 27262306a36Sopenharmony_ci kfree(o_pages); 27362306a36Sopenharmony_ci return err; 27462306a36Sopenharmony_ci} 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci/* Allocate metadata for pages allocated at boot time. */ 27762306a36Sopenharmony_civoid __init kmsan_init_alloc_meta_for_range(void *start, void *end) 27862306a36Sopenharmony_ci{ 27962306a36Sopenharmony_ci struct page *shadow_p, *origin_p; 28062306a36Sopenharmony_ci void *shadow, *origin; 28162306a36Sopenharmony_ci struct page *page; 28262306a36Sopenharmony_ci u64 size; 28362306a36Sopenharmony_ci 28462306a36Sopenharmony_ci start = (void *)PAGE_ALIGN_DOWN((u64)start); 28562306a36Sopenharmony_ci size = PAGE_ALIGN((u64)end - (u64)start); 28662306a36Sopenharmony_ci shadow = memblock_alloc(size, PAGE_SIZE); 28762306a36Sopenharmony_ci origin = memblock_alloc(size, PAGE_SIZE); 28862306a36Sopenharmony_ci for (u64 addr = 0; addr < size; addr += PAGE_SIZE) { 28962306a36Sopenharmony_ci page = virt_to_page_or_null((char *)start + addr); 29062306a36Sopenharmony_ci shadow_p = virt_to_page_or_null((char *)shadow + addr); 29162306a36Sopenharmony_ci set_no_shadow_origin_page(shadow_p); 29262306a36Sopenharmony_ci shadow_page_for(page) = shadow_p; 29362306a36Sopenharmony_ci origin_p = virt_to_page_or_null((char *)origin + addr); 29462306a36Sopenharmony_ci set_no_shadow_origin_page(origin_p); 29562306a36Sopenharmony_ci origin_page_for(page) = origin_p; 29662306a36Sopenharmony_ci } 29762306a36Sopenharmony_ci} 29862306a36Sopenharmony_ci 29962306a36Sopenharmony_civoid kmsan_setup_meta(struct page *page, struct page *shadow, 30062306a36Sopenharmony_ci struct page *origin, int order) 30162306a36Sopenharmony_ci{ 30262306a36Sopenharmony_ci for (int i = 0; i < (1 << order); i++) { 30362306a36Sopenharmony_ci set_no_shadow_origin_page(&shadow[i]); 30462306a36Sopenharmony_ci set_no_shadow_origin_page(&origin[i]); 30562306a36Sopenharmony_ci shadow_page_for(&page[i]) = &shadow[i]; 30662306a36Sopenharmony_ci origin_page_for(&page[i]) = &origin[i]; 30762306a36Sopenharmony_ci } 30862306a36Sopenharmony_ci} 309