RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-24 21:57:35 +00:00
Code Issues Activity Actions

Kernel: Expose sysctl 'ubsan_is_deadly' to panic the Kernel on UB

Browse source 
This makes it easier to find UB, for example when fuzzing the Kernel.

This can be enabled by default, thanks to @boricj's work in
32e1354b9b.
This commit is contained in:
Ben Wiederhake 2021-03-04 22:07:23 +01:00 committed by Andreas Kling
parent a0362d827c
commit 00131d244e
3 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Kernel/FileSystem/ProcFS.cpp
View file

@ -59,6 +59,7 @@
#include <Kernel/Scheduler.h> #include <Kernel/Scheduler.h>
#include <Kernel/StdLib.h> #include <Kernel/StdLib.h>
#include <Kernel/TTY/TTY.h> #include <Kernel/TTY/TTY.h>
#include <Kernel/UBSanitizer.h>
#include <Kernel/VM/AnonymousVMObject.h> #include <Kernel/VM/AnonymousVMObject.h>
#include <Kernel/VM/MemoryManager.h> #include <Kernel/VM/MemoryManager.h>
#include <LibC/errno_numbers.h> #include <LibC/errno_numbers.h>
@ -994,6 +995,7 @@ void ProcFS::add_sys_string(String&& name, Lockable<String>& var, Function<void(
bool ProcFS::initialize() bool ProcFS::initialize()
{ {
static Lockable<bool>* kmalloc_stack_helper; static Lockable<bool>* kmalloc_stack_helper;
static Lockable<bool>* ubsan_deadly_helper;
if (kmalloc_stack_helper == nullptr) { if (kmalloc_stack_helper == nullptr) {
kmalloc_stack_helper = new Lockable<bool>(); kmalloc_stack_helper = new Lockable<bool>();
@ -1001,6 +1003,11 @@ bool ProcFS::initialize()
ProcFS::add_sys_bool("kmalloc_stacks", *kmalloc_stack_helper, [] { ProcFS::add_sys_bool("kmalloc_stacks", *kmalloc_stack_helper, [] {
g_dump_kmalloc_stacks = kmalloc_stack_helper->resource(); g_dump_kmalloc_stacks = kmalloc_stack_helper->resource();
}); });
ubsan_deadly_helper = new Lockable<bool>();
ubsan_deadly_helper->resource() = UBSanitizer::g_ubsan_is_deadly;
ProcFS::add_sys_bool("ubsan_is_deadly", *ubsan_deadly_helper, [] {
UBSanitizer::g_ubsan_is_deadly = ubsan_deadly_helper->resource();
});
} }
return true; return true;
} }

6
Kernel/UBSanitizer.cpp
View file

@ -26,22 +26,26 @@
#include <AK/Format.h> #include <AK/Format.h>
#include <Kernel/KSyms.h> #include <Kernel/KSyms.h>
#include <Kernel/Panic.h>
#include <Kernel/UBSanitizer.h> #include <Kernel/UBSanitizer.h>
using namespace Kernel; using namespace Kernel;
using namespace Kernel::UBSanitizer; using namespace Kernel::UBSanitizer;
bool Kernel::UBSanitizer::g_ubsan_is_deadly { true };
extern "C" { extern "C" {
static void print_location(const SourceLocation& location) static void print_location(const SourceLocation& location)
{ {
if (!location.filename()) { if (!location.filename()) {
dbgln("KUBSAN: in unknown file"); dbgln("KUBSAN: in unknown file");
} else { } else {
dbgln("KUBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column()); dbgln("KUBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column());
} }
dump_backtrace(); dump_backtrace();
if (g_ubsan_is_deadly)
PANIC("UB is configured to be deadly.");
} }
void __ubsan_handle_load_invalid_value(const InvalidValueData&, ValueHandle); void __ubsan_handle_load_invalid_value(const InvalidValueData&, ValueHandle);

2
Kernel/UBSanitizer.h
View file

@ -30,6 +30,8 @@
namespace Kernel::UBSanitizer { namespace Kernel::UBSanitizer {
extern bool g_ubsan_is_deadly;
typedef void* ValueHandle; typedef void* ValueHandle;
class SourceLocation { class SourceLocation {