From d44be968938ecf95023351a358c43c4957638d87 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Fri, 5 Feb 2021 19:44:26 +0100
Subject: [PATCH] Kernel: KUBSAN! (Kernel Undefined Behavior SANitizer) :^)

We now build the kernel with partial UBSAN support.
The following -fsanitize sub-options are enabled:

* nonnull-attribute
* bool

If the kernel detects UB at runtime, it will now print a debug message
with a stack trace. This is very cool! I'm leaving it on by default for
now, but we'll probably have to re-evaluate this as more options are
enabled and slowdown increases.
---
 Kernel/CMakeLists.txt  |  2 ++
 Kernel/UBSanitizer.cpp | 56 ++++++++++++++++++++++++++++++
 Kernel/UBSanitizer.h   | 77 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 135 insertions(+)
 create mode 100644 Kernel/UBSanitizer.cpp
 create mode 100644 Kernel/UBSanitizer.h

diff --git a/Kernel/CMakeLists.txt b/Kernel/CMakeLists.txt
index ec0d2840cb..0351c09c28 100644
--- a/Kernel/CMakeLists.txt
+++ b/Kernel/CMakeLists.txt
@@ -197,6 +197,7 @@ set(KERNEL_SOURCES
     Time/RTC.cpp
     Time/TimeManagement.cpp
     TimerQueue.cpp
+    UBSanitizer.cpp
     UserOrKernelBuffer.cpp
     VM/AnonymousVMObject.cpp
     VM/ContiguousVMObject.cpp
@@ -269,6 +270,7 @@ set(SOURCES
     ${C_SOURCES}
 )
 
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=nonnull-attribute,bool")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unknown-warning-option -DKERNEL")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pie -fPIE -fno-rtti -ffreestanding -fbuiltin")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mno-80387 -mno-mmx -mno-sse -mno-sse2")
diff --git a/Kernel/UBSanitizer.cpp b/Kernel/UBSanitizer.cpp
new file mode 100644
index 0000000000..454a8e5c79
--- /dev/null
+++ b/Kernel/UBSanitizer.cpp
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2021, Andreas Kling <kling@serenityos.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <AK/Format.h>
+#include <Kernel/KSyms.h>
+#include <Kernel/UBSanitizer.h>
+
+using namespace Kernel;
+using namespace Kernel::UBSanitizer;
+
+extern "C" {
+
+static void print_location(const SourceLocation& location)
+{
+    dbgln("KUBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column());
+}
+
+void __ubsan_handle_load_invalid_value(InvalidValueData&, void*);
+void __ubsan_handle_load_invalid_value(InvalidValueData& data, void*)
+{
+    dbgln("KUBSAN: load-invalid-value: {} ({}-bit)", data.type.name(), data.type.bit_width());
+    print_location(data.location);
+    dump_backtrace();
+}
+
+void __ubsan_handle_nonnull_arg(NonnullArgData&);
+void __ubsan_handle_nonnull_arg(NonnullArgData& data)
+{
+    dbgln("KUBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index);
+    print_location(data.location);
+    dump_backtrace();
+}
+}
diff --git a/Kernel/UBSanitizer.h b/Kernel/UBSanitizer.h
new file mode 100644
index 0000000000..bf54f159b1
--- /dev/null
+++ b/Kernel/UBSanitizer.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2021, Andreas Kling <kling@serenityos.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ *    list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <AK/Types.h>
+
+namespace Kernel::UBSanitizer {
+
+class SourceLocation {
+public:
+    const char* filename() const { return m_filename; }
+    u32 line() const { return m_line; }
+    u32 column() const { return m_column; }
+
+private:
+    const char* m_filename;
+    u32 m_line;
+    u32 m_column;
+};
+
+enum TypeKind : u16 {
+    Integer = 0,
+    Float = 1,
+    Unknown = 0xffff,
+};
+
+class TypeDescriptor {
+public:
+    const char* name() const { return m_name; }
+    TypeKind kind() const { return (TypeKind)m_kind; }
+    bool is_integer() const { return kind() == TypeKind::Integer; }
+    bool is_signed() const { return m_info & 1; }
+    bool is_unsigned() const { return !is_signed(); }
+    size_t bit_width() const { return 1 << (m_info >> 1); }
+
+private:
+    u16 m_kind;
+    u16 m_info;
+    char m_name[1];
+};
+
+struct InvalidValueData {
+    SourceLocation location;
+    const TypeDescriptor& type;
+};
+
+struct NonnullArgData {
+    SourceLocation location;
+    SourceLocation attribute_location;
+    int argument_index;
+};
+
+}