89786088 markj Aug. 11, 2021, 1:27 a.m.
- During boot, allocate PDP pages for the shadow maps.  The region above
  KERNBASE is currently not shadowed.
- Create a dummy shadow for the vm page array.  For now, this array is
  not protected by the shadow map to help reduce kernel memory usage.
- Grow shadows when growing the kernel map.
- Increase the default kernel stack size when KMSAN is enabled.  As with
  KASAN, sanitizer instrumentation appears to create stack frames large
  enough that the default value is not sufficient.
- Disable UMA's use of the direct map when KMSAN is configured.  KMSAN
  cannot validate the direct map.
- Disable unmapped I/O when KMSAN configured.
- Lower the limit on paging buffers when KMSAN is configured.  Each
  buffer has a static MAXPHYS-sized allocation of KVA, which in turn
  eats 2*MAXPHYS of space in the shadow map.

Reviewed by:	alc, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31295
cgit
5dda15ad markj Aug. 11, 2021, 1:27 a.m.
Sponsored by:	The FreeBSD Foundation
cgit
a422084a markj Aug. 11, 2021, 1:27 a.m.
KMSAN enables the use of LLVM's MemorySanitizer in the kernel.  This
enables precise detection of uses of uninitialized memory.  As with
KASAN, this feature has substantial runtime overhead and is intended to
be used as part of some automated testing regime.

The runtime maintains a pair of shadow maps.  One is used to track the
state of memory in the kernel map at bit-granularity: a bit in the
kernel map is initialized when the corresponding shadow bit is clear,
and is uninitialized otherwise.  The second shadow map stores
information about the origin of uninitialized regions of the kernel map,
simplifying debugging.

KMSAN relies on being able to intercept certain functions which cannot
be instrumented by the compiler.  KMSAN thus implements interceptors
which manually update shadow state and in some cases explicitly check
for uninitialized bytes.  For instance, all calls to copyout() are
subject to such checks.

The runtime exports several functions which can be used to verify the
shadow map for a given buffer.  Helpers provide the same functionality
for a few structures commonly used for I/O, such as CAM CCBs, BIOs and
mbufs.  These are handy when debugging a KMSAN report whose
proximate and root causes are far away from each other.

Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
cgit
f95f780e markj Aug. 11, 2021, 1:27 a.m.
KMSAN requires two shadow maps, each one-to-one with the kernel map.
Allocate regions of the kernels PML4 page for them.  Add functions to
create mappings in the shadow map regions, these will be used by the
KMSAN runtime.

Reviewed by:	alc, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31295
cgit
30d00832 markj Aug. 11, 2021, 1:22 a.m.
Sponsored by:	The FreeBSD Foundation
cgit
4fd450a8 markj Aug. 11, 2021, 1:22 a.m.
Also remove a redundant assertion in pmap_kasan_enter().

Reviewed by:	alc, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D31295
cgit
805c3af8 markj Aug. 11, 2021, 1:18 a.m.
Suggested by:	jhb
MFC after:	1 week
cgit
b776de67 mav Aug. 11, 2021, 12:44 a.m.
MFC after:	2 weeks
cgit
c2da9542 mav Aug. 11, 2021, 12:18 a.m.
This code does not use Giant lock for very long time.

MFC after:	2 weeks
cgit
303477d3 mav Aug. 11, 2021, 12:07 a.m.
This code does not use Giant lock for very long time.

MFC after:	2 weeks
cgit
94feb1f1 mav Aug. 11, 2021, 12:07 a.m.
I should have added those in 50f16247a1.

MFC after:	2 weeks
cgit
9339e7c0 imp Aug. 10, 2021, 11:10 p.m.
rtsx copied code from sdhci, and has the same wakeup race bug that was
fixed in 35547df5c786, so apply a similar fix here.

Sponsored by:		Netflix
cgit
bd9e461c scottl Aug. 10, 2021, 10:41 p.m.
Reset the mmc owner before calling the bridge release host callback.

Some people are hitting the "mmc: host bridge didn't serialize us." panic as
the bridge is released before the mmc owner is reset.

Submitted by: luiz
Sponsored by:   Rubicon Communications, LLC ("Netgate")
cgit
35547df5 scottl Aug. 10, 2021, 10:36 p.m.
Submitted by: luiz
Sponsored by: Rubicon Communications, LLC ("Netgate")
cgit
5dedd251 imp Aug. 10, 2021, 9:47 p.m.
When matching entries, we should ignore those with a name of '#'. It's
the standard way to skip elements and need to be present to have the
proper offsets to the fields that are observed. No bus has a pnp
attribute of '#' and that is now disallowed for future buses that are
written.

Sponsored by:		Netflix
Reviewed by:		kbowling
Differential Revision:	https://reviews.freebsd.org/D31482
cgit