Implement kernel undefined behavior sanitizer support

2024-06-12 16:19:24 +02:00 · 2024-06-12 16:19:24 +02:00 · 91e8a86ee2
commit 91e8a86ee2
parent c7e96184e6
7 changed files with 1255 additions and 0 deletions
--- a/sdk/xtdk/ketypes.h
+++ b/sdk/xtdk/ketypes.h
@ -198,6 +198,14 @@ typedef enum _WAIT_TYPE
    WaitAny
 } WAIT_TYPE, *PWAIT_TYPE;

+/* Kernel UBSAN data types enumeration list */
+typedef enum _KUBSAN_DATA_TYPE
+{
+    DataTypeInt,
+    DataTypeFloat,
+    DataTypeUnknown = 0xFFFF
+} KUBSAN_DATA_TYPE, *PKUBSAN_DATA_TYPE;
+
 /* Kernel routine callbacks */
 typedef EXCEPTION_DISPOSITION (XTCDECL *PEXCEPTION_ROUTINE)(IN PEXCEPTION_RECORD ExceptionRecord, IN PVOID EstablisherFrame, IN OUT PCONTEXT ContextRecord, IN OUT PVOID DispatcherContext);
 typedef VOID (XTAPI *PKDEFERRED_ROUTINE)(IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2);
@ -551,4 +559,90 @@ typedef struct _SYSTEM_RESOURCE_FRAMEBUFFER
    } Pixels;
 } SYSTEM_RESOURCE_FRAMEBUFFER, *PSYSTEM_RESOURCE_FRAMEBUFFER;

+/* Kernel UBSAN source location structure definition */
+typedef struct _KUBSAN_SOURCE_LOCATION
+{
+    PCCHAR FileName;
+    union
+    {
+        ULONG Reported;
+        struct
+        {
+            UINT Line;
+            UINT Column;
+        };
+    };
+} KUBSAN_SOURCE_LOCATION, *PKUBSAN_SOURCE_LOCATION;
+
+/* Kernel UBSAN type descriptor structure definition */
+typedef struct _KUBSAN_TYPE_DESCRIPTOR
+{
+    USHORT DataType;
+    USHORT TypeInfo;
+    CHAR TypeName[1];
+} KUBSAN_TYPE_DESCRIPTOR, *PKUBSAN_TYPE_DESCRIPTOR;
+
+/* Kernel UBSAN float cast overflow data structure definition */
+typedef struct _KUBSAN_FLOAT_CAST_OVERFLOW_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR LhsType;
+    PKUBSAN_TYPE_DESCRIPTOR RhsType;
+} KUBSAN_FLOAT_CAST_OVERFLOW_DATA, *PKUBSAN_FLOAT_CAST_OVERFLOW_DATA;
+
+/* Kernel UBSAN function type mismatch data structure definition */
+typedef struct _KUBSAN_FUNCTION_TYPE_MISMATCH_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR Type;
+} KUBSAN_FUNCTION_TYPE_MISMATCH_DATA, *PKUBSAN_FUNCTION_TYPE_MISMATCH_DATA;
+
+/* Kernel UBSAN invalid builtin data structure definition */
+typedef struct _KUBSAN_INVALID_BUILTIN_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    UCHAR Kind;
+} KUBSAN_INVALID_BUILTIN_DATA, *PKUBSAN_INVALID_BUILTIN_DATA;
+
+/* Kernel UBSAN shift out of bounds data structure definition */
+typedef struct _KUBSAN_SHIFT_OUT_OF_BOUNDS_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR LhsType;
+    PKUBSAN_TYPE_DESCRIPTOR RhsType;
+} KUBSAN_SHIFT_OUT_OF_BOUNDS_DATA, *PKUBSAN_SHIFT_OUT_OF_BOUNDS_DATA;
+
+/* Kernel UBSAN out of bounds data structure definition */
+typedef struct _KUBSAN_OUT_OF_BOUNDS_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR ArrayType;
+    PKUBSAN_TYPE_DESCRIPTOR IndexType;
+} KUBSAN_OUT_OF_BOUNDS_DATA, *PKUBSAN_OUT_OF_BOUNDS_DATA;
+
+/* Kernel UBSAN overflow data structure definition */
+typedef struct _KUBSAN_OVERFLOW_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR Type;
+} KUBSAN_OVERFLOW_DATA, *PKUBSAN_OVERFLOW_DATA;
+
+/* Kernel UBSAN type mismatch data structure definition */
+typedef struct _KUBSAN_TYPE_MISMATCH_DATA
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR Type;
+    ULONG Alignment;
+    UCHAR TypeCheckKind;
+} KUBSAN_TYPE_MISMATCH_DATA, *PKUBSAN_TYPE_MISMATCH_DATA;
+
+/* Kernel UBSAN type mismatch data structure definition */
+typedef struct _KUBSAN_TYPE_MISMATCH_DATA_V1
+{
+    KUBSAN_SOURCE_LOCATION Location;
+    PKUBSAN_TYPE_DESCRIPTOR Type;
+    UCHAR LogAlignment;
+    UCHAR TypeCheckKind;
+} KUBSAN_TYPE_MISMATCH_DATA_V1, *PKUBSAN_TYPE_MISMATCH_DATA_V1;
+
 #endif /* __XTDK_KEFUNCS_H */
--- a/sdk/xtdk/xtstruct.h
+++ b/sdk/xtdk/xtstruct.h
@ -47,6 +47,7 @@ typedef enum _KOBJECTS KOBJECTS, *PKOBJECTS;
 typedef enum _KPROCESS_STATE KPROCESS_STATE, *PKPROCESS_STATE;
 typedef enum _KTHREAD_STATE KTHREAD_STATE, *PKTHREAD_STATE;
 typedef enum _KTIMER_TYPE KTIMER_TYPE, *PKTIMER_TYPE;
+typedef enum _KUBSAN_DATA_TYPE KUBSAN_DATA_TYPE, *PKUBSAN_DATA_TYPE;
 typedef enum _LOADER_MEMORY_TYPE LOADER_MEMORY_TYPE, *PLOADER_MEMORY_TYPE;
 typedef enum _MODE MODE, *PMODE;
 typedef enum _SYSTEM_FIRMWARE_TYPE SYSTEM_FIRMWARE_TYPE, *PSYSTEM_FIRMWARE_TYPE;
@ -248,6 +249,16 @@ typedef struct _KSERVICE_DESCRIPTOR_TABLE KSERVICE_DESCRIPTOR_TABLE, *PKSERVICE_
 typedef struct _KSPIN_LOCK_QUEUE KSPIN_LOCK_QUEUE, *PKSPIN_LOCK_QUEUE;
 typedef struct _KTHREAD KTHREAD, *PKTHREAD;
 typedef struct _KTIMER KTIMER, *PKTIMER;
+typedef struct _KUBSAN_FLOAT_CAST_OVERFLOW_DATA KUBSAN_FLOAT_CAST_OVERFLOW_DATA, *PKUBSAN_FLOAT_CAST_OVERFLOW_DATA;
+typedef struct _KUBSAN_FUNCTION_TYPE_MISMATCH_DATA KUBSAN_FUNCTION_TYPE_MISMATCH_DATA, *PKUBSAN_FUNCTION_TYPE_MISMATCH_DATA;
+typedef struct _KUBSAN_INVALID_BUILTIN_DATA KUBSAN_INVALID_BUILTIN_DATA, *PKUBSAN_INVALID_BUILTIN_DATA;
+typedef struct _KUBSAN_OUT_OF_BOUNDS_DATA KUBSAN_OUT_OF_BOUNDS_DATA, *PKUBSAN_OUT_OF_BOUNDS_DATA;
+typedef struct _KUBSAN_OVERFLOW_DATA KUBSAN_OVERFLOW_DATA, *PKUBSAN_OVERFLOW_DATA;
+typedef struct _KUBSAN_SHIFT_OUT_OF_BOUNDS_DATA KUBSAN_SHIFT_OUT_OF_BOUNDS_DATA, *PKUBSAN_SHIFT_OUT_OF_BOUNDS_DATA;
+typedef struct _KUBSAN_SOURCE_LOCATION KUBSAN_SOURCE_LOCATION, *PKUBSAN_SOURCE_LOCATION;
+typedef struct _KUBSAN_TYPE_DESCRIPTOR KUBSAN_TYPE_DESCRIPTOR, *PKUBSAN_TYPE_DESCRIPTOR;
+typedef struct _KUBSAN_TYPE_MISMATCH_DATA KUBSAN_TYPE_MISMATCH_DATA, *PKUBSAN_TYPE_MISMATCH_DATA;
+typedef struct _KUBSAN_TYPE_MISMATCH_DATA_V1 KUBSAN_TYPE_MISMATCH_DATA_V1, *PKUBSAN_TYPE_MISMATCH_DATA_V1;
 typedef struct _KWAIT_BLOCK KWAIT_BLOCK, *PKWAIT_BLOCK;
 typedef struct _LDR_DATA_TABLE_ENTRY LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
 typedef struct _LIST_ENTRY LIST_ENTRY, *PLIST_ENTRY;
--- a/xtoskrnl/CMakeLists.txt
+++ b/xtoskrnl/CMakeLists.txt
@ -30,6 +30,7 @@ list(APPEND XTOSKRNL_SOURCE
    ${XTOSKRNL_SOURCE_DIR}/ke/kprocess.c
    ${XTOSKRNL_SOURCE_DIR}/ke/krnlinit.c
    ${XTOSKRNL_SOURCE_DIR}/ke/kthread.c
+    ${XTOSKRNL_SOURCE_DIR}/ke/kubsan.c
    ${XTOSKRNL_SOURCE_DIR}/ke/panic.c
    ${XTOSKRNL_SOURCE_DIR}/ke/runlevel.c
    ${XTOSKRNL_SOURCE_DIR}/ke/semphore.c
--- a/xtoskrnl/includes/globals.h
+++ b/xtoskrnl/includes/globals.h
@ -57,6 +57,9 @@ EXTERN LIST_ENTRY KepSystemResourcesListHead;
 /* Kernel system resources lock */
 EXTERN KSPIN_LOCK KepSystemResourcesLock;

+/* Kernel UBSAN active frame flag */
+EXTERN BOOLEAN KepUbsanActiveFrame;
+
 /* Biggest free memory descriptor */
 EXTERN PLOADER_MEMORY_DESCRIPTOR MmFreeDescriptor;

--- a/xtoskrnl/includes/kei.h
+++ b/xtoskrnl/includes/kei.h
@ -86,20 +86,115 @@ XTAPI
 VOID
 KeStartXtSystem(IN PKERNEL_INITIALIZATION_BLOCK Parameters);

+XTCDECL
+BOOLEAN
+KepCheckUbsanReport(PKUBSAN_SOURCE_LOCATION Location);
+
+XTCDECL
+VOID
+KepEnterUbsanFrame(PKUBSAN_SOURCE_LOCATION Location,
+                   PCCHAR Reason);
+
 XTFASTCALL
 VOID
 KepExitDispatcher(IN KRUNLEVEL OldRunLevel);

+XTCDECL
+LONGLONG
+KepGetSignedUbsanValue(PKUBSAN_TYPE_DESCRIPTOR Type,
+                       PVOID Value);
+
 XTAPI
 VOID
 KepGetSystemResource(IN SYSTEM_RESOURCE_TYPE ResourceType,
                     IN BOOLEAN Acquire,
                     OUT PSYSTEM_RESOURCE_HEADER *ResourceHeader);

+XTCDECL
+PCCHAR
+KepGetUbsanTypeKind(UCHAR TypeCheckKind);
+
+XTCDECL
+ULONGLONG
+KepGetUnsignedUbsanValue(PKUBSAN_TYPE_DESCRIPTOR Type,
+                         PVOID Value);
+
+XTCDECL
+VOID
+KepHandleUbsanDivisionOverflow(PKUBSAN_OVERFLOW_DATA Data,
+                               PVOID Lhs,
+                               PVOID Rhs);
+
+XTCDECL
+VOID
+KepHandleUbsanFloatCastOverflow(PKUBSAN_FLOAT_CAST_OVERFLOW_DATA Data,
+                                ULONG_PTR Lhs,
+                                ULONG_PTR Rhs);
+
+XTCDECL
+VOID
+KepHandleUbsanFunctionTypeMismatch(PKUBSAN_FUNCTION_TYPE_MISMATCH_DATA Data,
+                                   ULONG_PTR Pointer);
+
+XTCDECL
+VOID
+KepHandleUbsanIntegerOverflow(PKUBSAN_OVERFLOW_DATA Data,
+                                 ULONG_PTR Lhs,
+                                 ULONG_PTR Rhs);
+
+XTCDECL
+VOID
+KepHandleUbsanInvalidBuiltin(PKUBSAN_INVALID_BUILTIN_DATA Data);
+
+XTCDECL
+VOID
+KepHandleUbsanMisalignedAccess(PKUBSAN_TYPE_MISMATCH_DATA Data,
+                               ULONG_PTR Pointer);
+
+XTCDECL
+VOID
+KepHandleUbsanNegateOverflow(PKUBSAN_OVERFLOW_DATA Data,
+                             ULONG_PTR OldValue);
+
+XTCDECL
+VOID
+KepHandleUbsanNullPointerDereference(PKUBSAN_TYPE_MISMATCH_DATA Data);
+
+XTCDECL
+VOID
+KepHandleUbsanObjectSizeMismatch(PKUBSAN_TYPE_MISMATCH_DATA Data,
+                                 ULONG_PTR Pointer);
+
+XTCDECL
+VOID
+KepHandleUbsanOutOfBounds(PKUBSAN_OUT_OF_BOUNDS_DATA Data,
+                          ULONG_PTR Index);
+
+XTCDECL
+VOID
+KepHandleUbsanPointerOverflow(PKUBSAN_OVERFLOW_DATA Data,
+                              ULONG_PTR Lhs,
+                              ULONG_PTR Rhs);
+
+XTCDECL
+VOID
+KepHandleUbsanShiftOutOfBounds(PKUBSAN_SHIFT_OUT_OF_BOUNDS_DATA Data,
+                               ULONG_PTR Lhs,
+                               ULONG_PTR Rhs);
+
+XTCDECL
+VOID
+KepHandleUbsanTypeMismatch(PKUBSAN_TYPE_MISMATCH_DATA Data,
+                           ULONG_PTR Pointer);
+
 XTAPI
 VOID
 KepInitializeSystemResources(VOID);

+XTCDECL
+VOID
+KepLeaveUbsanFrame();
+
 XTAPI
 VOID
 KepRemoveTimer(IN OUT PKTIMER Timer);
--- a/xtoskrnl/ke/globals.c
+++ b/xtoskrnl/ke/globals.c
@ -32,3 +32,6 @@ LIST_ENTRY KepSystemResourcesListHead;

 /* Kernel system resources lock */
 KSPIN_LOCK KepSystemResourcesLock;
+
+/* Kernel UBSAN active frame flag */
+BOOLEAN KepUbsanActiveFrame = FALSE;
--- a/xtoskrnl/ke/kubsan.c
+++ b/xtoskrnl/ke/kubsan.c