Kernel: KUBSAN! (Kernel Undefined Behavior SANitizer) :^)

We now build the kernel with partial UBSAN support.
The following -fsanitize sub-options are enabled:

* nonnull-attribute
* bool

If the kernel detects UB at runtime, it will now print a debug message
with a stack trace. This is very cool! I'm leaving it on by default for
now, but we'll probably have to re-evaluate this as more options are
enabled and slowdown increases.

Kernel/CMakeLists.txt

@@ -197,6 +197,7 @@ set(KERNEL_SOURCES
  Time/RTC.cpp
  Time/TimeManagement.cpp
  TimerQueue.cpp
+ UBSanitizer.cpp
  UserOrKernelBuffer.cpp
  VM/AnonymousVMObject.cpp
  VM/ContiguousVMObject.cpp
@@ -269,6 +270,7 @@ set(SOURCES
  ${C_SOURCES}
 )
 
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=nonnull-attribute,bool")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unknown-warning-option -DKERNEL")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pie -fPIE -fno-rtti -ffreestanding -fbuiltin")
 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mno-80387 -mno-mmx -mno-sse -mno-sse2")

Kernel/UBSanitizer.cpp

@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2021, Andreas Kling <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <AK/Format.h>
+#include <Kernel/KSyms.h>
+#include <Kernel/UBSanitizer.h>
+
+using namespace Kernel;
+using namespace Kernel::UBSanitizer;
+
+extern "C" {
+
+static void print_location(const SourceLocation& location)
+{
+ dbgln("KUBSAN: at {}, line {}, column: {}", location.filename(), location.line(), location.column());
+}
+
+void __ubsan_handle_load_invalid_value(InvalidValueData&, void*);
+void __ubsan_handle_load_invalid_value(InvalidValueData& data, void*)
+{
+ dbgln("KUBSAN: load-invalid-value: {} ({}-bit)", data.type.name(), data.type.bit_width());
+ print_location(data.location);
+ dump_backtrace();
+}
+
+void __ubsan_handle_nonnull_arg(NonnullArgData&);
+void __ubsan_handle_nonnull_arg(NonnullArgData& data)
+{
+ dbgln("KUBSAN: null pointer passed as argument {}, which is declared to never be null", data.argument_index);
+ print_location(data.location);
+ dump_backtrace();
+}
+}

Kernel/UBSanitizer.h

@@ -0,0 +1,77 @@
+/*
+ * Copyright (c) 2021, Andreas Kling <[email protected]>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+ * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <AK/Types.h>
+
+namespace Kernel::UBSanitizer {
+
+class SourceLocation {
+public:
+ const char* filename() const { return m_filename; }
+ u32 line() const { return m_line; }
+ u32 column() const { return m_column; }
+
+private:
+ const char* m_filename;
+ u32 m_line;
+ u32 m_column;
+};
+
+enum TypeKind : u16 {
+ Integer = 0,
+ Float = 1,
+ Unknown = 0xffff,
+};
+
+class TypeDescriptor {
+public:
+ const char* name() const { return m_name; }
+ TypeKind kind() const { return (TypeKind)m_kind; }
+ bool is_integer() const { return kind() == TypeKind::Integer; }
+ bool is_signed() const { return m_info & 1; }
+ bool is_unsigned() const { return !is_signed(); }
+ size_t bit_width() const { return 1 << (m_info >> 1); }
+
+private:
+ u16 m_kind;
+ u16 m_info;
+ char m_name[1];
+};
+
+struct InvalidValueData {
+ SourceLocation location;
+ const TypeDescriptor& type;
+};
+
+struct NonnullArgData {
+ SourceLocation location;
+ SourceLocation attribute_location;
+ int argument_index;
+};
+
+}