kmsan: Use the correct origin bytes in kmsan_check_arg()
Upon discovering a violation kmsan_check_arg() passes a pointer to
function parameter shadow state to kmsan_report_hook().
kmsan_report_hook() uses that address to find the origin cells, assuming
that the passed address belongs to the kernel map. This has two
problems:
- Function parameter origin state is also located in TLS, not in the origin map, but kmsan_report_hook() doesn't know this.
- KMSAN TLS for thread0 is statically allocated and thus isn't shadowed (because the kernel itself is not shadowed).
These bugs could result in inaccuracies in KMSAN reports, or a page
fault when trying to report a KMSAN violation (which by default panics
the kernel anyway).
Fix the problem by making callers of kmsan_report_hook() provide a
pointer to origin cells.
Sponsored by: The FreeBSD Foundation