Page MenuHomeFreeBSD
Files F153470124

D29461.id86502.diff
No OneTemporary
Actions

D29461.id86502.diff
View Options

Index: sys/kern/kern_malloc.c
===================================================================
--- sys/kern/kern_malloc.c
+++ sys/kern/kern_malloc.c
@@ -53,6 +53,7 @@
#include <sys/param.h>
#include <sys/systm.h>
+#include <sys/asan.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/lock.h>
@@ -110,7 +111,7 @@
#define MALLOC_DEBUG 1
#endif
-#ifdef DEBUG_REDZONE
+#if defined(KASAN) || defined(DEBUG_REDZONE)
#define DEBUG_REDZONE_ARG_DEF , unsigned long osize
#define DEBUG_REDZONE_ARG , osize
#else
@@ -603,11 +604,12 @@
if (__predict_false(va == NULL)) {
KASSERT((flags & M_WAITOK) == 0,
("malloc(M_WAITOK) returned NULL"));
- }
+ } else {
#ifdef DEBUG_REDZONE
- if (va != NULL)
va = redzone_setup(va, osize);
#endif
+ kasan_mark((void *)va, osize, sz, KASAN_MALLOC_REDZONE);
+ }
return (va);
}
@@ -633,7 +635,7 @@
int indx;
caddr_t va;
uma_zone_t zone;
-#ifdef DEBUG_REDZONE
+#if defined(DEBUG_REDZONE) || defined(KASAN)
unsigned long osize = size;
#endif
@@ -664,6 +666,10 @@
#ifdef DEBUG_REDZONE
if (va != NULL)
va = redzone_setup(va, osize);
+#endif
+#ifdef KASAN
+ if (va != NULL)
+ kasan_mark((void *)va, osize, size, KASAN_MALLOC_REDZONE);
#endif
return ((void *) va);
}
@@ -699,7 +705,7 @@
caddr_t va;
int domain;
int indx;
-#ifdef DEBUG_REDZONE
+#if defined(KASAN) || defined(DEBUG_REDZONE)
unsigned long osize = size;
#endif
@@ -727,6 +733,10 @@
#ifdef DEBUG_REDZONE
if (va != NULL)
va = redzone_setup(va, osize);
+#endif
+#ifdef KASAN
+ if (va != NULL)
+ kasan_mark((void *)va, osize, size, KASAN_MALLOC_REDZONE);
#endif
return (va);
}
@@ -745,7 +755,7 @@
malloc_domainset_exec(size_t size, struct malloc_type *mtp, struct domainset *ds,
int flags)
{
-#ifdef DEBUG_REDZONE
+#if defined(DEBUG_REDZONE) || defined(KASAN)
unsigned long osize = size;
#endif
#ifdef MALLOC_DEBUG
@@ -815,7 +825,7 @@
return (malloc_domainset(size * nmemb, type, ds, flags));
}
-#ifdef INVARIANTS
+#if defined(INVARIANTS) && !defined(KASAN)
static void
free_save_type(void *addr, struct malloc_type *mtp, u_long size)
{
@@ -896,7 +906,7 @@
if (__predict_true(!malloc_large_slab(slab))) {
size = zone->uz_size;
-#ifdef INVARIANTS
+#if defined(INVARIANTS) && !defined(KASAN)
free_save_type(addr, mtp, size);
#endif
uma_zfree_arg(zone, addr, slab);
@@ -936,13 +946,15 @@
if (__predict_true(!malloc_large_slab(slab))) {
size = zone->uz_size;
-#ifdef INVARIANTS
+#if defined(INVARIANTS) && !defined(KASAN)
free_save_type(addr, mtp, size);
#endif
+ kasan_mark(addr, size, size, 0);
explicit_bzero(addr, size);
uma_zfree_arg(zone, addr, slab);
} else {
size = malloc_large_size(slab);
+ kasan_mark(addr, size, size, 0);
explicit_bzero(addr, size);
free_large(addr, size);
}
@@ -997,16 +1009,22 @@
alloc = malloc_large_size(slab);
/* Reuse the original block if appropriate */
- if (size <= alloc
- && (size > (alloc >> REALLOC_FRACTION) || alloc == MINALLOCSIZE))
+ if (size <= alloc &&
+ (size > (alloc >> REALLOC_FRACTION) || alloc == MINALLOCSIZE)) {
+ kasan_mark((void *)addr, size, alloc, KASAN_MALLOC_REDZONE);
return (addr);
+ }
#endif /* !DEBUG_REDZONE */
/* Allocate a new, bigger (or smaller) block */
if ((newaddr = malloc(size, mtp, flags)) == NULL)
return (NULL);
- /* Copy over original contents */
+ /*
+ * Copy over original contents. For KASAN, the redzone must be marked
+ * valid before performing the copy.
+ */
+ kasan_mark(addr, size, size, 0);
bcopy(addr, newaddr, min(size, alloc));
free(addr, mtp);
return (newaddr);
@@ -1207,7 +1225,7 @@
for (subzone = 0; subzone < numzones; subzone++) {
kmemzones[indx].kz_zone[subzone] =
uma_zcreate(name, size,
-#ifdef INVARIANTS
+#if defined(INVARIANTS) && !defined(KASAN)
mtrash_ctor, mtrash_dtor, mtrash_init, mtrash_fini,
#else
NULL, NULL, NULL, NULL,
Index: sys/vm/vm_kern.c
===================================================================
--- sys/vm/vm_kern.c
+++ sys/vm/vm_kern.c
@@ -171,6 +171,17 @@
vmem_free(kernel_arena, addr, size);
}
+static vm_size_t
+kmem_alloc_size(vm_size_t size)
+{
+ size = round_page(size);
+#ifdef KASAN
+ /* Provide a red zone. */
+ size += PAGE_SIZE;
+#endif
+ return (size);
+}
+
static vm_page_t
kmem_alloc_contig_pages(vm_object_t object, vm_pindex_t pindex, int domain,
int pflags, u_long npages, vm_paddr_t low, vm_paddr_t high,
@@ -226,7 +237,7 @@
vm_prot_t prot;
object = kernel_object;
- asize = round_page(size);
+ asize = kmem_alloc_size(size);
vmem = vm_dom[domain].vmd_kernel_arena;
if (vmem_alloc(vmem, asize, M_BESTFIT | flags, &addr))
return (0);
@@ -307,7 +318,7 @@
int pflags;
object = kernel_object;
- asize = round_page(size);
+ asize = kmem_alloc_size(size);
vmem = vm_dom[domain].vmd_kernel_arena;
if (vmem_alloc(vmem, asize, flags | M_BESTFIT, &addr))
return (0);
@@ -419,7 +430,7 @@
arena = vm_dom[domain].vmd_kernel_arena;
else
arena = vm_dom[domain].vmd_kernel_rwx_arena;
- asize = round_page(size);
+ asize = kmem_alloc_size(size);
if (vmem_alloc(arena, asize, flags | M_BESTFIT, &addr))
return (0);
@@ -619,7 +630,7 @@
{
struct vmem *arena;
- size = round_page(size);
+ size = kmem_alloc_size(size);
kasan_mark((void *)addr, size, size, 0);
arena = _kmem_unback(kernel_object, addr, size);
if (arena != NULL)

File Metadata

Mime Type
text/plain
Expires
Wed, Apr 22, 8:38 AM (14 h, 33 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31965587
Default Alt Text
D29461.id86502.diff (5 KB)

Event Timeline