summaryrefslogtreecommitdiff
path: root/Kernel/Heap/kmalloc.cpp
diff options
context:
space:
mode:
authorAndreas Kling <kling@serenityos.org>2021-12-28 19:25:14 +0100
committerAndreas Kling <kling@serenityos.org>2021-12-28 21:02:38 +0100
commit9dffcc9752d7e6a4337f3ef500683ace9f0047da (patch)
tree1d72acbf3bf4accfbdd0435c816a712d64272f3d /Kernel/Heap/kmalloc.cpp
parent9111376d70a89440a8a37a6e45d1191459487b6c (diff)
downloadserenity-9dffcc9752d7e6a4337f3ef500683ace9f0047da.zip
Kernel: VERIFY that addresses passed to kfree_sized() look valid
Let's do some simple pointer arithmetic to verify that the address being freed is at least within one of the two valid kmalloc VM ranges.
Diffstat (limited to 'Kernel/Heap/kmalloc.cpp')
-rw-r--r--Kernel/Heap/kmalloc.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/Kernel/Heap/kmalloc.cpp b/Kernel/Heap/kmalloc.cpp
index a26923b4c1..71aacb04f1 100644
--- a/Kernel/Heap/kmalloc.cpp
+++ b/Kernel/Heap/kmalloc.cpp
@@ -186,6 +186,7 @@ struct KmallocGlobalData {
void deallocate(void* ptr, size_t size)
{
VERIFY(!expansion_in_progress);
+ VERIFY(is_valid_kmalloc_address(VirtualAddress { ptr }));
for (auto& slabheap : slabheaps) {
if (size <= slabheap.slab_size())
@@ -298,6 +299,17 @@ struct KmallocGlobalData {
};
Optional<ExpansionData> expansion_data;
+ bool is_valid_kmalloc_address(VirtualAddress vaddr) const
+ {
+ if (vaddr.as_ptr() >= initial_kmalloc_memory && vaddr.as_ptr() < (initial_kmalloc_memory + INITIAL_KMALLOC_MEMORY_SIZE))
+ return true;
+
+ if (!expansion_data.has_value())
+ return false;
+
+ return expansion_data->virtual_range.contains(vaddr);
+ }
+
KmallocSubheap::List subheaps;
KmallocSlabheap slabheaps[6] = { 16, 32, 64, 128, 256, 512 };