diff options
| author | Andreas Kling <kling@serenityos.org> | 2020-02-01 10:36:25 +0100 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-02-01 10:56:17 +0100 |
| commit | 37d336d7414f0c29fdcdddebd45882c53eaf51d1 (patch) | |
| tree | ff3c4c0aba1b96e80e3128eb551bca7f44106917 /Kernel | |
| parent | 934b1d8a9ba9d86f9540cc15f881d67e705f27bd (diff) | |
| download | serenity-37d336d7414f0c29fdcdddebd45882c53eaf51d1.zip | |
Kernel: Add memory scrubbing in slab_alloc() and slab_dealloc()
These now scrub allocated and freed memory like kmalloc()/kfree() was
already doing.
Diffstat (limited to 'Kernel')
| -rw-r--r-- | Kernel/Arch/i386/CPU.cpp | 6 | ||||
| -rw-r--r-- | Kernel/Heap/SlabAllocator.cpp | 7 | ||||
| -rw-r--r-- | Kernel/Heap/SlabAllocator.h | 3 |
3 files changed, 16 insertions, 0 deletions
diff --git a/Kernel/Arch/i386/CPU.cpp b/Kernel/Arch/i386/CPU.cpp index 52082ecc3d..a105550394 100644 --- a/Kernel/Arch/i386/CPU.cpp +++ b/Kernel/Arch/i386/CPU.cpp @@ -319,6 +319,8 @@ void page_fault_handler(RegisterDump regs) u32 free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE); u32 kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE); u32 kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE); + u32 slab_alloc_scrub_pattern = explode_byte(SLAB_ALLOC_SCRUB_BYTE); + u32 slab_dealloc_scrub_pattern = explode_byte(SLAB_DEALLOC_SCRUB_BYTE); if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) { kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized malloc() memory\033[0m\n", fault_address); } else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) { @@ -327,6 +329,10 @@ void page_fault_handler(RegisterDump regs) kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized kmalloc() memory\033[0m\n", fault_address); } else if ((fault_address & 0xffff0000) == (kfree_scrub_pattern & 0xffff0000)) { kprintf("\033[33;1mNote: Address %p looks like it may be recently kfree()'d memory\033[0m\n", fault_address); + } else if ((fault_address & 0xffff0000) == (slab_alloc_scrub_pattern & 0xffff0000)) { + kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized slab_alloc() memory\033[0m\n", fault_address); + } else if ((fault_address & 0xffff0000) == (slab_dealloc_scrub_pattern & 0xffff0000)) { + kprintf("\033[33;1mNote: Address %p looks like it may be recently slab_dealloc()'d memory\033[0m\n", fault_address); } else if (fault_address < 4096) { kprintf("\033[33;1mNote: Address %p looks like a possible nullptr dereference\033[0m\n", fault_address); } diff --git a/Kernel/Heap/SlabAllocator.cpp b/Kernel/Heap/SlabAllocator.cpp index 3481acfd5b..fcf6ec1ba9 100644 --- a/Kernel/Heap/SlabAllocator.cpp +++ b/Kernel/Heap/SlabAllocator.cpp @@ -61,6 +61,9 @@ public: m_freelist = m_freelist->next; ++m_num_allocated; --m_num_free; +#ifdef SANITIZE_KMALLOC + memset(ptr, SLAB_ALLOC_SCRUB_BYTE, slab_size()); +#endif return ptr; } @@ -73,6 +76,10 @@ public: return; } ((FreeSlab*)ptr)->next = m_freelist; +#ifdef SANITIZE_KMALLOC + if (slab_size() > sizeof(FreeSlab*)) + memset(((FreeSlab*)ptr)->padding, SLAB_DEALLOC_SCRUB_BYTE, sizeof(FreeSlab::padding)); +#endif m_freelist = (FreeSlab*)ptr; ++m_num_allocated; --m_num_free; diff --git a/Kernel/Heap/SlabAllocator.h b/Kernel/Heap/SlabAllocator.h index d799be3373..8415bb8f07 100644 --- a/Kernel/Heap/SlabAllocator.h +++ b/Kernel/Heap/SlabAllocator.h @@ -29,6 +29,9 @@ #include <AK/Function.h> #include <AK/Types.h> +#define SLAB_ALLOC_SCRUB_BYTE 0xab +#define SLAB_DEALLOC_SCRUB_BYTE 0xbc + class JsonObjectSerializer; void* slab_alloc(size_t slab_size); |