mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-12-24 15:13:57 +00:00
Kernel: Add memory scrubbing in slab_alloc() and slab_dealloc()
These now scrub allocated and freed memory like kmalloc()/kfree() was already doing.
This commit is contained in:
parent
934b1d8a9b
commit
37d336d741
Notes:
sideshowbarker
2024-07-19 09:44:06 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/37d336d7414
3 changed files with 16 additions and 0 deletions
|
@ -319,6 +319,8 @@ void page_fault_handler(RegisterDump regs)
|
|||
u32 free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
|
||||
u32 kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE);
|
||||
u32 kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE);
|
||||
u32 slab_alloc_scrub_pattern = explode_byte(SLAB_ALLOC_SCRUB_BYTE);
|
||||
u32 slab_dealloc_scrub_pattern = explode_byte(SLAB_DEALLOC_SCRUB_BYTE);
|
||||
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized malloc() memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
|
||||
|
@ -327,6 +329,10 @@ void page_fault_handler(RegisterDump regs)
|
|||
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized kmalloc() memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (kfree_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be recently kfree()'d memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (slab_alloc_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized slab_alloc() memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (slab_dealloc_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be recently slab_dealloc()'d memory\033[0m\n", fault_address);
|
||||
} else if (fault_address < 4096) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like a possible nullptr dereference\033[0m\n", fault_address);
|
||||
}
|
||||
|
|
|
@ -61,6 +61,9 @@ public:
|
|||
m_freelist = m_freelist->next;
|
||||
++m_num_allocated;
|
||||
--m_num_free;
|
||||
#ifdef SANITIZE_KMALLOC
|
||||
memset(ptr, SLAB_ALLOC_SCRUB_BYTE, slab_size());
|
||||
#endif
|
||||
return ptr;
|
||||
}
|
||||
|
||||
|
@ -73,6 +76,10 @@ public:
|
|||
return;
|
||||
}
|
||||
((FreeSlab*)ptr)->next = m_freelist;
|
||||
#ifdef SANITIZE_KMALLOC
|
||||
if (slab_size() > sizeof(FreeSlab*))
|
||||
memset(((FreeSlab*)ptr)->padding, SLAB_DEALLOC_SCRUB_BYTE, sizeof(FreeSlab::padding));
|
||||
#endif
|
||||
m_freelist = (FreeSlab*)ptr;
|
||||
++m_num_allocated;
|
||||
--m_num_free;
|
||||
|
|
|
@ -29,6 +29,9 @@
|
|||
#include <AK/Function.h>
|
||||
#include <AK/Types.h>
|
||||
|
||||
#define SLAB_ALLOC_SCRUB_BYTE 0xab
|
||||
#define SLAB_DEALLOC_SCRUB_BYTE 0xbc
|
||||
|
||||
class JsonObjectSerializer;
|
||||
|
||||
void* slab_alloc(size_t slab_size);
|
||||
|
|
Loading…
Reference in a new issue