hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-22 03:04:34 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

kern_malloc: Restore working KASAN runtime after free() and zfree() folding

Browse Source 
In the zfree() case, the explicit_bzero() calls zero all the allocation,
including the redzone which malloc() has marked as invalid.  So calling
kasan_mark() before those is in fact necessary.

This fixes a crash at boot when 'ldconfig' is run and tries to get
random bytes through getrandom() (relevant part of the stack is
read_random_uio() -> zfree() -> explicit_bzero()) for kernels with KASAN
compiled in.

Approved by:    markj (mentor)
Fixes:		4fab5f0054 ("kern_malloc: fold free and zfree together into one __always_inline func")
MFC after:      10 days
MFC with:       4fab5f0054
Sponsored by:   The FreeBSD Foundation
This commit is contained in:
Olivier Certner 2024-08-01 21:22:56 +02:00
parent a48f7a2eb9
commit 28391f188c
No known key found for this signature in database
GPG Key ID: 8CA13040971E2627
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/kern/kern_malloc.c
View File

@ -940,14 +940,18 @@ _free(void *addr, struct malloc_type *mtp, bool dozero)
#if defined(INVARIANTS) && !defined(KASAN)
free_save_type(addr, mtp, size);
#endif
if (dozero)
if (dozero) {
kasan_mark(addr, size, size, 0);
explicit_bzero(addr, size);
}
uma_zfree_arg(zone, addr, slab);
break;
case SLAB_COOKIE_MALLOC_LARGE:
size = malloc_large_size(slab);
if (dozero)
if (dozero) {
kasan_mark(addr, size, size, 0);
explicit_bzero(addr, size);
}
free_large(addr, size);
break;
case SLAB_COOKIE_CONTIG_MALLOC: