git: 43a32f790bc5 - stable/14 - malloc: Fix DEBUG_REDZONE for contigmalloc()

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Mark Johnston <markj_at_FreeBSD.org>
Date: Sun, 06 Apr 2025 22:51:11 UTC
The branch stable/14 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=43a32f790bc5c79b1557a14f9540c8cc02ef5028

commit 43a32f790bc5c79b1557a14f9540c8cc02ef5028
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2025-03-23 13:42:40 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2025-04-06 13:54:05 +0000

    malloc: Fix DEBUG_REDZONE for contigmalloc()
    
    When free() was adapted to support allocations originating from
    contigmalloc(), redzone(9) support was not included.  redzone(9)
    involves adjusting the pointer to freed memory before looking up the
    slab cookie, so it's not straightforward to make contigmalloc() opt out
    of redzone support.
    
    Thus, augment contigmalloc() to support redzone.
    
    Reported by:    glebius
    Tested by:      dhw
    MFC after:      2 weeks
    Fixes:          9e6544dd6e02 ("malloc(9): extend contigmalloc(9) by a "slab cookie"")
    
    (cherry picked from commit 74361d693aec892b01c1553bda7176f8d341b2ff)
---
 sys/kern/kern_malloc.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index 3fef90b5fa82..f31fc2a76a07 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -479,11 +479,18 @@ contigmalloc_size(uma_slab_t slab)
 }
 
 void *
-contigmalloc(unsigned long size, struct malloc_type *type, int flags,
+contigmalloc(unsigned long osize, struct malloc_type *type, int flags,
     vm_paddr_t low, vm_paddr_t high, unsigned long alignment,
     vm_paddr_t boundary)
 {
 	void *ret;
+	unsigned long size;
+
+#ifdef DEBUG_REDZONE
+	size = redzone_size_ntor(osize);
+#else
+	size = osize;
+#endif
 
 	ret = (void *)kmem_alloc_contig(size, flags, low, high, alignment,
 	    boundary, VM_MEMATTR_DEFAULT);
@@ -491,16 +498,26 @@ contigmalloc(unsigned long size, struct malloc_type *type, int flags,
 		/* Use low bits unused for slab pointers. */
 		vsetzoneslab((uintptr_t)ret, NULL, CONTIG_MALLOC_SLAB(size));
 		malloc_type_allocated(type, round_page(size));
+#ifdef DEBUG_REDZONE
+		ret = redzone_setup(ret, osize);
+#endif
 	}
 	return (ret);
 }
 
 void *
-contigmalloc_domainset(unsigned long size, struct malloc_type *type,
+contigmalloc_domainset(unsigned long osize, struct malloc_type *type,
     struct domainset *ds, int flags, vm_paddr_t low, vm_paddr_t high,
     unsigned long alignment, vm_paddr_t boundary)
 {
 	void *ret;
+	unsigned long size;
+
+#ifdef DEBUG_REDZONE
+	size = redzone_size_ntor(osize);
+#else
+	size = osize;
+#endif
 
 	ret = (void *)kmem_alloc_contig_domainset(ds, size, flags, low, high,
 	    alignment, boundary, VM_MEMATTR_DEFAULT);
@@ -508,6 +525,9 @@ contigmalloc_domainset(unsigned long size, struct malloc_type *type,
 		/* Use low bits unused for slab pointers. */
 		vsetzoneslab((uintptr_t)ret, NULL, CONTIG_MALLOC_SLAB(size));
 		malloc_type_allocated(type, round_page(size));
+#ifdef DEBUG_REDZONE
+		ret = redzone_setup(ret, osize);
+#endif
 	}
 	return (ret);
 }