Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 5 May 2021 21:13:03 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 9a7c2de36460 - main - realloc: Fix KASAN(9) shadow map updates
Message-ID:  <202105052113.145LD3eX055195@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=9a7c2de36460cdb916734a6969aac666707a639b

commit 9a7c2de36460cdb916734a6969aac666707a639b
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2021-05-05 21:05:46 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2021-05-05 21:12:51 +0000

    realloc: Fix KASAN(9) shadow map updates
    
    When copying from the old buffer to the new buffer, we don't know the
    requested size of the old allocation, but only the size of the
    allocation provided by UMA.  This value is "alloc".  Because the copy
    may access bytes in the old allocation's red zone, we must mark the full
    allocation valid in the shadow map.  Do so using the correct size.
    
    Reported by:    kp
    Tested by:      kp
    Sponsored by:   The FreeBSD Foundation
---
 sys/kern/kern_malloc.c | 2 +-
 sys/vm/uma_core.c      | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index e2a05c004637..75cbc2a0fd04 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -1024,7 +1024,7 @@ realloc(void *addr, size_t size, struct malloc_type *mtp, int flags)
 	 * Copy over original contents.  For KASAN, the redzone must be marked
 	 * valid before performing the copy.
 	 */
-	kasan_mark(addr, size, size, 0);
+	kasan_mark(addr, alloc, alloc, 0);
 	bcopy(addr, newaddr, min(size, alloc));
 	free(addr, mtp);
 	return (newaddr);
diff --git a/sys/vm/uma_core.c b/sys/vm/uma_core.c
index a85b88b24110..d2e01f3a0605 100644
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@@ -540,6 +540,9 @@ bucket_zone_drain(int domain)
 }
 
 #ifdef KASAN
+_Static_assert(UMA_SMALLEST_UNIT % KASAN_SHADOW_SCALE == 0,
+    "Base UMA allocation size not a multiple of the KASAN scale factor");
+
 static void
 kasan_mark_item_valid(uma_zone_t zone, void *item)
 {

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105052113.145LD3eX055195>