1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 22:27:35 +00:00

Kernel: Add crash logging heuristic for uninitialized kmalloc()/kfree()

Since we scrub both kmalloc() and kfree() with predictable values, we
can log a helpful message when hitting a crash that looks like it might
be a dereference of such scrubbed data.
This commit is contained in:
Andreas Kling 2020-02-01 10:26:05 +01:00
parent f2846e8e08
commit 8d51352b96
3 changed files with 11 additions and 2 deletions

View file

@ -317,10 +317,16 @@ void page_fault_handler(RegisterDump regs)
u32 malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
u32 free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
u32 kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE);
u32 kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE);
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized malloc() memory\033[0m\n", fault_address);
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
kprintf("\033[33;1mNote: Address %p looks like it may be recently free()'d memory\033[0m\n", fault_address);
} else if ((fault_address & 0xffff0000) == (kmalloc_scrub_pattern & 0xffff0000)) {
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized kmalloc() memory\033[0m\n", fault_address);
} else if ((fault_address & 0xffff0000) == (kfree_scrub_pattern & 0xffff0000)) {
kprintf("\033[33;1mNote: Address %p looks like it may be recently kfree()'d memory\033[0m\n", fault_address);
} else if (fault_address < 4096) {
kprintf("\033[33;1mNote: Address %p looks like a possible nullptr dereference\033[0m\n", fault_address);
}

View file

@ -166,7 +166,7 @@ void* kmalloc_impl(size_t size)
sum_alloc += a->nchunk * CHUNK_SIZE;
sum_free -= a->nchunk * CHUNK_SIZE;
#ifdef SANITIZE_KMALLOC
memset(ptr, 0xbb, (a->nchunk * CHUNK_SIZE) - sizeof(allocation_t));
memset(ptr, KMALLOC_SCRUB_BYTE, (a->nchunk * CHUNK_SIZE) - sizeof(allocation_t));
#endif
return ptr;
}
@ -199,7 +199,7 @@ void kfree(void* ptr)
sum_free += a->nchunk * CHUNK_SIZE;
#ifdef SANITIZE_KMALLOC
memset(a, 0xaa, a->nchunk * CHUNK_SIZE);
memset(a, KFREE_SCRUB_BYTE, a->nchunk * CHUNK_SIZE);
#endif
}

View file

@ -30,6 +30,9 @@
//#define KMALLOC_DEBUG_LARGE_ALLOCATIONS
#define KMALLOC_SCRUB_BYTE 0xbb
#define KFREE_SCRUB_BYTE 0xaa
void kmalloc_init();
[[gnu::malloc, gnu::returns_nonnull, gnu::alloc_size(1)]] void* kmalloc_impl(size_t);
[[gnu::malloc, gnu::returns_nonnull, gnu::alloc_size(1)]] void* kmalloc_eternal(size_t);