mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 22:27:35 +00:00
Kernel: Add crash logging heuristic for uninitialized kmalloc()/kfree()
Since we scrub both kmalloc() and kfree() with predictable values, we can log a helpful message when hitting a crash that looks like it might be a dereference of such scrubbed data.
This commit is contained in:
parent
f2846e8e08
commit
8d51352b96
3 changed files with 11 additions and 2 deletions
|
@ -317,10 +317,16 @@ void page_fault_handler(RegisterDump regs)
|
|||
|
||||
u32 malloc_scrub_pattern = explode_byte(MALLOC_SCRUB_BYTE);
|
||||
u32 free_scrub_pattern = explode_byte(FREE_SCRUB_BYTE);
|
||||
u32 kmalloc_scrub_pattern = explode_byte(KMALLOC_SCRUB_BYTE);
|
||||
u32 kfree_scrub_pattern = explode_byte(KFREE_SCRUB_BYTE);
|
||||
if ((fault_address & 0xffff0000) == (malloc_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized malloc() memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (free_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be recently free()'d memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (kmalloc_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be uninitialized kmalloc() memory\033[0m\n", fault_address);
|
||||
} else if ((fault_address & 0xffff0000) == (kfree_scrub_pattern & 0xffff0000)) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like it may be recently kfree()'d memory\033[0m\n", fault_address);
|
||||
} else if (fault_address < 4096) {
|
||||
kprintf("\033[33;1mNote: Address %p looks like a possible nullptr dereference\033[0m\n", fault_address);
|
||||
}
|
||||
|
|
|
@ -166,7 +166,7 @@ void* kmalloc_impl(size_t size)
|
|||
sum_alloc += a->nchunk * CHUNK_SIZE;
|
||||
sum_free -= a->nchunk * CHUNK_SIZE;
|
||||
#ifdef SANITIZE_KMALLOC
|
||||
memset(ptr, 0xbb, (a->nchunk * CHUNK_SIZE) - sizeof(allocation_t));
|
||||
memset(ptr, KMALLOC_SCRUB_BYTE, (a->nchunk * CHUNK_SIZE) - sizeof(allocation_t));
|
||||
#endif
|
||||
return ptr;
|
||||
}
|
||||
|
@ -199,7 +199,7 @@ void kfree(void* ptr)
|
|||
sum_free += a->nchunk * CHUNK_SIZE;
|
||||
|
||||
#ifdef SANITIZE_KMALLOC
|
||||
memset(a, 0xaa, a->nchunk * CHUNK_SIZE);
|
||||
memset(a, KFREE_SCRUB_BYTE, a->nchunk * CHUNK_SIZE);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -30,6 +30,9 @@
|
|||
|
||||
//#define KMALLOC_DEBUG_LARGE_ALLOCATIONS
|
||||
|
||||
#define KMALLOC_SCRUB_BYTE 0xbb
|
||||
#define KFREE_SCRUB_BYTE 0xaa
|
||||
|
||||
void kmalloc_init();
|
||||
[[gnu::malloc, gnu::returns_nonnull, gnu::alloc_size(1)]] void* kmalloc_impl(size_t);
|
||||
[[gnu::malloc, gnu::returns_nonnull, gnu::alloc_size(1)]] void* kmalloc_eternal(size_t);
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue