RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 11:18:11 +00:00
Code Issues Activity Actions

Kernel: VERIFY that addresses passed to kfree_sized() look valid

Browse source 
Let's do some simple pointer arithmetic to verify that the address being
freed is at least within one of the two valid kmalloc VM ranges.
This commit is contained in:
Andreas Kling 2021-12-28 19:25:14 +01:00
parent 9111376d70
commit 9dffcc9752
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
Kernel/Heap/kmalloc.cpp
View file

@ -186,6 +186,7 @@ struct KmallocGlobalData {
void deallocate(void* ptr, size_t size)
{
VERIFY(!expansion_in_progress);
VERIFY(is_valid_kmalloc_address(VirtualAddress { ptr }));
for (auto& slabheap : slabheaps) {
if (size <= slabheap.slab_size())
@ -298,6 +299,17 @@ struct KmallocGlobalData {
};
Optional<ExpansionData> expansion_data;
bool is_valid_kmalloc_address(VirtualAddress vaddr) const
{
if (vaddr.as_ptr() >= initial_kmalloc_memory && vaddr.as_ptr() < (initial_kmalloc_memory + INITIAL_KMALLOC_MEMORY_SIZE))
return true;
if (!expansion_data.has_value())
return false;
return expansion_data->virtual_range.contains(vaddr);
}
KmallocSubheap::List subheaps;
KmallocSlabheap slabheaps[6] = { 16, 32, 64, 128, 256, 512 };