sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

kasan: fix kasan race-condition

Browse Source 
Change-Id: I1c729b8a85422a1f4326785e5d52cb0fc60d4822
Signed-off-by: ligd <liguiding1@xiaomi.com>
This commit is contained in:
ligd 2022-11-02 23:19:02 +08:00 committed by Xiang Xiao
parent 69575975f4
commit 8be4bca3eb
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mm/kasan/kasan.c
View File

@ -22,7 +22,7 @@
* Included Files * Included Files
****************************************************************************/ ****************************************************************************/
#include <nuttx/mutex.h> #include <nuttx/spinlock.h>
#include <assert.h> #include <assert.h>
#include <debug.h> #include <debug.h>
@ -68,7 +68,7 @@ struct kasan_region_s
* Private Data * Private Data
****************************************************************************/ ****************************************************************************/
static mutex_t g_lock = NXMUTEX_INITIALIZER; static spinlock_t g_lock;
static FAR struct kasan_region_s *g_region; static FAR struct kasan_region_s *g_region;
static uint32_t g_region_init; static uint32_t g_region_init;
@ -133,6 +133,9 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
unsigned int bit; unsigned int bit;
unsigned int nbit; unsigned int nbit;
uintptr_t mask; uintptr_t mask;
int flags;
flags = spin_lock_irqsave(&g_lock);
p = kasan_mem_to_shadow(addr, size, &bit); p = kasan_mem_to_shadow(addr, size, &bit);
DEBUGASSERT(p != NULL); DEBUGASSERT(p != NULL);
@ -171,6 +174,8 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
*p &= ~mask; *p &= ~mask;
} }
} }
spin_unlock_irqrestore(&g_lock, flags);
} }
/**************************************************************************** /****************************************************************************
@ -192,6 +197,7 @@ void kasan_unpoison(FAR const void *addr, size_t size)
void kasan_register(FAR void *addr, FAR size_t *size) void kasan_register(FAR void *addr, FAR size_t *size)
{ {
FAR struct kasan_region_s *region; FAR struct kasan_region_s *region;
int flags;
region = (FAR struct kasan_region_s *) region = (FAR struct kasan_region_s *)
((FAR char *)addr + *size - KASAN_REGION_SIZE(*size)); ((FAR char *)addr + *size - KASAN_REGION_SIZE(*size));
@ -199,11 +205,11 @@ void kasan_register(FAR void *addr, FAR size_t *size)
region->begin = (uintptr_t)addr; region->begin = (uintptr_t)addr;
region->end = region->begin + *size; region->end = region->begin + *size;
nxmutex_lock(&g_lock); flags = spin_lock_irqsave(&g_lock);
region->next = g_region; region->next = g_region;
g_region = region; g_region = region;
g_region_init = KASAN_INIT_VALUE; g_region_init = KASAN_INIT_VALUE;
nxmutex_unlock(&g_lock); spin_unlock_irqrestore(&g_lock, flags);
kasan_poison(addr, *size); kasan_poison(addr, *size);
*size -= KASAN_REGION_SIZE(*size); *size -= KASAN_REGION_SIZE(*size);