Author: sjg Date: Sat Aug 29 21:05:43 2020 New Revision: 364965 URL: https://svnweb.freebsd.org/changeset/base/364965
Log: zalloc_malloc:Free hexdump preceeding buffer when we detect overflow Move hexdump from stand/common/misc.c to stand/libsa/hexdump.c (svn cp) Disable use of pager - causes linking issue for boot1 can be re-enabled by defining HEXDUMP_PAGER. Reviewed by: stevek, imp MFC after: 1 week Sponsored by: Juniper Networks Differential Revision: https://reviews.freebsd.org/D26235 Added: head/stand/libsa/hexdump.c (contents, props changed) - copied, changed from r364346, head/stand/common/misc.c Modified: head/stand/common/bootstrap.h head/stand/common/misc.c head/stand/libsa/Makefile head/stand/libsa/pkgfs.c head/stand/libsa/stand.h head/stand/libsa/zalloc_malloc.c Modified: head/stand/common/bootstrap.h ============================================================================== --- head/stand/common/bootstrap.h Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/common/bootstrap.h Sat Aug 29 21:05:43 2020 (r364965) @@ -68,7 +68,6 @@ int getrootmount(char *rootdev); /* misc.c */ char *unargv(int argc, char *argv[]); -void hexdump(caddr_t region, size_t len); size_t strlenout(vm_offset_t str); char *strdupout(vm_offset_t str); void kern_bzero(vm_offset_t dest, size_t len); Modified: head/stand/common/misc.c ============================================================================== --- head/stand/common/misc.c Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/common/misc.c Sat Aug 29 21:05:43 2020 (r364965) @@ -169,46 +169,6 @@ alloc_pread(readin_handle_t fd, off_t off, size_t len) return (buf); } -/* - * Display a region in traditional hexdump format. - */ -void -hexdump(caddr_t region, size_t len) -{ - caddr_t line; - int x, c; - char lbuf[80]; -#define emit(fmt, args...) {sprintf(lbuf, fmt , ## args); pager_output(lbuf);} - - pager_open(); - for (line = region; line < (region + len); line += 16) { - emit("%08lx ", (long) line); - - for (x = 0; x < 16; x++) { - if ((line + x) < (region + len)) { - emit("%02x ", *(uint8_t *)(line + x)); - } else { - emit("-- "); - } - if (x == 7) - emit(" "); - } - emit(" |"); - for (x = 0; x < 16; x++) { - if ((line + x) < (region + len)) { - c = *(uint8_t *)(line + x); - if ((c < ' ') || (c > '~')) /* !isprint(c) */ - c = '.'; - emit("%c", c); - } else { - emit(" "); - } - } - emit("|\n"); - } - pager_close(); -} - void dev_cleanup(void) { Modified: head/stand/libsa/Makefile ============================================================================== --- head/stand/libsa/Makefile Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/libsa/Makefile Sat Aug 29 21:05:43 2020 (r364965) @@ -13,8 +13,9 @@ LIBSA_CPUARCH?=${MACHINE_CPUARCH} LIB?= sa # standalone components and stuff we have modified locally -SRCS+= gzguts.h zutil.h __main.c abort.c assert.c bcd.c environment.c getopt.c gets.c \ - globals.c pager.c panic.c printf.c strdup.c strerror.c \ +SRCS+= gzguts.h zutil.h __main.c abort.c assert.c bcd.c environment.c \ + getopt.c gets.c globals.c \ + hexdump.c pager.c panic.c printf.c strdup.c strerror.c \ random.c sbrk.c twiddle.c zalloc.c zalloc_malloc.c # private (pruned) versions of libc string functions Copied and modified: head/stand/libsa/hexdump.c (from r364346, head/stand/common/misc.c) ============================================================================== --- head/stand/common/misc.c Tue Aug 18 14:17:14 2020 (r364346, copy source) +++ head/stand/libsa/hexdump.c Sat Aug 29 21:05:43 2020 (r364965) @@ -29,147 +29,8 @@ __FBSDID("$FreeBSD$"); #include <string.h> #include <stand.h> -#include <bootstrap.h> /* - * Concatenate the (argc) elements of (argv) into a single string, and return - * a copy of same. - */ -char * -unargv(int argc, char *argv[]) -{ - size_t hlong; - int i; - char *cp; - - for (i = 0, hlong = 0; i < argc; i++) - hlong += strlen(argv[i]) + 2; - - if(hlong == 0) - return(NULL); - - cp = malloc(hlong); - cp[0] = 0; - for (i = 0; i < argc; i++) { - strcat(cp, argv[i]); - if (i < (argc - 1)) - strcat(cp, " "); - } - - return(cp); -} - -/* - * Get the length of a string in kernel space - */ -size_t -strlenout(vm_offset_t src) -{ - char c; - size_t len; - - for (len = 0; ; len++) { - archsw.arch_copyout(src++, &c, 1); - if (c == 0) - break; - } - return(len); -} - -/* - * Make a duplicate copy of a string in kernel space - */ -char * -strdupout(vm_offset_t str) -{ - char *result, *cp; - - result = malloc(strlenout(str) + 1); - for (cp = result; ;cp++) { - archsw.arch_copyout(str++, cp, 1); - if (*cp == 0) - break; - } - return(result); -} - -/* Zero a region in kernel space. */ -void -kern_bzero(vm_offset_t dest, size_t len) -{ - char buf[256]; - size_t chunk, resid; - - bzero(buf, sizeof(buf)); - resid = len; - while (resid > 0) { - chunk = min(sizeof(buf), resid); - archsw.arch_copyin(buf, dest, chunk); - resid -= chunk; - dest += chunk; - } -} - -/* - * Read the specified part of a file to kernel space. Unlike regular - * pread, the file pointer is advanced to the end of the read data, - * and it just returns 0 if successful. - */ -int -kern_pread(readin_handle_t fd, vm_offset_t dest, size_t len, off_t off) -{ - - if (VECTX_LSEEK(fd, off, SEEK_SET) == -1) { -#ifdef DEBUG - printf("\nlseek failed\n"); -#endif - return (-1); - } - if ((size_t)archsw.arch_readin(fd, dest, len) != len) { -#ifdef DEBUG - printf("\nreadin failed\n"); -#endif - return (-1); - } - return (0); -} - -/* - * Read the specified part of a file to a malloced buffer. The file - * pointer is advanced to the end of the read data. - */ -/* coverity[ -tainted_data_return ] */ -void * -alloc_pread(readin_handle_t fd, off_t off, size_t len) -{ - void *buf; - - buf = malloc(len); - if (buf == NULL) { -#ifdef DEBUG - printf("\nmalloc(%d) failed\n", (int)len); -#endif - errno = ENOMEM; - return (NULL); - } - if (VECTX_LSEEK(fd, off, SEEK_SET) == -1) { -#ifdef DEBUG - printf("\nlseek failed\n"); -#endif - free(buf); - return (NULL); - } - if ((size_t)VECTX_READ(fd, buf, len) != len) { -#ifdef DEBUG - printf("\nread failed\n"); -#endif - free(buf); - return (NULL); - } - return (buf); -} - -/* * Display a region in traditional hexdump format. */ void @@ -177,10 +38,16 @@ hexdump(caddr_t region, size_t len) { caddr_t line; int x, c; - char lbuf[80]; +#ifdef HEXDUMP_PAGER + /* pager causes linking issues for some apps */ #define emit(fmt, args...) {sprintf(lbuf, fmt , ## args); pager_output(lbuf);} + char lbuf[80]; pager_open(); +#else +#define emit(fmt, args...) printf(fmt, ## args) +#endif + for (line = region; line < (region + len); line += 16) { emit("%08lx ", (long) line); @@ -206,16 +73,7 @@ hexdump(caddr_t region, size_t len) } emit("|\n"); } +#ifdef HEXDUMP_PAGER pager_close(); -} - -void -dev_cleanup(void) -{ - int i; - - /* Call cleanup routines */ - for (i = 0; devsw[i] != NULL; ++i) - if (devsw[i]->dv_cleanup != NULL) - (devsw[i]->dv_cleanup)(); +#endif } Modified: head/stand/libsa/pkgfs.c ============================================================================== --- head/stand/libsa/pkgfs.c Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/libsa/pkgfs.c Sat Aug 29 21:05:43 2020 (r364965) @@ -60,7 +60,7 @@ struct fs_ops pkgfs_fsops = { }; #define PKG_BUFSIZE 512 -#define PKG_MAXCACHESZ (16384 * 3) +#define PKG_MAXCACHESZ (512 * 1024) #define PKG_FILEEXT ".tgz" Modified: head/stand/libsa/stand.h ============================================================================== --- head/stand/libsa/stand.h Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/libsa/stand.h Sat Aug 29 21:05:43 2020 (r364965) @@ -470,4 +470,7 @@ extern void *reallocf(void *, size_t); */ caddr_t ptov(uintptr_t); +/* hexdump.c */ +void hexdump(caddr_t region, size_t len); + #endif /* STAND_H */ Modified: head/stand/libsa/zalloc_malloc.c ============================================================================== --- head/stand/libsa/zalloc_malloc.c Sat Aug 29 19:26:31 2020 (r364964) +++ head/stand/libsa/zalloc_malloc.c Sat Aug 29 21:05:43 2020 (r364965) @@ -52,6 +52,10 @@ void mallocstats(void); static void *Malloc_align(size_t, size_t); +#ifndef MIN +# define MIN(a,b) ((a) <= (b)) ? (a) : (b) +#endif + void * Malloc(size_t bytes, const char *file __unused, int line __unused) { @@ -119,9 +123,14 @@ Free(void *ptr, const char *file, int line) ptr, file, line); return; } - if (res->ga_Magic != GAMAGIC) + if (res->ga_Magic != GAMAGIC) { + size_t dump_bytes; + + dump_bytes = MIN((ptr - MallocPool.mp_Base), 512); + hexdump(ptr - dump_bytes, dump_bytes); panic("free: guard1 fail @ %p from %s:%d", ptr, file, line); + } res->ga_Magic = GAFREE; #endif #ifdef USEENDGUARD _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
