kasan: fix kasan race-condition
Change-Id: I1c729b8a85422a1f4326785e5d52cb0fc60d4822 Signed-off-by: ligd <liguiding1@xiaomi.com>
This commit is contained in:
parent
69575975f4
commit
8be4bca3eb
1 changed files with 10 additions and 4 deletions
|
@ -22,7 +22,7 @@
|
|||
* Included Files
|
||||
****************************************************************************/
|
||||
|
||||
#include <nuttx/mutex.h>
|
||||
#include <nuttx/spinlock.h>
|
||||
|
||||
#include <assert.h>
|
||||
#include <debug.h>
|
||||
|
@ -68,7 +68,7 @@ struct kasan_region_s
|
|||
* Private Data
|
||||
****************************************************************************/
|
||||
|
||||
static mutex_t g_lock = NXMUTEX_INITIALIZER;
|
||||
static spinlock_t g_lock;
|
||||
static FAR struct kasan_region_s *g_region;
|
||||
static uint32_t g_region_init;
|
||||
|
||||
|
@ -133,6 +133,9 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
|
|||
unsigned int bit;
|
||||
unsigned int nbit;
|
||||
uintptr_t mask;
|
||||
int flags;
|
||||
|
||||
flags = spin_lock_irqsave(&g_lock);
|
||||
|
||||
p = kasan_mem_to_shadow(addr, size, &bit);
|
||||
DEBUGASSERT(p != NULL);
|
||||
|
@ -171,6 +174,8 @@ static void kasan_set_poison(FAR const void *addr, size_t size,
|
|||
*p &= ~mask;
|
||||
}
|
||||
}
|
||||
|
||||
spin_unlock_irqrestore(&g_lock, flags);
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
@ -192,6 +197,7 @@ void kasan_unpoison(FAR const void *addr, size_t size)
|
|||
void kasan_register(FAR void *addr, FAR size_t *size)
|
||||
{
|
||||
FAR struct kasan_region_s *region;
|
||||
int flags;
|
||||
|
||||
region = (FAR struct kasan_region_s *)
|
||||
((FAR char *)addr + *size - KASAN_REGION_SIZE(*size));
|
||||
|
@ -199,11 +205,11 @@ void kasan_register(FAR void *addr, FAR size_t *size)
|
|||
region->begin = (uintptr_t)addr;
|
||||
region->end = region->begin + *size;
|
||||
|
||||
nxmutex_lock(&g_lock);
|
||||
flags = spin_lock_irqsave(&g_lock);
|
||||
region->next = g_region;
|
||||
g_region = region;
|
||||
g_region_init = KASAN_INIT_VALUE;
|
||||
nxmutex_unlock(&g_lock);
|
||||
spin_unlock_irqrestore(&g_lock, flags);
|
||||
|
||||
kasan_poison(addr, *size);
|
||||
*size -= KASAN_REGION_SIZE(*size);
|
||||
|
|
Loading…
Reference in a new issue