From owner-svn-src-all@freebsd.org Sun Feb 16 00:12:54 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E568224DE8E; Sun, 16 Feb 2020 00:12:54 +0000 (UTC) (envelope-from mmacy@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Knd25q0Hz3yM5; Sun, 16 Feb 2020 00:12:54 +0000 (UTC) (envelope-from mmacy@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C2AAA1D23C; Sun, 16 Feb 2020 00:12:54 +0000 (UTC) (envelope-from mmacy@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 01G0Csom066655; Sun, 16 Feb 2020 00:12:54 GMT (envelope-from mmacy@FreeBSD.org) Received: (from mmacy@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 01G0CseV066653; Sun, 16 Feb 2020 00:12:54 GMT (envelope-from mmacy@FreeBSD.org) Message-Id: <202002160012.01G0CseV066653@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mmacy set sender to mmacy@FreeBSD.org using -f From: Matt Macy Date: Sun, 16 Feb 2020 00:12:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r357987 - in head: share/man/man9 sys/kern sys/sys X-SVN-Group: head X-SVN-Commit-Author: mmacy X-SVN-Commit-Paths: in head: share/man/man9 sys/kern sys/sys X-SVN-Commit-Revision: 357987 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Feb 2020 00:12:55 -0000 Author: mmacy Date: Sun Feb 16 00:12:53 2020 New Revision: 357987 URL: https://svnweb.freebsd.org/changeset/base/357987 Log: Add zfree to zero allocation before free Key and cookie management typically wants to avoid information leaks by explicitly zeroing before free. This routine simplifies that by permitting consumers to do so without carrying the size around. Reviewed by: jeff@, jhb@ MFC after: 1 week Sponsored by: Rubicon Communications, LLC (Netgate) Differential Revision: https://reviews.freebsd.org/D22790 Modified: head/share/man/man9/malloc.9 head/sys/kern/kern_malloc.c head/sys/sys/malloc.h Modified: head/share/man/man9/malloc.9 ============================================================================== --- head/share/man/man9/malloc.9 Sun Feb 16 00:03:09 2020 (r357986) +++ head/share/man/man9/malloc.9 Sun Feb 16 00:12:53 2020 (r357987) @@ -49,6 +49,8 @@ .Fn mallocarray "size_t nmemb" "size_t size" "struct malloc_type *type" "int flags" .Ft void .Fn free "void *addr" "struct malloc_type *type" +.Ft void +.Fn zfree "void *addr" "struct malloc_type *type" .Ft void * .Fn realloc "void *addr" "size_t size" "struct malloc_type *type" "int flags" .Ft void * @@ -105,6 +107,19 @@ is then .Fn free does nothing. +.Pp +Like +.Fn free , +the +.Fn zfree +function releases memory at address +.Fa addr +that was previously allocated by +.Fn malloc +for re-use. +However, +.Fn zfree +will zero the memory before it is released. .Pp The .Fn realloc Modified: head/sys/kern/kern_malloc.c ============================================================================== --- head/sys/kern/kern_malloc.c Sun Feb 16 00:03:09 2020 (r357986) +++ head/sys/kern/kern_malloc.c Sun Feb 16 00:12:53 2020 (r357987) @@ -820,6 +820,48 @@ free(void *addr, struct malloc_type *mtp) malloc_type_freed(mtp, size); } +/* + * zfree: + * + * Zero then free a block of memory allocated by malloc. + * + * This routine may not block. + */ +void +zfree(void *addr, struct malloc_type *mtp) +{ + uma_zone_t zone; + uma_slab_t slab; + u_long size; + +#ifdef MALLOC_DEBUG + if (free_dbg(&addr, mtp) != 0) + return; +#endif + /* free(NULL, ...) does nothing */ + if (addr == NULL) + return; + + vtozoneslab((vm_offset_t)addr & (~UMA_SLAB_MASK), &zone, &slab); + if (slab == NULL) + panic("free: address %p(%p) has not been allocated.\n", + addr, (void *)((u_long)addr & (~UMA_SLAB_MASK))); + + if (__predict_true(!malloc_large_slab(slab))) { + size = zone->uz_size; +#ifdef INVARIANTS + free_save_type(addr, mtp, size); +#endif + explicit_bzero(addr, size); + uma_zfree_arg(zone, addr, slab); + } else { + size = malloc_large_size(slab); + explicit_bzero(addr, size); + free_large(addr, size); + } + malloc_type_freed(mtp, size); +} + void free_domain(void *addr, struct malloc_type *mtp) { Modified: head/sys/sys/malloc.h ============================================================================== --- head/sys/sys/malloc.h Sun Feb 16 00:03:09 2020 (r357986) +++ head/sys/sys/malloc.h Sun Feb 16 00:12:53 2020 (r357987) @@ -179,6 +179,7 @@ void *contigmalloc_domainset(unsigned long size, struc unsigned long alignment, vm_paddr_t boundary) __malloc_like __result_use_check __alloc_size(1) __alloc_align(7); void free(void *addr, struct malloc_type *type); +void zfree(void *addr, struct malloc_type *type); void free_domain(void *addr, struct malloc_type *type); void *malloc(size_t size, struct malloc_type *type, int flags) __malloc_like __result_use_check __alloc_size(1);