1 | /* |
---|
2 | * RTEMS Malloc Block Boundary Integrity Checker |
---|
3 | * |
---|
4 | * WARNING!!! WARNING!!! WARNING!!! WARNING!!! |
---|
5 | * WARNING!!! WARNING!!! WARNING!!! WARNING!!! |
---|
6 | * |
---|
7 | * This file is built but never called. It is a first |
---|
8 | * step in reintegrating this functionality. |
---|
9 | * This code was disabled for a LONG time in malloc.c. |
---|
10 | * This is a restructured and slightly modified version |
---|
11 | * that should be able to be configured as a plugin BUT |
---|
12 | * it has not been tested recently. When it has been |
---|
13 | * tested again, please remove this comment. |
---|
14 | * |
---|
15 | * JOEL: I have not analyzed this code in terms of |
---|
16 | * the heap changes post 4.6. It is possible |
---|
17 | * that that way the boundary area is carved |
---|
18 | * off breaks the alignment. |
---|
19 | * |
---|
20 | * WARNING!!! WARNING!!! WARNING!!! WARNING!!! |
---|
21 | * WARNING!!! WARNING!!! WARNING!!! WARNING!!! |
---|
22 | * |
---|
23 | * COPYRIGHT (c) 1989-2007. |
---|
24 | * On-Line Applications Research Corporation (OAR). |
---|
25 | * |
---|
26 | * The license and distribution terms for this file may be |
---|
27 | * found in the file LICENSE in this distribution or at |
---|
28 | * http://www.rtems.com/license/LICENSE. |
---|
29 | * |
---|
30 | * $Id$ |
---|
31 | */ |
---|
32 | |
---|
33 | #if HAVE_CONFIG_H |
---|
34 | #include "config.h" |
---|
35 | #endif |
---|
36 | |
---|
37 | #include "malloc_p.h" |
---|
38 | |
---|
39 | #include <stdio.h> |
---|
40 | |
---|
41 | /* only supported on newlib targets */ |
---|
42 | #ifdef RTEMS_NEWLIB |
---|
43 | /* not completely implemented so not included in coverage analysis */ |
---|
44 | #ifndef RTEMS_COVERAGE |
---|
45 | |
---|
46 | #define SENTINELSIZE 12 |
---|
47 | #define SENTINEL "\xD1\xAC\xB2\xF1" "BITE ME" |
---|
48 | #define CALLCHAINSIZE 5 |
---|
49 | |
---|
50 | struct mallocNode { |
---|
51 | struct mallocNode *back; |
---|
52 | struct mallocNode *forw; |
---|
53 | int callChain[CALLCHAINSIZE]; |
---|
54 | size_t size; |
---|
55 | void *memory; |
---|
56 | }; |
---|
57 | |
---|
58 | struct mallocNode mallocNodeHead; |
---|
59 | |
---|
60 | void rtems_malloc_boundary_initialize(void) |
---|
61 | { |
---|
62 | mallocNodeHead.back = &mallocNodeHead; |
---|
63 | mallocNodeHead.forw = &mallocNodeHead; |
---|
64 | } |
---|
65 | |
---|
66 | uint32_t rtems_malloc_boundary_overhead(void) |
---|
67 | { |
---|
68 | return sizeof(struct mallocNode) + SENTINELSIZE; |
---|
69 | } |
---|
70 | |
---|
71 | void rtems_malloc_boundary_at_malloc( |
---|
72 | void *pointer, |
---|
73 | size_t size |
---|
74 | ) |
---|
75 | { |
---|
76 | void *return_this; |
---|
77 | struct mallocNode *mp = (struct mallocNode *)pointer; |
---|
78 | int *fp, *nfp, i; |
---|
79 | |
---|
80 | _RTEMS_Lock_allocator(); |
---|
81 | mp->memory = mp + 1; |
---|
82 | return_this = mp->memory; |
---|
83 | mp->size = size - (sizeof(struct mallocNode) + SENTINELSIZE); |
---|
84 | fp = (int *)&size - 2; |
---|
85 | for (i = 0 ; i < CALLCHAINSIZE ; i++) { |
---|
86 | mp->callChain[i] = fp[1]; |
---|
87 | nfp = (int *)(fp[0]); |
---|
88 | if((nfp <= fp) || (nfp > (int *)(1 << 24))) |
---|
89 | break; |
---|
90 | fp = nfp; |
---|
91 | } |
---|
92 | while (i < CALLCHAINSIZE) |
---|
93 | mp->callChain[i++] = 0; |
---|
94 | memcpy((char *)mp->memory + mp->size, SENTINEL, SENTINELSIZE); |
---|
95 | mp->forw = mallocNodeHead.forw; |
---|
96 | mp->back = &mallocNodeHead; |
---|
97 | mallocNodeHead.forw->back = mp; |
---|
98 | mallocNodeHead.forw = mp; |
---|
99 | _RTEMS_Unlock_allocator(); |
---|
100 | } |
---|
101 | |
---|
102 | void reportMallocError(const char *msg, struct mallocNode *mp); |
---|
103 | |
---|
104 | void rtems_malloc_boundary_at_free( |
---|
105 | void *pointer |
---|
106 | ) |
---|
107 | { |
---|
108 | struct mallocNode *mp = (struct mallocNode *)pointer - 1; |
---|
109 | struct mallocNode *mp1; |
---|
110 | |
---|
111 | _RTEMS_Lock_allocator(); |
---|
112 | if ((mp->memory != (mp + 1)) || |
---|
113 | (memcmp((char *)mp->memory + mp->size, SENTINEL, SENTINELSIZE) != 0)) |
---|
114 | reportMallocError("Freeing with inconsistent pointer/sentinel", mp); |
---|
115 | mp1 = mallocNodeHead.forw; |
---|
116 | while (mp1 != &mallocNodeHead) { |
---|
117 | if (mp1 == mp) |
---|
118 | break; |
---|
119 | mp1 = mp1->forw; |
---|
120 | } |
---|
121 | if (mp1 != mp) |
---|
122 | reportMallocError("Freeing, but not on allocated list", mp); |
---|
123 | mp->forw->back = mp->back; |
---|
124 | mp->back->forw = mp->forw; |
---|
125 | mp->back = mp->forw = NULL; |
---|
126 | pointer = mp; |
---|
127 | _RTEMS_Unlock_allocator(); |
---|
128 | } |
---|
129 | |
---|
130 | void rtems_malloc_boundary_at_realloc( |
---|
131 | void *pointer, |
---|
132 | size_t size |
---|
133 | ) |
---|
134 | { |
---|
135 | /* this needs to be implemented */ |
---|
136 | } |
---|
137 | |
---|
138 | /* |
---|
139 | * Malloc boundary support plugin |
---|
140 | */ |
---|
141 | rtems_malloc_boundary_functions_t rtems_malloc_boundary_functions_table = { |
---|
142 | rtems_malloc_boundary_initialize, |
---|
143 | rtems_malloc_boundary_overhead, |
---|
144 | rtems_malloc_boundary_at_malloc, |
---|
145 | rtems_malloc_boundary_at_free, |
---|
146 | rtems_malloc_boundary_at_realloc, |
---|
147 | }; |
---|
148 | |
---|
149 | rtems_malloc_boundary_functions_t *rtems_malloc_boundary_helpers = NULL; |
---|
150 | /* &rtems_malloc_boundary_functions_table; */ |
---|
151 | |
---|
152 | void reportMallocError(const char *msg, struct mallocNode *mp) |
---|
153 | { |
---|
154 | unsigned char *sp = (unsigned char *)mp->memory + mp->size; |
---|
155 | int i, ind = 0; |
---|
156 | static char cbuf[500]; |
---|
157 | ind += sprintf(cbuf+ind, "Malloc Error: %s\n", msg); |
---|
158 | if ((mp->forw->back != mp) || (mp->back->forw != mp)) |
---|
159 | ind += sprintf(cbuf+ind, |
---|
160 | "mp:%p mp->forw:%p mp->forw->back:%p " |
---|
161 | "mp->back:%p mp->back->forw:%p\n", |
---|
162 | mp, mp->forw, mp->forw->back, mp->back, mp->back->forw); |
---|
163 | if (mp->memory != (mp + 1)) |
---|
164 | ind += sprintf(cbuf+ind, "mp+1:%p ", mp + 1); |
---|
165 | ind += sprintf(cbuf+ind, "mp->memory:%p mp->size:%zi\n", mp->memory, mp->size); |
---|
166 | if (memcmp((char *)mp->memory + mp->size, SENTINEL, SENTINELSIZE) != 0) { |
---|
167 | ind += sprintf(cbuf+ind, "mp->sentinel: "); |
---|
168 | for (i = 0 ; i < SENTINELSIZE ; i++) |
---|
169 | ind += sprintf(cbuf+ind, " 0x%x", sp[i]); |
---|
170 | ind += sprintf(cbuf+ind, "\n"); |
---|
171 | } |
---|
172 | ind += sprintf(cbuf+ind, "Call chain:"); |
---|
173 | for (i = 0 ; i < CALLCHAINSIZE ; i++) { |
---|
174 | if (mp->callChain[i] == 0) |
---|
175 | break; |
---|
176 | ind += sprintf(cbuf+ind, " 0x%x", mp->callChain[i]); |
---|
177 | } |
---|
178 | printk("\n\n%s\n\n", cbuf); |
---|
179 | } |
---|
180 | |
---|
181 | void checkMallocArena(void) |
---|
182 | { |
---|
183 | struct mallocNode *mp; |
---|
184 | |
---|
185 | _RTEMS_Lock_allocator(); |
---|
186 | for ( mp = mallocNodeHead.forw; mp != &mallocNodeHead ; mp = mp->forw ) { |
---|
187 | if ((mp->forw->back != mp) || (mp->back->forw != mp)) |
---|
188 | reportMallocError("Pointers mangled", mp); |
---|
189 | if ((mp->memory != (mp + 1)) || |
---|
190 | (memcmp((char *)mp->memory + mp->size, SENTINEL, SENTINELSIZE) != 0)) |
---|
191 | reportMallocError("Inconsistent pointer/sentinel", mp); |
---|
192 | } |
---|
193 | _RTEMS_Unlock_allocator(); |
---|
194 | } |
---|
195 | |
---|
196 | #endif |
---|
197 | #endif |
---|