You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nuttx.apache.org by xi...@apache.org on 2023/01/16 12:32:25 UTC

[nuttx] 01/04: mm/mm_heap: remove kasan in MM_ADD_BACKTRACE

This is an automated email from the ASF dual-hosted git repository.

xiaoxiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git

commit 7cd325f3be58966823dbe545eaf239ea1646db25
Author: dongjiuzhu1 <do...@xiaomi.com>
AuthorDate: Fri Oct 28 22:51:30 2022 +0800

    mm/mm_heap: remove kasan in MM_ADD_BACKTRACE
    
    do simple copy to instead of memset and memcpy operation because
    they have been instrumented, if you access the posion area,
    the system will crash.
    
    Signed-off-by: dongjiuzhu1 <do...@xiaomi.com>
---
 arch/sim/src/sim/sim_backtrace.c | 7 ++++++-
 mm/mm_heap/mm.h                  | 6 ++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/arch/sim/src/sim/sim_backtrace.c b/arch/sim/src/sim/sim_backtrace.c
index e084041db0..3ebeedac8a 100644
--- a/arch/sim/src/sim/sim_backtrace.c
+++ b/arch/sim/src/sim/sim_backtrace.c
@@ -33,10 +33,12 @@
  * Public Functions
  ****************************************************************************/
 
+nosanitize_address
 int up_backtrace(struct tcb_s *tcb, void **buffer, int size, int skip)
 {
   void *buf[skip + size];
   int ret = 0;
+  int i;
 
   if (tcb == running_task())
     {
@@ -49,7 +51,10 @@ int up_backtrace(struct tcb_s *tcb, void **buffer, int size, int skip)
     }
 
   ret -= skip;
-  memcpy(buffer, &buf[skip], ret * sizeof(void *));
+  for (i = 0; i < ret; i++)
+    {
+      buffer[i] = buf[skip + i];
+    }
 
   return ret;
 }
diff --git a/mm/mm_heap/mm.h b/mm/mm_heap/mm.h
index 4a980eccd8..23f5795bc3 100644
--- a/mm/mm_heap/mm.h
+++ b/mm/mm_heap/mm.h
@@ -82,23 +82,21 @@
      do \
        { \
          FAR struct mm_allocnode_s *tmp = (FAR struct mm_allocnode_s *)(ptr); \
-         kasan_unpoison(tmp, SIZEOF_MM_ALLOCNODE); \
          FAR struct tcb_s *tcb; \
          tmp->pid = gettid(); \
          tcb = nxsched_get_tcb(tmp->pid); \
          if ((heap)->mm_procfs.backtrace || (tcb && tcb->flags & TCB_FLAG_HEAP_DUMP)) \
            { \
              int n = backtrace(tmp->backtrace, CONFIG_MM_BACKTRACE); \
-             if (n < CONFIG_MM_BACKTRACE) \
+             while (n < CONFIG_MM_BACKTRACE) \
                { \
-                 tmp->backtrace[n] = 0; \
+                 tmp->backtrace[n++] = NULL; \
                } \
            } \
          else \
            { \
              tmp->backtrace[0] = 0; \
            } \
-         kasan_poison(tmp, SIZEOF_MM_ALLOCNODE); \
        } \
      while (0)
 #else