From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH master 2/2] tlsf: hardening: skip KASAN checks when zeroing memory
Date: Tue, 22 Apr 2025 07:37:40 +0200 [thread overview]
Message-ID: <20250422053740.3436389-2-a.fatoum@pengutronix.de> (raw)
In-Reply-To: <20250422053740.3436389-1-a.fatoum@pengutronix.de>
We are already unpoisoning the memory before allocation, so we know for
certain that memset will not trip over anything. Switch over to using
__memset in that case to reduce performance impact.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
arch/arm/include/asm/string.h | 8 ++++++++
common/tlsf.c | 8 ++++++--
2 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/arch/arm/include/asm/string.h b/arch/arm/include/asm/string.h
index f79392e53d01..4b77914865e7 100644
--- a/arch/arm/include/asm/string.h
+++ b/arch/arm/include/asm/string.h
@@ -3,6 +3,8 @@
#ifndef __ASM_ARM_STRING_H
#define __ASM_ARM_STRING_H
+#include <linux/compiler.h>
+
#ifdef CONFIG_ARM_OPTIMZED_STRING_FUNCTIONS
#define __HAVE_ARCH_MEMCPY
@@ -17,4 +19,10 @@ extern void *__memcpy(void *, const void *, __kernel_size_t);
extern void *__memset(void *, int, __kernel_size_t);
extern void *__memmove(void *, const void *, __kernel_size_t);
+static inline void __memzero_explicit(void *s, __kernel_size_t count)
+{
+ __memset(s, 0, count);
+ barrier_data(s);
+}
+
#endif
diff --git a/common/tlsf.c b/common/tlsf.c
index 01293630dd7c..8666b94ea387 100644
--- a/common/tlsf.c
+++ b/common/tlsf.c
@@ -12,6 +12,10 @@
#ifndef CONFIG_KASAN
#define __memcpy memcpy
+/* This is only an optimization: On sandbox, with ASan, we don't have
+ * an asan-less memset implementation, so we must unpoison memory anyhow.
+ */
+#define __memzero_explicit memzero_explicit
#endif
/*
@@ -610,7 +614,7 @@ static void* block_prepare_used(control_t* control, block_header_t* block,
if (want_init_on_alloc()) {
kasan_unpoison_shadow(p, size);
- memzero_explicit(p, size);
+ __memzero_explicit(p, size);
/*
* KASAN doesn't play nicely with poisoning addresses
* that are not granule-aligned, which is why we poison
@@ -1028,7 +1032,7 @@ void tlsf_free(tlsf_t tlsf, void* ptr)
tlsf_assert(!block_is_free(block) && "block already marked as free");
if (want_init_on_free()) {
kasan_unpoison_shadow(ptr, block_size(block));
- memzero_explicit(ptr, block_size(block));
+ __memzero_explicit(ptr, block_size(block));
}
kasan_poison_shadow(ptr, block_size(block), 0xff);
block_mark_as_free(block);
--
2.39.5
next prev parent reply other threads:[~2025-04-22 5:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-22 5:37 [PATCH master 1/2] tlsf: hardening: unpoison trailing padding before zeroing it Ahmad Fatoum
2025-04-22 5:37 ` Ahmad Fatoum [this message]
2025-04-22 7:47 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250422053740.3436389-2-a.fatoum@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox