 @@ -1,14 +1,14 @@
-/*	$NetBSD: subr_kmem.c,v 1.78 2020/01/25 15:08:40 ad Exp $	*/
+/*	$NetBSD: subr_kmem.c,v 1.79 2020/03/08 00:31:19 ad Exp $	*/
 /*
  * Copyright (c) 2009-2020 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Andrew Doran and Maxime Villard.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
 @@ -52,43 +52,43 @@
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
 /*
  * Allocator of kernel wired memory. This allocator has some debug features
  * enabled with "option DIAGNOSTIC" and "option DEBUG".
  */
 /*
  * KMEM_SIZE: detect alloc/free size mismatch bugs.
- *	Prefix each allocations with a fixed-sized, aligned header and record
+ *	Append to each allocation a fixed-sized footer and record the exact
- *	the exact user-requested allocation size in it. When freeing, compare
+ *	user-requested allocation size in it.  When freeing, compare it with
- *	it with kmem_free's "size" argument.
+ *	kmem_free's "size" argument.
+ *
  * This option is enabled on DIAGNOSTIC.
+ *
- *  |CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|
+ *  |CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK|CHUNK| |
- *  +-----+-----+-----+-----+-----+-----+-----+-----+-----+---+-+
+ *  +-----+-----+-----+-----+-----+-----+-----+-----+-----+-+
- *  |/////|     |     |     |     |     |     |     |     |   |U|
+ *  |     |     |     |     |     |     |     |     |/////|U|
- *  |/HSZ/|     |     |     |     |     |     |     |     |   |U|
+ *  |     |     |     |     |     |     |     |     |/HSZ/|U|
- *  |/////|     |     |     |     |     |     |     |     |   |U|
+ *  |     |     |     |     |     |     |     |     |/////|U|
- *  +-----+-----+-----+-----+-----+-----+-----+-----+-----+---+-+
+ *  +-----+-----+-----+-----+-----+-----+-----+-----+-----+-+
- *  |Size |    Buffer usable by the caller (requested size)   |Unused\
+ *  | Buffer usable by the caller (requested size)  |Size |Unused
  */
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.78 2020/01/25 15:08:40 ad Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.79 2020/03/08 00:31:19 ad Exp $");
 #ifdef _KERNEL_OPT
 #include "opt_kmem.h"
 #endif
 #include <sys/param.h>
 #include <sys/callback.h>
 #include <sys/kmem.h>
 #include <sys/pool.h>
 #include <sys/debug.h>
 #include <sys/lockdebug.h>
 #include <sys/cpu.h>
 #include <sys/asan.h>
 @@ -158,30 +158,27 @@ static size_t kmem_cache_maxidx __read_m
 static pool_cache_t kmem_cache_big[KMEM_CACHE_BIG_COUNT] __cacheline_aligned;
 static size_t kmem_cache_big_maxidx __read_mostly;
 #if defined(DIAGNOSTIC) && defined(_HARDKERNEL)
 #define	KMEM_SIZE
 #endif
 #if defined(DEBUG) && defined(_HARDKERNEL)
 static void *kmem_freecheck;
 #endif
 #if defined(KMEM_SIZE)
-struct kmem_header {
+#define	SIZE_SIZE	sizeof(size_t)
 	size_t		size;
 } __aligned(KMEM_ALIGN);
 #define	SIZE_SIZE	sizeof(struct kmem_header)
 static void kmem_size_set(void *, size_t);
 static void kmem_size_check(void *, size_t);
 #else
 #define	SIZE_SIZE	0
 #define	kmem_size_set(p, sz)	/* nothing */
 #define	kmem_size_check(p, sz)	/* nothing */
 #endif
 CTASSERT(KM_SLEEP == PR_WAITOK);
 CTASSERT(KM_NOSLEEP == PR_NOWAIT);
 /*
  * kmem_intr_alloc: allocate wired memory.
 @@ -219,27 +216,26 @@ kmem_intr_alloc(size_t requested_size, k
 		     | VM_INSTANTFIT, (vmem_addr_t *)&p);
 		if (ret) {
 			return NULL;
+		}
 		FREECHECK_OUT(&kmem_freecheck, p);
 		return p;
+	}
 	p = pool_cache_get(pc, kmflags);
 	if (__predict_true(p != NULL)) {
 		FREECHECK_OUT(&kmem_freecheck, p);
 		kmem_size_set(p, requested_size);
 		p += SIZE_SIZE;
 		kasan_mark(p, origsize, size, KASAN_KMEM_REDZONE);
 		return p;
+	}
 	return p;
+}
 /*
  * kmem_intr_zalloc: allocate zeroed wired memory.
  */
 void *
 kmem_intr_zalloc(size_t size, km_flag_t kmflags)
+{
 	void *p;
 @@ -273,27 +269,26 @@ kmem_intr_free(void *p, size_t requested
 		pc = kmem_cache[index];
 	} else if ((index = ((allocsz - 1) >> KMEM_BIG_SHIFT))
 	    < kmem_cache_big_maxidx) {
 		pc = kmem_cache_big[index];
 	} else {
 		FREECHECK_IN(&kmem_freecheck, p);
 		uvm_km_kmem_free(kmem_va_arena, (vaddr_t)p,
 		    round_page(size));
 		return;
+	}
 	kasan_mark(p, size, size, 0);
 	p = (uint8_t *)p - SIZE_SIZE;
 	kmem_size_check(p, requested_size);
 	FREECHECK_IN(&kmem_freecheck, p);
 	LOCKDEBUG_MEM_CHECK(p, size);
 	pool_cache_put(pc, p);
+}
 /* -------------------------------- Kmem API -------------------------------- */
 /*
  * kmem_alloc: allocate wired memory.
  * => must not be called from interrupt context.
  */
 @@ -475,35 +470,31 @@ kmem_strfree(char *str)
+{
 	if (str == NULL)
 		return;
 	kmem_free(str, strlen(str) + 1);
+}
 /* --------------------------- DEBUG / DIAGNOSTIC --------------------------- */
 #if defined(KMEM_SIZE)
 static void
 kmem_size_set(void *p, size_t sz)
+{
-	struct kmem_header *hd;
+	memcpy((size_t *)((uintptr_t)p + sz), &sz, sizeof(size_t));
 	hd = (struct kmem_header *)p;
 	hd->size = sz;
+}
 static void
 kmem_size_check(void *p, size_t sz)
+{
 	struct kmem_header *hd;
 	size_t hsz;
-	hd = (struct kmem_header *)p;
+	memcpy(&hsz, (size_t *)((uintptr_t)p + sz), sizeof(size_t));
 	hsz = hd->size;
 	if (hsz != sz) {
-		panic("kmem_free(%p, %zu) != allocated size %zu",
+		panic("kmem_free(%p, %zu) != allocated size %zu; overwrote?",
-		    (const uint8_t *)p + SIZE_SIZE, sz, hsz);
+		    p, sz, hsz);
+	}
-	hd->size = -1;
+	memset((size_t *)((uintptr_t)p + sz), 0xff, sizeof(size_t));
+}
 #endif /* defined(KMEM_SIZE) */