svn commit: r357987 - in head: share/man/man9 sys/kern sys/sys

[Matt Macy]

Author: mmacy
Date: Sun Feb 16 00:12:53 2020
New Revision: 357987
URL: https://svnweb.freebsd.org/changeset/base/357987

Log:
  Add zfree to zero allocation before free
  
  Key and cookie management typically wants to
  avoid information leaks by explicitly zeroing
  before free. This routine simplifies that by
  permitting consumers to do so without carrying
  the size around.
  
  Reviewed by:	jeff@, jhb@
  MFC after:	1 week
  Sponsored by:	Rubicon Communications, LLC (Netgate)
  Differential Revision:	https://reviews.freebsd.org/D22790

Modified:
  head/share/man/man9/malloc.9
  head/sys/kern/kern_malloc.c
  head/sys/sys/malloc.h

Modified: head/share/man/man9/malloc.9
==============================================================================
--- head/share/man/man9/malloc.9	Sun Feb 16 00:03:09 2020	(r357986)
+++ head/share/man/man9/malloc.9	Sun Feb 16 00:12:53 2020	(r357987)
@@ -49,6 +49,8 @@
 .Fn mallocarray "size_t nmemb" "size_t size" "struct malloc_type *type" "int flags"
 .Ft void
 .Fn free "void *addr" "struct malloc_type *type"
+.Ft void
+.Fn zfree "void *addr" "struct malloc_type *type"
 .Ft void *
 .Fn realloc "void *addr" "size_t size" "struct malloc_type *type" "int flags"
 .Ft void *
@@ -105,6 +107,19 @@ is
 then
 .Fn free
 does nothing.
+.Pp
+Like
+.Fn free ,
+the
+.Fn zfree
+function releases memory at address
+.Fa addr
+that was previously allocated by
+.Fn malloc
+for re-use.
+However,
+.Fn zfree
+will zero the memory before it is released.
 .Pp
 The
 .Fn realloc

Modified: head/sys/kern/kern_malloc.c
==============================================================================
--- head/sys/kern/kern_malloc.c	Sun Feb 16 00:03:09 2020	(r357986)
+++ head/sys/kern/kern_malloc.c	Sun Feb 16 00:12:53 2020	(r357987)
@@ -820,6 +820,48 @@ free(void *addr, struct malloc_type *mtp)
 	malloc_type_freed(mtp, size);
 }
 
+/*
+ *	zfree:
+ *
+ *	Zero then free a block of memory allocated by malloc.
+ *
+ *	This routine may not block.
+ */
+void
+zfree(void *addr, struct malloc_type *mtp)
+{
+	uma_zone_t zone;
+	uma_slab_t slab;
+	u_long size;
+
+#ifdef MALLOC_DEBUG
+	if (free_dbg(&addr, mtp) != 0)
+		return;
+#endif
+	/* free(NULL, ...) does nothing */
+	if (addr == NULL)
+		return;
+
+	vtozoneslab((vm_offset_t)addr & (~UMA_SLAB_MASK), &zone, &slab);
+	if (slab == NULL)
+		panic("free: address %p(%p) has not been allocated.\n",
+		    addr, (void *)((u_long)addr & (~UMA_SLAB_MASK)));
+
+	if (__predict_true(!malloc_large_slab(slab))) {
+		size = zone->uz_size;
+#ifdef INVARIANTS
+		free_save_type(addr, mtp, size);
+#endif
+		explicit_bzero(addr, size);
+		uma_zfree_arg(zone, addr, slab);
+	} else {
+		size = malloc_large_size(slab);
+		explicit_bzero(addr, size);
+		free_large(addr, size);
+	}
+	malloc_type_freed(mtp, size);
+}
+
 void
 free_domain(void *addr, struct malloc_type *mtp)
 {

Modified: head/sys/sys/malloc.h
==============================================================================
--- head/sys/sys/malloc.h	Sun Feb 16 00:03:09 2020	(r357986)
+++ head/sys/sys/malloc.h	Sun Feb 16 00:12:53 2020	(r357987)
@@ -179,6 +179,7 @@ void	*contigmalloc_domainset(unsigned long size, struc
 	    unsigned long alignment, vm_paddr_t boundary)
 	    __malloc_like __result_use_check __alloc_size(1) __alloc_align(7);
 void	free(void *addr, struct malloc_type *type);
+void	zfree(void *addr, struct malloc_type *type);
 void	free_domain(void *addr, struct malloc_type *type);
 void	*malloc(size_t size, struct malloc_type *type, int flags) __malloc_like
 	    __result_use_check __alloc_size(1);