diff mbox series

[Concept,20/35] malloc: Add a Kconfig option for heap protection

Message ID 20251210000737.180797-21-sjg@u-boot.org
State New
Headers
Series malloc: Add heap debugging commands and mcheck caller tracking |

Commit Message

Simon Glass Dec. 10, 2025, 12:07 a.m. UTC 
  From: Simon Glass <simon.glass@canonical.com>

Add CONFIG_MCHECK_HEAP_PROTECTION option to enable mcheck heap
protection. Convert all uses of MCHECK_HEAP_PROTECTION to use the
CONFIG_ -prefixed version to work with Kconfig.

Disable this option when tracing is enabled, since the mcheck hooks (mcheck_pedantic_prehook(), etc.) interfere with function tracing.

Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 Kconfig                  | 10 ++++++++++
 common/board_f.c         |  2 +-
 common/dlmalloc.c        |  6 +++---
 common/mcheck_core.inc.h |  6 +++---
 4 files changed, 17 insertions(+), 7 deletions(-)
diff mbox series

Patch

diff --git a/Kconfig b/Kconfig
index 86276c89f38..fb320fdb418 100644
--- a/Kconfig
+++ b/Kconfig
@@ -345,6 +345,16 @@  config MALLOC_DEBUG
 	  enables additional assertions and the malloc_get_info() function
 	  to retrieve memory-allocation statistics.
 
+config MCHECK_HEAP_PROTECTION
+	bool "Enable mcheck heap protection"
+	depends on !TRACE
+	help
+	  Enable heap protection using the mcheck library. This adds canary
+	  values before and after each allocation to detect buffer overflows
+	  and underflows, double-frees, and memory corruption. This
+	  significantly increases memory overhead and should only be used for
+	  debugging.
+
 config SPL_SYS_MALLOC_F
 	bool "Enable malloc() pool in SPL"
 	depends on SPL_FRAMEWORK && SYS_MALLOC_F && SPL
diff --git a/common/board_f.c b/common/board_f.c
index a3e4c69d449..9dce08002c5 100644
--- a/common/board_f.c
+++ b/common/board_f.c
@@ -749,7 +749,7 @@  static int setup_reloc(void)
 	if (gd->flags & GD_FLG_SKIP_RELOC) {
 		debug("Skipping relocation due to flag\n");
 	} else {
-#ifdef MCHECK_HEAP_PROTECTION
+#ifdef CONFIG_MCHECK_HEAP_PROTECTION
 		mcheck_on_ramrelocation(gd->reloc_off);
 #endif
 		debug("Relocation Offset is: %08lx\n", gd->reloc_off);
diff --git a/common/dlmalloc.c b/common/dlmalloc.c
index b8de42cc47e..7258a7dda84 100644
--- a/common/dlmalloc.c
+++ b/common/dlmalloc.c
@@ -572,7 +572,7 @@  MAX_RELEASE_CHECK_RATE   default: 4095 unless not HAVE_MMAP
 #define DEBUG 1
 #endif
 
-#ifdef MCHECK_HEAP_PROTECTION
+#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION)
 #define STATIC_IF_MCHECK static
 #undef MALLOC_COPY
 #undef MALLOC_ZERO
@@ -5451,7 +5451,7 @@  static void* internal_memalign(mstate m, size_t alignment, size_t bytes) {
   }
   return mem;
 }
-#endif /* !CONFIG_MCHECK_HEAP_PROTECTION || MSPACES */
+#endif /* !MCHECK_HEAP_PROTECTION || MSPACES */
 
 /*
   Common support for independent_X routines, handling
@@ -5937,7 +5937,7 @@  size_t dlmalloc_usable_size(const void* mem) {
   return 0;
 }
 
-#ifdef MCHECK_HEAP_PROTECTION
+#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION)
 #include "mcheck_core.inc.h"
 
 void *dlmalloc(size_t bytes)
diff --git a/common/mcheck_core.inc.h b/common/mcheck_core.inc.h
index 69021409922..7caa9ac8dff 100644
--- a/common/mcheck_core.inc.h
+++ b/common/mcheck_core.inc.h
@@ -45,8 +45,8 @@ 
  *       an array, for index(+1/-1) errors.
  *
  * U-Boot is a BL, not an OS with a lib. Activity of the library is set not in runtime,
- * rather in compile-time, by MCHECK_HEAP_PROTECTION macro. That guarantees that
- * we haven't missed first malloc.
+ * rather in compile-time, by CONFIG_MCHECK_HEAP_PROTECTION macro. That
+ * guarantees that we haven't missed first malloc.
  */
 
 /*
@@ -59,7 +59,7 @@ 
 #define _MCHECKCORE_INC_H      1
 #include "mcheck.h"
 
-#if defined(MCHECK_HEAP_PROTECTION)
+#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION)
 #define mcheck_flood memset
 
 // these are from /dev/random: