From patchwork Wed Dec 10 00:07:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 877 Return-Path: X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325378; bh=Q4E+pBY9beN+QGhJ1OxC3+EYhFQ1AIct+F0R/91Rckk=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=poxs4OgSyNEaQQOmn2vGSxPoU7RpkVaDj6lKTTKz5GHZN/iUJjtE60+qDxwaftIzi tKOZUfNX7fCxI8yebiED2wPuHIjAKGSZolLnq4Sjf3Js8/8ra7mgQqlCdMb0HXyAyX DsPbF8oFMzLQzR43Btr/sFMXUcpOigBo8C+XBU8QOAS1whm6mGn0JSTf4O5YC+nJbv sE332hrAWEnN9JNQ4T292oxCLrhIX5hwVCZD4IF3wYGJKE2iK+D7QTStyEdIEo+mr3 2AMWPeZZXEykJUXyFkcTl1kSs0yqoZMXrKkDtj+LuYOtG+pghwqHarP7v3M+E8TZvK /GGyMiPvOpVmw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 2405B68972 for ; Tue, 9 Dec 2025 17:09:38 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id HTMcRmKOhlgr for ; Tue, 9 Dec 2025 17:09:38 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325378; bh=Q4E+pBY9beN+QGhJ1OxC3+EYhFQ1AIct+F0R/91Rckk=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=poxs4OgSyNEaQQOmn2vGSxPoU7RpkVaDj6lKTTKz5GHZN/iUJjtE60+qDxwaftIzi tKOZUfNX7fCxI8yebiED2wPuHIjAKGSZolLnq4Sjf3Js8/8ra7mgQqlCdMb0HXyAyX DsPbF8oFMzLQzR43Btr/sFMXUcpOigBo8C+XBU8QOAS1whm6mGn0JSTf4O5YC+nJbv sE332hrAWEnN9JNQ4T292oxCLrhIX5hwVCZD4IF3wYGJKE2iK+D7QTStyEdIEo+mr3 2AMWPeZZXEykJUXyFkcTl1kSs0yqoZMXrKkDtj+LuYOtG+pghwqHarP7v3M+E8TZvK /GGyMiPvOpVmw== Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 0C57B68A43 for ; Tue, 9 Dec 2025 17:09:38 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325375; bh=ENqdcg+lb98QYzjEvvE3GH8Dz+9GVAyHIjp64A4jO+Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a2EUXvGMd8xzqwaV6zf1CCAKL0r8X5jvnDut1Ej0HRmIY+R3LwRPuo9S9pwMkcqz7 Rpmdm+jIGampGs5CCbS/8IV7q77FYI9/Bl4HSA3vr8EPIGYZPqbO2OFmwgiQqI2lDh 12HaN8MGLKXtO3g/Hv5zTpOTuaWjXOdW6PVfZWc0Ub9dOaeLmnWKkzxJbTREWqqfyh hXBdxyQTVntCoYl1B8US3LyJGI4O++bxQUFiUZOhY6Yh8xLl1LZWLIgJtOQlxFBQFT fzcRvt56nbbny7aCPS9to5dHbsR0cnmyCxrGCK6AQrEk4OvbObFQp6h2AZTNGY72NO SZjasUVGUCRZw== Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 72225687A7; Tue, 9 Dec 2025 17:09:35 -0700 (MST) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id NbTUVHAKt2q3; Tue, 9 Dec 2025 17:09:35 -0700 (MST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1765325371; bh=0o6Ifhy9P3JXgA6/r2AuClT6wjj4RvDJIuqOA37UEww=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=c1BuGOjm3VTSnZ90466hOwCoSbK0/mtqcwsKnoEBXcw2SFfWX1LXrWwPcg15oV090 FjwxBEKVZRGMAeTxwOaBF9xA3rIIgY61GepypwRU3nafdyjTh1L82sN0nZBeX44ew3 kWGDk3vaywbspsXa36LuMT2CY1zZRSaY9KSfbg84QDBDSFDLTE4JB087HuMKaa5wZA VNkcC+HamhdF0RZMPLgsj5FNUZkdJI1xmKJ9eOEGioEIPJDVVaDIbMP7Hd9F3760ZC VBOV9TCqoEYg/p2NGSFebzzAv9COZXuUBrD145vQwXzGV11KuoouND9feENyHm7bTS +kpHK6grcqnhw== Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id B4EE36884F; Tue, 9 Dec 2025 17:09:30 -0700 (MST) From: Simon Glass To: U-Boot Concept Date: Tue, 9 Dec 2025 17:07:11 -0700 Message-ID: <20251210000737.180797-21-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251210000737.180797-1-sjg@u-boot.org> References: <20251210000737.180797-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: W5DCWM6A6U4NU5OJY7JTVDBECDDZ4M6X X-Message-ID-Hash: W5DCWM6A6U4NU5OJY7JTVDBECDDZ4M6X X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Heinrich Schuchardt , Simon Glass , Claude X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 20/35] malloc: Add a Kconfig option for heap protection List-Id: Discussion and patches related to U-Boot Concept Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Simon Glass Add CONFIG_MCHECK_HEAP_PROTECTION option to enable mcheck heap protection. Convert all uses of MCHECK_HEAP_PROTECTION to use the CONFIG_ -prefixed version to work with Kconfig. Disable this option when tracing is enabled, since the mcheck hooks (mcheck_pedantic_prehook(), etc.) interfere with function tracing. Co-developed-by: Claude Signed-off-by: Simon Glass --- Kconfig | 10 ++++++++++ common/board_f.c | 2 +- common/dlmalloc.c | 6 +++--- common/mcheck_core.inc.h | 6 +++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/Kconfig b/Kconfig index 86276c89f38..fb320fdb418 100644 --- a/Kconfig +++ b/Kconfig @@ -345,6 +345,16 @@ config MALLOC_DEBUG enables additional assertions and the malloc_get_info() function to retrieve memory-allocation statistics. +config MCHECK_HEAP_PROTECTION + bool "Enable mcheck heap protection" + depends on !TRACE + help + Enable heap protection using the mcheck library. This adds canary + values before and after each allocation to detect buffer overflows + and underflows, double-frees, and memory corruption. This + significantly increases memory overhead and should only be used for + debugging. + config SPL_SYS_MALLOC_F bool "Enable malloc() pool in SPL" depends on SPL_FRAMEWORK && SYS_MALLOC_F && SPL diff --git a/common/board_f.c b/common/board_f.c index a3e4c69d449..9dce08002c5 100644 --- a/common/board_f.c +++ b/common/board_f.c @@ -749,7 +749,7 @@ static int setup_reloc(void) if (gd->flags & GD_FLG_SKIP_RELOC) { debug("Skipping relocation due to flag\n"); } else { -#ifdef MCHECK_HEAP_PROTECTION +#ifdef CONFIG_MCHECK_HEAP_PROTECTION mcheck_on_ramrelocation(gd->reloc_off); #endif debug("Relocation Offset is: %08lx\n", gd->reloc_off); diff --git a/common/dlmalloc.c b/common/dlmalloc.c index b8de42cc47e..7258a7dda84 100644 --- a/common/dlmalloc.c +++ b/common/dlmalloc.c @@ -572,7 +572,7 @@ MAX_RELEASE_CHECK_RATE default: 4095 unless not HAVE_MMAP #define DEBUG 1 #endif -#ifdef MCHECK_HEAP_PROTECTION +#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION) #define STATIC_IF_MCHECK static #undef MALLOC_COPY #undef MALLOC_ZERO @@ -5451,7 +5451,7 @@ static void* internal_memalign(mstate m, size_t alignment, size_t bytes) { } return mem; } -#endif /* !CONFIG_MCHECK_HEAP_PROTECTION || MSPACES */ +#endif /* !MCHECK_HEAP_PROTECTION || MSPACES */ /* Common support for independent_X routines, handling @@ -5937,7 +5937,7 @@ size_t dlmalloc_usable_size(const void* mem) { return 0; } -#ifdef MCHECK_HEAP_PROTECTION +#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION) #include "mcheck_core.inc.h" void *dlmalloc(size_t bytes) diff --git a/common/mcheck_core.inc.h b/common/mcheck_core.inc.h index 69021409922..7caa9ac8dff 100644 --- a/common/mcheck_core.inc.h +++ b/common/mcheck_core.inc.h @@ -45,8 +45,8 @@ * an array, for index(+1/-1) errors. * * U-Boot is a BL, not an OS with a lib. Activity of the library is set not in runtime, - * rather in compile-time, by MCHECK_HEAP_PROTECTION macro. That guarantees that - * we haven't missed first malloc. + * rather in compile-time, by CONFIG_MCHECK_HEAP_PROTECTION macro. That + * guarantees that we haven't missed first malloc. */ /* @@ -59,7 +59,7 @@ #define _MCHECKCORE_INC_H 1 #include "mcheck.h" -#if defined(MCHECK_HEAP_PROTECTION) +#if CONFIG_IS_ENABLED(MCHECK_HEAP_PROTECTION) #define mcheck_flood memset // these are from /dev/random: