[src/trunk]: src/sys/kern Fix the KMEM_POISON check: it should check the whol...

[maxv <maxv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/3d053a9c99b5
branches:  trunk
changeset: 797038:3d053a9c99b5
user:      maxv <maxv%NetBSD.org@localhost>
date:      Wed Jul 02 15:00:28 2014 +0000

description:
Fix the KMEM_POISON check: it should check the whole buffer, otherwise some
write-after-free's wouldn't be detected (those occurring in the 8 last bytes
of the allocated buffer).

Was here before my changes, spotted by lars@.

diffstat:

 sys/kern/subr_kmem.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (27 lines):

diff -r 54e7f3ec8fc3 -r 3d053a9c99b5 sys/kern/subr_kmem.c
--- a/sys/kern/subr_kmem.c      Wed Jul 02 13:58:09 2014 +0000
+++ b/sys/kern/subr_kmem.c      Wed Jul 02 15:00:28 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: subr_kmem.c,v 1.57 2014/07/01 12:08:33 maxv Exp $      */
+/*     $NetBSD: subr_kmem.c,v 1.58 2014/07/02 15:00:28 maxv Exp $      */
 
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -90,7 +90,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.57 2014/07/01 12:08:33 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: subr_kmem.c,v 1.58 2014/07/02 15:00:28 maxv Exp $");
 
 #include <sys/param.h>
 #include <sys/callback.h>
@@ -273,7 +273,7 @@
        p = pool_cache_get(pc, kmflags);
 
        if (__predict_true(p != NULL)) {
-               kmem_poison_check(p, size);
+               kmem_poison_check(p, allocsz);
                FREECHECK_OUT(&kmem_freecheck, p);
                kmem_size_set(p, requested_size);
                kmem_redzone_fill(p, requested_size + SIZE_SIZE);