[PATCH 04/11] tlsf: move kasan_poison_shadow into tlsf_add_pool

Sun Oct 5 21:15:05 PDT 2025

From: Ahmad Fatoum <a.fatoum at barebox.org>

Unallocated memory is poisoned by default to catch heap overflows.
Its control data can also be poisoned by default as the code takes care
to unpoison it on access.

Move the poisoning thus tlsf_add_pool(), so users need not worry about
it.

Signed-off-by: Ahmad Fatoum <a.fatoum at barebox.org>
Signed-off-by: Chali Anis <chalianis1 at gmail.com>
---
 common/tlsf.c        | 7 +++++--
 common/tlsf_malloc.c | 2 --
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/common/tlsf.c b/common/tlsf.c
index 8666b94ea387..4ee53a9b2f20 100644
--- a/common/tlsf.c
+++ b/common/tlsf.c
@@ -814,6 +814,7 @@ size_t tlsf_alloc_overhead(void)
 
 pool_t tlsf_add_pool(tlsf_t tlsf, void* mem, size_t bytes)
 {
+	control_t* control = tlsf_cast(control_t*, tlsf);
 	block_header_t* block;
 	block_header_t* next;
 
@@ -844,7 +845,7 @@ pool_t tlsf_add_pool(tlsf_t tlsf, void* mem, size_t bytes)
 	block_set_size(block, pool_bytes);
 	block_set_free(block);
 	block_set_prev_used(block);
-	block_insert(tlsf_cast(control_t*, tlsf), block);
+	block_insert(control, block);
 
 	/* Split the block to create a zero-size sentinel block. */
 	next = block_link_next(block);
@@ -852,6 +853,9 @@ pool_t tlsf_add_pool(tlsf_t tlsf, void* mem, size_t bytes)
 	block_set_used(next);
 	block_set_prev_free(next);
 
+	kasan_poison_shadow(mem, bytes, KASAN_TAG_INVALID);
+	kasan_poison_shadow(control, sizeof(control), KASAN_TAG_INVALID);
+
 	return mem;
 }
 
@@ -927,7 +931,6 @@ tlsf_t tlsf_create_with_pool(void* mem, size_t bytes)
 {
 	tlsf_t tlsf = tlsf_create(mem);
 	tlsf_add_pool(tlsf, (char*)mem + tlsf_size(), bytes - tlsf_size());
-	kasan_poison_shadow(mem, bytes, KASAN_TAG_INVALID);
 	return tlsf;
 }
 
diff --git a/common/tlsf_malloc.c b/common/tlsf_malloc.c
index 6e9d48af26bb..74089fe7f390 100644
--- a/common/tlsf_malloc.c
+++ b/common/tlsf_malloc.c
@@ -115,8 +115,6 @@ void *malloc_add_pool(void *mem, size_t bytes)
 	if (!new_pool)
 		return NULL;
 
-	kasan_poison_shadow(mem, bytes, KASAN_TAG_INVALID);
-
 	new_pool_entry = malloc(sizeof(*new_pool_entry));
 	if (!new_pool_entry)
 		return NULL;
-- 
2.34.1


