Modifed to zero out the C heap if the CPU Table indicates that the

RTEMS workspace is to be zeroed out.
2025-12-05 15:15:44 +00:00 · 1998-09-23 16:34:23 +00:00
parent 87c857a983
commit 3b93a2dee1
3 changed files with 45 additions and 0 deletions
--- a/c/src/exec/libcsupport/src/malloc.c
+++ b/c/src/exec/libcsupport/src/malloc.c
@@ -36,6 +36,7 @@
 rtems_id RTEMS_Malloc_Heap;
 size_t RTEMS_Malloc_Sbrk_amount;

+extern rtems_cpu_table   Cpu_table;
 #ifdef RTEMS_DEBUG
 #define MALLOC_STATS
 #define MALLOC_DIRTY
@@ -101,6 +102,20 @@ void RTEMS_Malloc_Initialize(
    starting_address = (void *)u32_address;
  }

+  /*
+   *  If the BSP is not clearing out the workspace, then it is most likely
+   *  not clearing out the initial memory for the heap.  There is no 
+   *  standard supporting zeroing out the heap memory.  But much code
+   *  with UNIX history seems to assume that memory malloc'ed during
+   *  initialization (before any free's) is zero'ed.  This is true most
+   *  of the time under UNIX because zero'ing memory when it is first
+   *  given to a process eliminates the chance of a process seeing data
+   *  left over from another process.  This would be a security violation.
+   */
+
+  if ( Cpu_table.do_zero_of_workspace )
+     memset( starting_address, 0, length );
+
  /*
   *  Unfortunately we cannot use assert if this fails because if this
   *  has failed we do not have a heap and if we do not have a heap
--- a/c/src/lib/libc/malloc.c
+++ b/c/src/lib/libc/malloc.c
@@ -36,6 +36,7 @@
 rtems_id RTEMS_Malloc_Heap;
 size_t RTEMS_Malloc_Sbrk_amount;

+extern rtems_cpu_table   Cpu_table;
 #ifdef RTEMS_DEBUG
 #define MALLOC_STATS
 #define MALLOC_DIRTY
@@ -101,6 +102,20 @@ void RTEMS_Malloc_Initialize(
    starting_address = (void *)u32_address;
  }

+  /*
+   *  If the BSP is not clearing out the workspace, then it is most likely
+   *  not clearing out the initial memory for the heap.  There is no 
+   *  standard supporting zeroing out the heap memory.  But much code
+   *  with UNIX history seems to assume that memory malloc'ed during
+   *  initialization (before any free's) is zero'ed.  This is true most
+   *  of the time under UNIX because zero'ing memory when it is first
+   *  given to a process eliminates the chance of a process seeing data
+   *  left over from another process.  This would be a security violation.
+   */
+
+  if ( Cpu_table.do_zero_of_workspace )
+     memset( starting_address, 0, length );
+
  /*
   *  Unfortunately we cannot use assert if this fails because if this
   *  has failed we do not have a heap and if we do not have a heap
--- a/cpukit/libcsupport/src/malloc.c
+++ b/cpukit/libcsupport/src/malloc.c
@@ -36,6 +36,7 @@
 rtems_id RTEMS_Malloc_Heap;
 size_t RTEMS_Malloc_Sbrk_amount;

+extern rtems_cpu_table   Cpu_table;
 #ifdef RTEMS_DEBUG
 #define MALLOC_STATS
 #define MALLOC_DIRTY
@@ -101,6 +102,20 @@ void RTEMS_Malloc_Initialize(
    starting_address = (void *)u32_address;
  }

+  /*
+   *  If the BSP is not clearing out the workspace, then it is most likely
+   *  not clearing out the initial memory for the heap.  There is no 
+   *  standard supporting zeroing out the heap memory.  But much code
+   *  with UNIX history seems to assume that memory malloc'ed during
+   *  initialization (before any free's) is zero'ed.  This is true most
+   *  of the time under UNIX because zero'ing memory when it is first
+   *  given to a process eliminates the chance of a process seeing data
+   *  left over from another process.  This would be a security violation.
+   */
+
+  if ( Cpu_table.do_zero_of_workspace )
+     memset( starting_address, 0, length );
+
  /*
   *  Unfortunately we cannot use assert if this fails because if this
   *  has failed we do not have a heap and if we do not have a heap