[linux] Make malloc and linux_umalloc valgrindable

Make the allocators used by malloc and linux_umalloc valgrindable.
Include valgrind headers in the codebase to avoid a build dependency
on valgrind.

Signed-off-by: Piotr Jaroszyński <p.jaroszynski@gmail.com>
Modified-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/arch/i386/scripts/linux.lds

@@ -42,9 +42,12 @@ SECTIONS {
 	/*
 	 * The data section
 	 *
+	 * Adjust the address for the data segment.  We want to adjust up to
+	 * the same address within the page on the next page up.
 	 */
 
-	. = ALIGN ( _max_align );
+	. = ALIGN (CONSTANT (MAXPAGESIZE)) - ((CONSTANT (MAXPAGESIZE) - .) & (CONSTANT (MAXPAGESIZE) - 1));
+	. = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
 	.data : {
 		_data = .;
 		*(.data)
@@ -91,8 +94,6 @@ SECTIONS {
 		*(.comment.*)
 		*(.note)
 		*(.note.*)
-		*(.eh_frame)
-		*(.eh_frame.*)
 		*(.rel)
 		*(.rel.*)
 		*(.discard)

src/arch/x86/Makefile

@@ -10,3 +10,6 @@ SRCDIRS		+= arch/x86/prefix
 
 # breaks building some of the linux-related objects
 CFLAGS		+= -Ulinux
+
+# disable valgrind
+CFLAGS		+= -DNVALGRIND

src/arch/x86/Makefile.linux

@@ -1,5 +1,8 @@
 MEDIA = linux
 
+# enable valgrind
+CFLAGS += -UNVALGRIND
+
 INCDIRS += arch/x86/include/linux
 SRCDIRS += interface/linux
 SRCDIRS += drivers/linux

src/arch/x86/include/valgrind/memcheck.h

@@ -0,0 +1,309 @@
+
+/*
+   ----------------------------------------------------------------
+
+   Notice that the following BSD-style license applies to this one
+   file (memcheck.h) only.  The rest of Valgrind is licensed under the
+   terms of the GNU General Public License, version 2, unless
+   otherwise indicated.  See the COPYING file in the source
+   distribution for details.
+
+   ----------------------------------------------------------------
+
+   This file is part of MemCheck, a heavyweight Valgrind tool for
+   detecting memory errors.
+
+   Copyright (C) 2000-2010 Julian Seward.  All rights reserved.
+
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+
+   2. The origin of this software must not be misrepresented; you must 
+      not claim that you wrote the original software.  If you use this 
+      software in a product, an acknowledgment in the product 
+      documentation would be appreciated but is not required.
+
+   3. Altered source versions must be plainly marked as such, and must
+      not be misrepresented as being the original software.
+
+   4. The name of the author may not be used to endorse or promote 
+      products derived from this software without specific prior written 
+      permission.
+
+   THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+   OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+   WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+   ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+   DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+   DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+   GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+   INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+   NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+   ----------------------------------------------------------------
+
+   Notice that the above BSD-style license applies to this one file
+   (memcheck.h) only.  The entire rest of Valgrind is licensed under
+   the terms of the GNU General Public License, version 2.  See the
+   COPYING file in the source distribution for details.
+
+   ---------------------------------------------------------------- 
+*/
+
+
+#ifndef __MEMCHECK_H
+#define __MEMCHECK_H
+
+
+/* This file is for inclusion into client (your!) code.
+
+   You can use these macros to manipulate and query memory permissions
+   inside your own programs.
+
+   See comment near the top of valgrind.h on how to use them.
+*/
+
+#include "valgrind.h"
+
+/* !! ABIWARNING !! ABIWARNING !! ABIWARNING !! ABIWARNING !! 
+   This enum comprises an ABI exported by Valgrind to programs
+   which use client requests.  DO NOT CHANGE THE ORDER OF THESE
+   ENTRIES, NOR DELETE ANY -- add new ones at the end. */
+typedef
+   enum { 
+      VG_USERREQ__MAKE_MEM_NOACCESS = VG_USERREQ_TOOL_BASE('M','C'),
+      VG_USERREQ__MAKE_MEM_UNDEFINED,
+      VG_USERREQ__MAKE_MEM_DEFINED,
+      VG_USERREQ__DISCARD,
+      VG_USERREQ__CHECK_MEM_IS_ADDRESSABLE,
+      VG_USERREQ__CHECK_MEM_IS_DEFINED,
+      VG_USERREQ__DO_LEAK_CHECK,
+      VG_USERREQ__COUNT_LEAKS,
+
+      VG_USERREQ__GET_VBITS,
+      VG_USERREQ__SET_VBITS,
+
+      VG_USERREQ__CREATE_BLOCK,
+
+      VG_USERREQ__MAKE_MEM_DEFINED_IF_ADDRESSABLE,
+
+      /* Not next to VG_USERREQ__COUNT_LEAKS because it was added later. */
+      VG_USERREQ__COUNT_LEAK_BLOCKS,
+
+      /* This is just for memcheck's internal use - don't use it */
+      _VG_USERREQ__MEMCHECK_RECORD_OVERLAP_ERROR 
+         = VG_USERREQ_TOOL_BASE('M','C') + 256
+   } Vg_MemCheckClientRequest;
+
+
+
+/* Client-code macros to manipulate the state of memory. */
+
+/* Mark memory at _qzz_addr as unaddressable for _qzz_len bytes. */
+#define VALGRIND_MAKE_MEM_NOACCESS(_qzz_addr,_qzz_len)           \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__MAKE_MEM_NOACCESS,       \
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+      
+/* Similarly, mark memory at _qzz_addr as addressable but undefined
+   for _qzz_len bytes. */
+#define VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr,_qzz_len)          \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__MAKE_MEM_UNDEFINED,      \
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+
+/* Similarly, mark memory at _qzz_addr as addressable and defined
+   for _qzz_len bytes. */
+#define VALGRIND_MAKE_MEM_DEFINED(_qzz_addr,_qzz_len)            \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__MAKE_MEM_DEFINED,        \
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+
+/* Similar to VALGRIND_MAKE_MEM_DEFINED except that addressability is
+   not altered: bytes which are addressable are marked as defined,
+   but those which are not addressable are left unchanged. */
+#define VALGRIND_MAKE_MEM_DEFINED_IF_ADDRESSABLE(_qzz_addr,_qzz_len) \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__MAKE_MEM_DEFINED_IF_ADDRESSABLE, \
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+
+/* Create a block-description handle.  The description is an ascii
+   string which is included in any messages pertaining to addresses
+   within the specified memory range.  Has no other effect on the
+   properties of the memory range. */
+#define VALGRIND_CREATE_BLOCK(_qzz_addr,_qzz_len, _qzz_desc)	 \
+	(__extension__({unsigned long _qzz_res;			 \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__CREATE_BLOCK,            \
+                            _qzz_addr, _qzz_len, _qzz_desc,      \
+                            0, 0);                               \
+    _qzz_res;							 \
+   }))
+
+/* Discard a block-description-handle. Returns 1 for an
+   invalid handle, 0 for a valid handle. */
+#define VALGRIND_DISCARD(_qzz_blkindex)                          \
+   (__extension__ ({unsigned long _qzz_res;                      \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0 /* default return */, \
+                            VG_USERREQ__DISCARD,                 \
+                            0, _qzz_blkindex, 0, 0, 0);          \
+    _qzz_res;                                                    \
+   }))
+
+
+/* Client-code macros to check the state of memory. */
+
+/* Check that memory at _qzz_addr is addressable for _qzz_len bytes.
+   If suitable addressibility is not established, Valgrind prints an
+   error message and returns the address of the first offending byte.
+   Otherwise it returns zero. */
+#define VALGRIND_CHECK_MEM_IS_ADDRESSABLE(_qzz_addr,_qzz_len)    \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__CHECK_MEM_IS_ADDRESSABLE,\
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+
+/* Check that memory at _qzz_addr is addressable and defined for
+   _qzz_len bytes.  If suitable addressibility and definedness are not
+   established, Valgrind prints an error message and returns the
+   address of the first offending byte.  Otherwise it returns zero. */
+#define VALGRIND_CHECK_MEM_IS_DEFINED(_qzz_addr,_qzz_len)        \
+   (__extension__({unsigned long _qzz_res;                       \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__CHECK_MEM_IS_DEFINED,    \
+                            _qzz_addr, _qzz_len, 0, 0, 0);       \
+    _qzz_res;                                                    \
+   }))
+
+/* Use this macro to force the definedness and addressibility of an
+   lvalue to be checked.  If suitable addressibility and definedness
+   are not established, Valgrind prints an error message and returns
+   the address of the first offending byte.  Otherwise it returns
+   zero. */
+#define VALGRIND_CHECK_VALUE_IS_DEFINED(__lvalue)                \
+   VALGRIND_CHECK_MEM_IS_DEFINED(                                \
+      (volatile unsigned char *)&(__lvalue),                     \
+                      (unsigned long)(sizeof (__lvalue)))
+
+
+/* Do a full memory leak check (like --leak-check=full) mid-execution. */
+#define VALGRIND_DO_LEAK_CHECK                                   \
+   {unsigned long _qzz_res;                                      \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__DO_LEAK_CHECK,           \
+                            0, 0, 0, 0, 0);                      \
+   }
+
+/* Do a summary memory leak check (like --leak-check=summary) mid-execution. */
+#define VALGRIND_DO_QUICK_LEAK_CHECK				 \
+   {unsigned long _qzz_res;                                      \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__DO_LEAK_CHECK,           \
+                            1, 0, 0, 0, 0);                      \
+   }
+
+/* Return number of leaked, dubious, reachable and suppressed bytes found by
+   all previous leak checks.  They must be lvalues.  */
+#define VALGRIND_COUNT_LEAKS(leaked, dubious, reachable, suppressed)     \
+   /* For safety on 64-bit platforms we assign the results to private
+      unsigned long variables, then assign these to the lvalues the user
+      specified, which works no matter what type 'leaked', 'dubious', etc
+      are.  We also initialise '_qzz_leaked', etc because
+      VG_USERREQ__COUNT_LEAKS doesn't mark the values returned as
+      defined. */                                                        \
+   {unsigned long _qzz_res;                                              \
+    unsigned long _qzz_leaked    = 0, _qzz_dubious    = 0;               \
+    unsigned long _qzz_reachable = 0, _qzz_suppressed = 0;               \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                              \
+                               VG_USERREQ__COUNT_LEAKS,                  \
+                               &_qzz_leaked, &_qzz_dubious,              \
+                               &_qzz_reachable, &_qzz_suppressed, 0);    \
+    leaked     = _qzz_leaked;                                            \
+    dubious    = _qzz_dubious;                                           \
+    reachable  = _qzz_reachable;                                         \
+    suppressed = _qzz_suppressed;                                        \
+   }
+
+/* Return number of leaked, dubious, reachable and suppressed bytes found by
+   all previous leak checks.  They must be lvalues.  */
+#define VALGRIND_COUNT_LEAK_BLOCKS(leaked, dubious, reachable, suppressed) \
+   /* For safety on 64-bit platforms we assign the results to private
+      unsigned long variables, then assign these to the lvalues the user
+      specified, which works no matter what type 'leaked', 'dubious', etc
+      are.  We also initialise '_qzz_leaked', etc because
+      VG_USERREQ__COUNT_LEAKS doesn't mark the values returned as
+      defined. */                                                        \
+   {unsigned long _qzz_res;                                              \
+    unsigned long _qzz_leaked    = 0, _qzz_dubious    = 0;               \
+    unsigned long _qzz_reachable = 0, _qzz_suppressed = 0;               \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                              \
+                               VG_USERREQ__COUNT_LEAK_BLOCKS,            \
+                               &_qzz_leaked, &_qzz_dubious,              \
+                               &_qzz_reachable, &_qzz_suppressed, 0);    \
+    leaked     = _qzz_leaked;                                            \
+    dubious    = _qzz_dubious;                                           \
+    reachable  = _qzz_reachable;                                         \
+    suppressed = _qzz_suppressed;                                        \
+   }
+
+
+/* Get the validity data for addresses [zza..zza+zznbytes-1] and copy it
+   into the provided zzvbits array.  Return values:
+      0   if not running on valgrind
+      1   success
+      2   [previously indicated unaligned arrays;  these are now allowed]
+      3   if any parts of zzsrc/zzvbits are not addressable.
+   The metadata is not copied in cases 0, 2 or 3 so it should be
+   impossible to segfault your system by using this call.
+*/
+#define VALGRIND_GET_VBITS(zza,zzvbits,zznbytes)                 \
+   (__extension__({unsigned long _qzz_res;                       \
+    char* czza     = (char*)zza;                                 \
+    char* czzvbits = (char*)zzvbits;                             \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__GET_VBITS,               \
+                            czza, czzvbits, zznbytes, 0, 0 );    \
+    _qzz_res;                                                    \
+   }))
+
+/* Set the validity data for addresses [zza..zza+zznbytes-1], copying it
+   from the provided zzvbits array.  Return values:
+      0   if not running on valgrind
+      1   success
+      2   [previously indicated unaligned arrays;  these are now allowed]
+      3   if any parts of zza/zzvbits are not addressable.
+   The metadata is not copied in cases 0, 2 or 3 so it should be
+   impossible to segfault your system by using this call.
+*/
+#define VALGRIND_SET_VBITS(zza,zzvbits,zznbytes)                 \
+   (__extension__({unsigned int _qzz_res;                        \
+    char* czza     = (char*)zza;                                 \
+    char* czzvbits = (char*)zzvbits;                             \
+    VALGRIND_DO_CLIENT_REQUEST(_qzz_res, 0,                      \
+                            VG_USERREQ__SET_VBITS,               \
+                            czza, czzvbits, zznbytes, 0, 0 );    \
+    _qzz_res;                                                    \
+   }))
+
+#endif
+

src/arch/x86_64/scripts/linux.lds

@@ -42,9 +42,12 @@ SECTIONS {
 	/*
 	 * The data section
 	 *
+	 * Adjust the address for the data segment.  We want to adjust up to
+	 * the same address within the page on the next page up.
 	 */
 
-	. = ALIGN ( _max_align );
+	. = ALIGN (CONSTANT (MAXPAGESIZE)) - ((CONSTANT (MAXPAGESIZE) - .) & (CONSTANT (MAXPAGESIZE) - 1));
+	. = DATA_SEGMENT_ALIGN (CONSTANT (MAXPAGESIZE), CONSTANT (COMMONPAGESIZE));
 	.data : {
 		_data = .;
 		*(.data)
@@ -91,8 +94,6 @@ SECTIONS {
 		*(.comment.*)
 		*(.note)
 		*(.note.*)
-		*(.eh_frame)
-		*(.eh_frame.*)
 		*(.rel)
 		*(.rel.*)
 		*(.discard)

src/core/malloc.c

@@ -27,6 +27,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
 #include <ipxe/init.h>
 #include <ipxe/refcnt.h>
 #include <ipxe/malloc.h>
+#include <valgrind/memcheck.h>
 
 /** @file
  *
@@ -97,6 +98,37 @@ size_t freemem;
 /** The heap itself */
 static char heap[HEAP_SIZE] __attribute__ (( aligned ( __alignof__(void *) )));
 
+/**
+ * Mark all blocks in free list as defined
+ *
+ */
+static inline void valgrind_make_blocks_defined ( void ) {
+	struct memory_block *block;
+
+	if ( RUNNING_ON_VALGRIND > 0 ) {
+		VALGRIND_MAKE_MEM_DEFINED ( &free_blocks,
+					    sizeof ( free_blocks ) );
+		list_for_each_entry ( block, &free_blocks, list )
+			VALGRIND_MAKE_MEM_DEFINED ( block, sizeof ( *block ) );
+	}
+}
+
+/**
+ * Mark all blocks in free list as inaccessible
+ *
+ */
+static inline void valgrind_make_blocks_noaccess ( void ) {
+	struct memory_block *block;
+	struct memory_block *tmp;
+
+	if ( RUNNING_ON_VALGRIND > 0 ) {
+		list_for_each_entry_safe ( block, tmp, &free_blocks, list )
+			VALGRIND_MAKE_MEM_NOACCESS ( block, sizeof ( *block ) );
+		VALGRIND_MAKE_MEM_NOACCESS ( &free_blocks,
+					     sizeof ( free_blocks ) );
+	}
+}
+
 /**
  * Discard some cached data
  *
@@ -131,6 +163,9 @@ void * alloc_memblock ( size_t size, size_t align ) {
 	ssize_t post_size;
 	struct memory_block *pre;
 	struct memory_block *post;
+	struct memory_block *ptr;
+
+	valgrind_make_blocks_defined();
 
 	/* Round up size to multiple of MIN_MEMBLOCK_SIZE and
 	 * calculate alignment mask.
@@ -163,6 +198,8 @@ void * alloc_memblock ( size_t size, size_t align ) {
 				 * the heap).
 				 */
 				if ( (size_t) post_size >= MIN_MEMBLOCK_SIZE ) {
+					VALGRIND_MAKE_MEM_DEFINED ( post,
+							     sizeof ( *post ) );
 					post->size = post_size;
 					list_add ( &post->list, &pre->list );
 				}
@@ -183,7 +220,8 @@ void * alloc_memblock ( size_t size, size_t align ) {
 				/* Return allocated block */
 				DBG ( "Allocated [%p,%p)\n", block,
 				      ( ( ( void * ) block ) + size ) );
-				return block;
+				ptr = block;
+				goto done;
 			}
 		}
 
@@ -192,9 +230,14 @@ void * alloc_memblock ( size_t size, size_t align ) {
 			/* Nothing available to discard */
 			DBG ( "Failed to allocate %#zx (aligned %#zx)\n",
 			      size, align );
-			return NULL;
+			ptr = NULL;
+			goto done;
 		}
 	}
+
+ done:
+	valgrind_make_blocks_noaccess();
+	return ptr;
 }
 
 /**
@@ -216,11 +259,14 @@ void free_memblock ( void *ptr, size_t size ) {
 	if ( ! ptr )
 		return;
 
+	valgrind_make_blocks_defined();
+
 	/* Round up size to match actual size that alloc_memblock()
 	 * would have used.
 	 */
 	size = ( size + MIN_MEMBLOCK_SIZE - 1 ) & ~( MIN_MEMBLOCK_SIZE - 1 );
 	freeing = ptr;
+	VALGRIND_MAKE_MEM_DEFINED ( freeing, sizeof ( *freeing ) );
 	freeing->size = size;
 	DBG ( "Freeing [%p,%p)\n", freeing, ( ( ( void * ) freeing ) + size ));
 
@@ -263,6 +309,8 @@ void free_memblock ( void *ptr, size_t size ) {
 
 	/* Update free memory counter */
 	freemem += size;
+
+	valgrind_make_blocks_noaccess();
 }
 
 /**
@@ -302,8 +350,11 @@ void * realloc ( void *old_ptr, size_t new_size ) {
 		new_block = alloc_memblock ( new_total_size, 1 );
 		if ( ! new_block )
 			return NULL;
+		VALGRIND_MAKE_MEM_UNDEFINED ( new_block, offsetof ( struct autosized_block, data ) );
 		new_block->size = new_total_size;
+		VALGRIND_MAKE_MEM_NOACCESS ( new_block, offsetof ( struct autosized_block, data ) );
 		new_ptr = &new_block->data;
+		VALGRIND_MALLOCLIKE_BLOCK ( new_ptr, new_size, 0, 0 );
 	}
 	
 	/* Copy across relevant part of the old data region (if any),
@@ -314,12 +365,15 @@ void * realloc ( void *old_ptr, size_t new_size ) {
 	if ( old_ptr && ( old_ptr != NOWHERE ) ) {
 		old_block = container_of ( old_ptr, struct autosized_block,
 					   data );
+		VALGRIND_MAKE_MEM_DEFINED ( old_block, offsetof ( struct autosized_block, data ) );
 		old_total_size = old_block->size;
 		old_size = ( old_total_size -
 			     offsetof ( struct autosized_block, data ) );
 		memcpy ( new_ptr, old_ptr,
 			 ( ( old_size < new_size ) ? old_size : new_size ) );
 		free_memblock ( old_block, old_total_size );
+		VALGRIND_MAKE_MEM_NOACCESS ( old_block, offsetof ( struct autosized_block, data ) );
+		VALGRIND_FREELIKE_BLOCK ( old_ptr, 0 );
 	}
 
 	return new_ptr;
@@ -395,6 +449,7 @@ void mpopulate ( void *start, size_t len ) {
  *
  */
 static void init_heap ( void ) {
+	VALGRIND_MAKE_MEM_NOACCESS ( heap, sizeof ( heap ) );
 	mpopulate ( heap, sizeof ( heap ) );
 }
 

src/include/ipxe/malloc.h

@@ -19,6 +19,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
  */
 #include <stdlib.h>
 #include <ipxe/tables.h>
+#include <valgrind/memcheck.h>
 
 extern size_t freemem;
 
@@ -39,7 +40,10 @@ extern void mdumpfree ( void );
  * @c align must be a power of two.  @c size may not be zero.
  */
 static inline void * __malloc malloc_dma ( size_t size, size_t phys_align ) {
-	return alloc_memblock ( size, phys_align );
+	void * ptr = alloc_memblock ( size, phys_align );
+	if ( ptr && size )
+		VALGRIND_MALLOCLIKE_BLOCK ( ptr, size, 0, 0 );
+	return ptr;
 }
 
 /**
@@ -55,6 +59,7 @@ static inline void * __malloc malloc_dma ( size_t size, size_t phys_align ) {
  */
 static inline void free_dma ( void *ptr, size_t size ) {
 	free_memblock ( ptr, size );
+	VALGRIND_FREELIKE_BLOCK ( ptr, 0 );
 }
 
 /** A cache discarder */

src/interface/linux/linux_umalloc.c

@@ -18,6 +18,8 @@
 
 FILE_LICENCE(GPL2_OR_LATER);
 
+#include <valgrind/memcheck.h>
+
 /** @file
  *
  * iPXE user memory allocation API for linux
@@ -56,7 +58,9 @@ static void * linux_realloc(void *ptr, size_t size)
 	/* Check whether we have a valid pointer */
 	if (ptr != NULL && ptr != NOWHERE) {
 		mdptr = ptr - SIZE_MD;
+		VALGRIND_MAKE_MEM_DEFINED(mdptr, SIZE_MD);
 		md = *mdptr;
+		VALGRIND_MAKE_MEM_NOACCESS(mdptr, SIZE_MD);
 
 		/* Check for poison in the metadata */
 		if (md.poison != POISON) {
@@ -78,32 +82,56 @@ static void * linux_realloc(void *ptr, size_t size)
 		if (mdptr) {
 			if (linux_munmap(mdptr, md.size))
 				DBG("linux_realloc munmap failed: %s\n", linux_strerror(linux_errno));
+			VALGRIND_FREELIKE_BLOCK(ptr, sizeof(*mdptr));
 		}
 		return NOWHERE;
 	}
 
 	if (ptr) {
-		/* ptr is pointing to an already allocated memory, mremap() it with new size */
+		char *vbits = NULL;
+
+		if (RUNNING_ON_VALGRIND > 0)
+			vbits = linux_realloc(NULL, min(size, md.size));
+
+/* prevent an unused variable warning when building w/o valgrind support */
+#ifndef NVALGRIND
+		VALGRIND_GET_VBITS(ptr, vbits, min(size, md.size));
+#endif
+
+		VALGRIND_FREELIKE_BLOCK(ptr, SIZE_MD);
+
 		mdptr = linux_mremap(mdptr, md.size + SIZE_MD, size + SIZE_MD, MREMAP_MAYMOVE);
 		if (mdptr == MAP_FAILED) {
 			DBG("linux_realloc mremap failed: %s\n", linux_strerror(linux_errno));
 			return NULL;
 		}
-
 		ptr = ((void *)mdptr) + SIZE_MD;
+
+		VALGRIND_MALLOCLIKE_BLOCK(ptr, size, SIZE_MD, 0);
+/* prevent an unused variable warning when building w/o valgrind support */
+#ifndef NVALGRIND
+		VALGRIND_SET_VBITS(ptr, vbits, min(size, md.size));
+#endif
+
+		if (RUNNING_ON_VALGRIND > 0)
+			linux_realloc(vbits, 0);
 	} else {
-		/* allocate new memory with mmap() */
 		mdptr = linux_mmap(NULL, size + SIZE_MD, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 		if (mdptr == MAP_FAILED) {
 			DBG("linux_realloc mmap failed: %s\n", linux_strerror(linux_errno));
 			return NULL;
 		}
 		ptr = ((void *)mdptr) + SIZE_MD;
+		VALGRIND_MALLOCLIKE_BLOCK(ptr, size, SIZE_MD, 0);
 	}
 
 	/* Update the metadata */
+	VALGRIND_MAKE_MEM_DEFINED(mdptr, SIZE_MD);
 	mdptr->poison = POISON;
 	mdptr->size = size;
+	VALGRIND_MAKE_MEM_NOACCESS(mdptr, SIZE_MD);
+	// VALGRIND_MALLOCLIKE_BLOCK ignores redzones currently, make our own
+	VALGRIND_MAKE_MEM_NOACCESS(ptr + size, SIZE_MD);
 
 	return ptr;
 }