Loading...
iokit/Kernel/IOBufferMemoryDescriptor.cpp xnu-2782.20.48 xnu-3789.31.2
--- xnu/xnu-2782.20.48/iokit/Kernel/IOBufferMemoryDescriptor.cpp
+++ xnu/xnu-3789.31.2/iokit/Kernel/IOBufferMemoryDescriptor.cpp
@@ -84,7 +84,7 @@
     int           options = 0; // KMA_LOMEM;
 
     kr = kernel_memory_allocate(kernel_map, &vmaddr,
-				page_size, 0, options);
+				page_size, 0, options, VM_KERN_MEMORY_IOKIT);
 
     if (KERN_SUCCESS != kr) vmaddr = 0;
     else 		    bzero((void *) vmaddr, page_size);
@@ -166,6 +166,8 @@
 	options |= kIOMemoryPhysicallyContiguous;
 
     _alignment = alignment;
+
+    if ((capacity + alignment) < _capacity) return (false);
 
     if ((inTask != kernel_task) && !(options & kIOMemoryPageable))
 	return false;
@@ -232,7 +234,7 @@
 	    {
 		IOStatisticsAlloc(kIOStatisticsMallocAligned, capacity);
 #if IOALLOCDEBUG
-		debug_iomalloc_size += capacity;
+		OSAddAtomic(capacity, &debug_iomalloc_size);
 #endif
 	    }
 	}
@@ -259,7 +261,7 @@
 
 	if( options & kIOMemoryPageable) {
 #if IOALLOCDEBUG
-	    debug_iomallocpageable_size += size;
+	    OSAddAtomicLong(size, &debug_iomallocpageable_size);
 #endif
 	    mapTask = inTask;
 	    if (NULL == inTask)
@@ -492,7 +494,7 @@
     if (options & kIOMemoryPageable)
     {
 #if IOALLOCDEBUG
-	debug_iomallocpageable_size -= round_page(size);
+	OSAddAtomicLong(-(round_page(size)), &debug_iomallocpageable_size);
 #endif
     }
     else if (buffer)
@@ -512,7 +514,7 @@
 		kmem_free(kernel_map, page, page_size);
 	    }
 #if IOALLOCDEBUG
-	    debug_iomalloc_size -= size;
+		OSAddAtomic(-size, &debug_iomalloc_size);
 #endif
 	    IOStatisticsAlloc(kIOStatisticsFreeAligned, size);
 	}
@@ -552,6 +554,7 @@
 void IOBufferMemoryDescriptor::setLength(vm_size_t length)
 {
     assert(length <= _capacity);
+    if (length > _capacity) return;
 
     _length = length;
     _ranges.v64->length = length;
@@ -623,6 +626,9 @@
 IOBufferMemoryDescriptor::getBytesNoCopy(vm_size_t start, vm_size_t withLength)
 {
     IOVirtualAddress address;
+
+    if ((start + withLength) < start) return 0;
+
     if (kIOMemoryTypePhysical64 == (_flags & kIOMemoryTypeMask))
 	address = (IOVirtualAddress) _buffer;
     else