If we're passed garbage in malloc_init(), panic() rather than expecting

a KASSERT to handle it.  People are likely to turn off INVARIANTS RSN
and loading an old module can cause garbage-in here.

I saw the issue with an older nvidia driver (x11/nvidia-driver) loading
into a new kernel - a crash wasn't seen 'till sysctl_kern_malloc_stats().
I was lucky that mtp->ks_shortdesc was NULL and not something horrible.

While I'm here, KASSERT that malloc_uninit() isn't passed something that's
not in kmemstatistics.

MFC after:	3 weeks

1 files changed, 7 insertions, 3 deletions

diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index e699a4e..51045ee 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -675,8 +675,8 @@ malloc_init(void *data)
 	KASSERT(cnt.v_page_count != 0, ("malloc_register before vm_init"));
 
 	mtp = data;
-	KASSERT(mtp->ks_magic == M_MAGIC,
-	    ("malloc_init: bad malloc type magic"));
+	if (mtp->ks_magic != M_MAGIC)
+		panic("malloc_init: bad malloc type magic");
 
 	mtip = uma_zalloc(mt_zone, M_WAITOK | M_ZERO);
 	mtp->ks_handle = mtip;
@@ -709,9 +709,13 @@ malloc_uninit(void *data)
 	if (mtp != kmemstatistics) {
 		for (temp = kmemstatistics; temp != NULL;
 		    temp = temp->ks_next) {
-			if (temp->ks_next == mtp)
+			if (temp->ks_next == mtp) {
 				temp->ks_next = mtp->ks_next;
+				break;
+			}
 		}
+		KASSERT(temp,
+		    ("malloc_uninit: type '%s' not found", mtp->ks_shortdesc));
 	} else
 		kmemstatistics = mtp->ks_next;
 	kmemcount--;