Additional kmem_alloc debugging

To: tech-kern%netbsd.org@localhost
Subject: Additional kmem_alloc debugging
From: Andrew Doran <ad%netbsd.org@localhost>
Date: Wed, 4 Feb 2009 22:59:20 +0000

http://www.netbsd.org/~ad/kmguard.diff

This adds basic verification to kmem_alloc/kmem_free somewhat like you get
with ElectricFence. It's enabled with the DEBUG kernel option AND a debugger
command:

        boot -d
        db> w kmem_guard_depth 0t30000
        db> c

The above tells it to queue up to 60000 pages of unmapped KVA to catch
use-after-free type errors. Memory backing a freed item is unmapped and the
kernel VA space pushed onto a FIFO. The VA space will not be reused until
another 30k items have been freed. Until reused the kernel can catch invalid
acceses and panic with a page fault.

Limitations:

- It has a severe impact on performance. 
- It wants a 64-bit machine with lots of RAM.
- It does not handle objects larger than PAGE_SIZE.

It also tries to catch:

- Overflow in realtime, using a guard page
- Underflow at free using a canary
- Invalid pointer/size passed, at free

Comments?

Thanks,
Andrew

Follow-Ups:
- Re: Additional kmem_alloc debugging
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: cdce alternate interface settings support
Next by Date: Re: tty deadlock (PR 37915)
Previous by Thread: disable ATA power management for PCMCIA/CF cards?
Next by Thread: Re: Additional kmem_alloc debugging
Indexes:

Home | Main Index | Thread Index | Old Index