Add buffer corruption protection (RedZone) for kernel's malloc(9).

It detects both: buffer underflows and buffer overflows bugs at runtime
(on free(9) and realloc(9)) and prints backtraces from where memory was
allocated and from where it was freed.

Tested by:	kris

2 files changed, 124 insertions, 0 deletions

diff --git a/share/man/man9/Makefile b/share/man/man9/Makefile
index 63eb6fc..3ecff81 100644
--- a/share/man/man9/Makefile
+++ b/share/man/man9/Makefile
@@ -188,6 +188,7 @@ MAN=	accept_filter.9 \
 	psignal.9 \
 	random.9 \
 	random_harvest.9 \
+	redzone.9 \
 	resettodr.9 \
 	resource_int_value.9 \
 	rijndael.9 \
diff --git a/share/man/man9/redzone.9 b/share/man/man9/redzone.9
new file mode 100644
index 0000000..ef3cb53
--- /dev/null
+++ b/share/man/man9/redzone.9
@@ -0,0 +1,123 @@
+.\" Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd January 31, 2006
+.Dt REDZONE 9
+.Os
+.Sh NAME
+.Nm RedZone
+.Nd "buffer corruptions detector"
+.Sh SYNOPSIS
+.Cd "options DEBUG_REDZONE"
+.Sh DESCRIPTION
+.Nm
+detects buffer underflow and buffer overflow bugs at runtime.
+Currently
+.Nm
+only detects buffer corruptions for memory allocated with
+.Xr malloc 9 .
+When such corruption is detected two backtraces are printed on the console.
+The first one shows from where memory was allocated, the second one shows from
+where memory was freed.
+By default the system will not panic when buffer corruption is detected.
+This can be changed by setting the
+.Va vm.redzone.panic
+.Xr sysctl 8
+variable to 1.
+The amount of extra memory allocated for
+.Nm Ns 's
+needs is stored in the
+.Va vm.redzone.extra_mem
+.Xr sysctl 8
+variable.
+.Sh EXAMPLE
+The example below shows the logs from the detection of a buffer underflow and a
+buffer overflow.
+.Bd -literal -offset indent
+REDZONE: Buffer underflow detected. 2 bytes corrupted before 0xc8688580 (16 bytes allocated).
+Allocation backtrace:
+#0 0xc0583e4e at redzone_setup+0x3c
+#1 0xc04a23fa at malloc+0x19e
+#2 0xcdeb69ca at redzone_modevent+0x60
+#3 0xc04a3f3c at module_register_init+0x82
+#4 0xc049d96a at linker_file_sysinit+0x8e
+#5 0xc049dc7c at linker_load_file+0xed
+#6 0xc04a041f at linker_load_module+0xc4
+#7 0xc049e883 at kldload+0x116
+#8 0xc05d9b3d at syscall+0x325
+#9 0xc05c944f at Xint0x80_syscall+0x1f
+Free backtrace:
+#0 0xc0583f92 at redzone_check+0xd4
+#1 0xc04a2422 at free+0x1c
+#2 0xcdeb69a6 at redzone_modevent+0x3c
+#3 0xc04a438d at module_unload+0x61
+#4 0xc049e0b3 at linker_file_unload+0x89
+#5 0xc049e979 at kern_kldunload+0x96
+#6 0xc049ea00 at kldunloadf+0x2c
+#7 0xc05d9b3d at syscall+0x325
+#8 0xc05c944f at Xint0x80_syscall+0x1f
+
+REDZONE: Buffer overflow detected. 4 bytes corrupted after 0xc8688590 (16 bytes allocated).
+Allocation backtrace:
+#0 0xc0583e4e at redzone_setup+0x3c
+#1 0xc04a23fa at malloc+0x19e
+#2 0xcdeb69ca at redzone_modevent+0x60
+#3 0xc04a3f3c at module_register_init+0x82
+#4 0xc049d96a at linker_file_sysinit+0x8e
+#5 0xc049dc7c at linker_load_file+0xed
+#6 0xc04a041f at linker_load_module+0xc4
+#7 0xc049e883 at kldload+0x116
+#8 0xc05d9b3d at syscall+0x325
+#9 0xc05c944f at Xint0x80_syscall+0x1f
+Free backtrace:
+#0 0xc0584020 at redzone_check+0x162
+#1 0xc04a2422 at free+0x1c
+#2 0xcdeb69a6 at redzone_modevent+0x3c
+#3 0xc04a438d at module_unload+0x61
+#4 0xc049e0b3 at linker_file_unload+0x89
+#5 0xc049e979 at kern_kldunload+0x96
+#6 0xc049ea00 at kldunloadf+0x2c
+#7 0xc05d9b3d at syscall+0x325
+#8 0xc05c944f at Xint0x80_syscall+0x1f
+.Ed
+.Sh SEE ALSO
+.Xr sysctl 8 ,
+.Xr malloc 9 ,
+.Xr memguard 9
+.Sh HISTORY
+.Nm
+first appeared in
+.Fx 7.0 .
+.Sh AUTHORS
+.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org
+.Sh BUGS
+Currently,
+.Nm
+does not cooperate with
+.Xr memguard 9 .
+Allocations from a memory type controlled by
+.Xr memguard 9
+are simply skipped, so buffer corruptions will not be detected there.