diff options
| author | mdf <mdf@FreeBSD.org> | 2010-07-28 15:36:12 +0000 |
|---|---|---|
| committer | mdf <mdf@FreeBSD.org> | 2010-07-28 15:36:12 +0000 |
| commit | 6857471cf3ec44101821a34c3d7dc18913d0c22b (patch) | |
| tree | 4b57fa8bbbe414dcfd4fe89f40c3c9cae5d70fa3 /sys/conf | |
| parent | 6aaf496254ae07085fc7ab479c417e5161b455dc (diff) | |
| download | FreeBSD-src-6857471cf3ec44101821a34c3d7dc18913d0c22b.zip FreeBSD-src-6857471cf3ec44101821a34c3d7dc18913d0c22b.tar.gz | |
Add MALLOC_DEBUG_MAXZONES debug malloc(9) option to use multiple uma
zones for each malloc bucket size. The purpose is to isolate
different malloc types into hash classes, so that any buffer overruns
or use-after-free will usually only affect memory from malloc types in
that hash class. This is purely a debugging tool; by varying the hash
function and tracking which hash class was corrupted, the intersection
of the hash classes from each instance will point to a single malloc
type that is being misused. At this point inspection or memguard(9)
can be used to catch the offending code.
Add MALLOC_DEBUG_MAXZONES=8 to -current GENERIC configuration files.
The suggestion to have this on by default came from Kostik Belousov on
-arch.
This code is based on work by Ron Steinke at Isilon Systems.
Reviewed by: -arch (mostly silence)
Reviewed by: zml
Approved by: zml (mentor)
Diffstat (limited to 'sys/conf')
| -rw-r--r-- | sys/conf/NOTES | 14 | ||||
| -rw-r--r-- | sys/conf/options | 1 |
2 files changed, 15 insertions, 0 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 0a872b2..2cf18f1 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -385,6 +385,20 @@ options SYSCTL_DEBUG options NO_SYSCTL_DESCR # +# MALLOC_DEBUG_MAXZONES enables multiple uma zones for malloc(9) +# allocations that are smaller than a page. The purpose is to isolate +# different malloc types into hash classes, so that any buffer +# overruns or use-after-free will usually only affect memory from +# malloc types in that hash class. This is purely a debugging tool; +# by varying the hash function and tracking which hash class was +# corrupted, the intersection of the hash classes from each instance +# will point to a single malloc type that is being misused. At this +# point inspection or memguard(9) can be used to catch the offending +# code. +# +options MALLOC_DEBUG_MAXZONES=8 + +# # DEBUG_MEMGUARD builds and enables memguard(9), a replacement allocator # for the kernel used to detect modify-after-free scenarios. See the # memguard(9) man page for more information on usage. diff --git a/sys/conf/options b/sys/conf/options index 9563cc8..b12290a 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -586,6 +586,7 @@ VM_LEVEL_0_ORDER opt_vm.h NO_SWAPPING opt_vm.h MALLOC_MAKE_FAILURES opt_vm.h MALLOC_PROFILE opt_vm.h +MALLOC_DEBUG_MAXZONES opt_vm.h # The MemGuard replacement allocator used for tamper-after-free detection DEBUG_MEMGUARD opt_vm.h |
