tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Additional kmem_alloc debugging

This adds basic verification to kmem_alloc/kmem_free somewhat like you get
with ElectricFence. It's enabled with the DEBUG kernel option AND a debugger

        boot -d
        db> w kmem_guard_depth 0t30000
        db> c

The above tells it to queue up to 60000 pages of unmapped KVA to catch
use-after-free type errors. Memory backing a freed item is unmapped and the
kernel VA space pushed onto a FIFO. The VA space will not be reused until
another 30k items have been freed. Until reused the kernel can catch invalid
acceses and panic with a page fault.


- It has a severe impact on performance. 
- It wants a 64-bit machine with lots of RAM.
- It does not handle objects larger than PAGE_SIZE.

It also tries to catch:

- Overflow in realtime, using a guard page
- Underflow at free using a canary
- Invalid pointer/size passed, at free



Home | Main Index | Thread Index | Old Index