2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 #include <sys/param.h>
31 #include <sys/systm.h>
32 #include <sys/kernel.h>
33 #include <sys/stack.h>
34 #include <sys/sysctl.h>
36 #include <vm/redzone.h>
39 #error KASAN and DEBUG_REDZONE cannot be configured together
42 static SYSCTL_NODE(_vm, OID_AUTO, redzone, CTLFLAG_RW | CTLFLAG_MPSAFE, NULL,
44 static u_long redzone_extra_mem = 0;
45 SYSCTL_ULONG(_vm_redzone, OID_AUTO, extra_mem, CTLFLAG_RD, &redzone_extra_mem,
46 0, "Extra memory allocated by redzone");
47 static int redzone_panic = 0;
48 SYSCTL_INT(_vm_redzone, OID_AUTO, panic, CTLFLAG_RWTUN, &redzone_panic, 0,
49 "Panic when buffer corruption is detected");
51 #define REDZONE_CHSIZE (16)
52 #define REDZONE_CFSIZE (16)
53 #define REDZONE_HSIZE (sizeof(struct stack) + sizeof(u_long) + REDZONE_CHSIZE)
54 #define REDZONE_FSIZE (REDZONE_CFSIZE)
57 redzone_roundup(u_long n)
60 if (n < REDZONE_HSIZE)
76 redzone_get_size(caddr_t naddr)
80 bcopy(naddr - REDZONE_CHSIZE - sizeof(u_long), &nsize, sizeof(nsize));
85 redzone_size_ntor(u_long nsize)
88 return (nsize + redzone_roundup(nsize) + REDZONE_FSIZE);
92 redzone_addr_ntor(caddr_t naddr)
95 return (naddr - redzone_roundup(redzone_get_size(naddr)));
99 * Set redzones and remember allocation backtrace.
102 redzone_setup(caddr_t raddr, u_long nsize)
105 caddr_t haddr, faddr;
107 atomic_add_long(&redzone_extra_mem, redzone_size_ntor(nsize) - nsize);
109 haddr = raddr + redzone_roundup(nsize) - REDZONE_HSIZE;
110 faddr = haddr + REDZONE_HSIZE + nsize;
112 /* Redzone header. */
114 bcopy(&st, haddr, sizeof(st));
116 bcopy(&nsize, haddr, sizeof(nsize));
117 haddr += sizeof(nsize);
118 memset(haddr, 0x42, REDZONE_CHSIZE);
119 haddr += REDZONE_CHSIZE;
121 /* Redzone footer. */
122 memset(faddr, 0x42, REDZONE_CFSIZE);
129 * This function is called on free() and realloc().
132 redzone_check(caddr_t naddr)
134 struct stack ast, fst;
135 caddr_t haddr, faddr;
140 haddr = naddr - REDZONE_HSIZE;
141 bcopy(haddr, &ast, sizeof(ast));
142 haddr += sizeof(ast);
143 bcopy(haddr, &nsize, sizeof(nsize));
144 haddr += sizeof(nsize);
146 atomic_subtract_long(&redzone_extra_mem,
147 redzone_size_ntor(nsize) - nsize);
149 /* Look for buffer underflow. */
151 for (i = 0; i < REDZONE_CHSIZE; i++, haddr++) {
152 if (*(u_char *)haddr != 0x42)
155 if (ncorruptions > 0) {
156 printf("REDZONE: Buffer underflow detected. %u byte%s "
157 "corrupted before %p (%lu bytes allocated).\n",
158 ncorruptions, ncorruptions == 1 ? "" : "s", naddr, nsize);
159 printf("Allocation backtrace:\n");
160 stack_print_ddb(&ast);
161 printf("Free backtrace:\n");
163 stack_print_ddb(&fst);
165 panic("Stopping here.");
167 faddr = naddr + nsize;
168 /* Look for buffer overflow. */
170 for (i = 0; i < REDZONE_CFSIZE; i++, faddr++) {
171 if (*(u_char *)faddr != 0x42)
174 if (ncorruptions > 0) {
175 printf("REDZONE: Buffer overflow detected. %u byte%s corrupted "
176 "after %p (%lu bytes allocated).\n", ncorruptions,
177 ncorruptions == 1 ? "" : "s", naddr + nsize, nsize);
178 printf("Allocation backtrace:\n");
179 stack_print_ddb(&ast);
180 printf("Free backtrace:\n");
182 stack_print_ddb(&fst);
184 panic("Stopping here.");