xref: /freebsd/share/man/man9/memguard.9 (revision 0b3105a37d7adcadcb720112fed4dc4e8040be99)
1.\" Copyright (c) 2005 Christian Brueffer
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd March 21, 2014
28.Dt MEMGUARD 9
29.Os
30.Sh NAME
31.Nm MemGuard
32.Nd "memory allocator for debugging purposes"
33.Sh SYNOPSIS
34.Cd "options DEBUG_MEMGUARD"
35.Sh DESCRIPTION
36.Nm
37is a simple and small replacement memory allocator designed
38to help detect tamper-after-free scenarios.
39These problems are more and more common and likely with
40multithreaded kernels where race conditions are more prevalent.
41.Pp
42.Nm
43can take over
44.Fn malloc ,
45.Fn realloc
46and
47.Fn free
48for a single malloc type.
49Alternatively
50.Nm
51can take over
52.Fn uma_zalloc ,
53.Fn uma_zalloc_arg
54and
55.Fn uma_free
56for a single
57.Xr uma
58zone.
59Also
60.Nm
61can guard all allocations larger than
62.Dv PAGE_SIZE ,
63and can guard a random fraction of all allocations.
64There is also a knob to prevent allocations smaller than a specified
65size from being guarded, to limit memory waste.
66.Sh EXAMPLES
67To use
68.Nm
69for a memory type, either add an entry to
70.Pa /boot/loader.conf :
71.Bd -literal -offset indent
72vm.memguard.desc=<memory_type>
73.Ed
74.Pp
75Or set the
76.Va vm.memguard.desc
77.Xr sysctl 8
78variable at run-time:
79.Bd -literal -offset indent
80sysctl vm.memguard.desc=<memory_type>
81.Ed
82.Pp
83Where
84.Ar memory_type
85can be either a short description of the memory type to monitor,
86either name of
87.Xr uma 9
88zone.
89Only allocations from that
90.Ar memory_type
91made after
92.Va vm.memguard.desc
93is set will potentially be guarded.
94If
95.Va vm.memguard.desc
96is modified at run-time then only allocations of the new
97.Ar memory_type
98will potentially be guarded once the
99.Xr sysctl 8
100is set.
101Existing guarded allocations will still be properly released by
102either
103.Xr free 9
104or
105.Xr uma_zfree 9 ,
106depending on what kind of allocation was taken over.
107.Pp
108To determine short description of a
109.Xr malloc 9
110type one can either take it from the first column of
111.Xr vmstat 8 Fl m
112output, or to find it in the kernel source.
113It is the second argument to
114.Xr MALLOC_DEFINE 9
115macro.
116To determine name of
117.Xr uma 9
118zone one can either take it from the first column of
119.Xr vmstat 8 Fl z
120output, or to find it in the kernel source.
121It is the first argument to the
122.Xr uma_zcreate 9
123function.
124.Pp
125The
126.Va vm.memguard.divisor
127boot-time tunable is used to scale how much of the system's physical
128memory
129.Nm
130is allowed to consume.
131The default is 10, so up to
132.Va vm_cnt.v_page_count Ns /10
133pages can be used.
134.Nm
135will reserve
136.Va vm_kmem_max
137/
138.Va vm.memguard.divisor
139bytes of virtual address space, limited by twice the physical memory
140size.
141The physical limit is reported as
142.Va vm.memguard.phys_limit
143and the virtual space reserved for
144.Nm
145is reported as
146.Va vm.memguard.mapsize .
147.Pp
148.Nm
149will not do page promotions for any allocation smaller than
150.Va vm.memguard.minsize
151bytes.
152The default is 0, meaning all allocations can potentially be guarded.
153.Nm
154can guard sufficiently large allocations randomly, with average
155frequency of every one in 100000 /
156.Va vm.memguard.frequency
157allocations.
158The default is 0, meaning no allocations are randomly guarded.
159.Pp
160.Nm
161can optionally add unmapped guard pages around each allocation to
162detect overflow and underflow, if
163.Va vm.memguard.options
164has the 1 bit set.
165This option is enabled by default.
166.Nm
167will optionally guard all allocations of
168.Dv PAGE_SIZE
169or larger if
170.Va vm.memguard.options
171has the 2 bit set.
172This option is off by default.
173By default
174.Nm
175doesn't guard those
176.Xr uma 9
177zones that have been initialized with the
178.Dv UMA_ZONE_NOFREE
179flag set, since it can produce false positives on them.
180However, this safety measure can be turned off by setting bit 3
181of the
182.Va vm.memguard.options
183tunable.
184.Sh SEE ALSO
185.Xr sysctl 8 ,
186.Xr vmstat 8 ,
187.Xr contigmalloc 9 ,
188.Xr malloc 9 ,
189.Xr redzone 9 ,
190.Xr uma 9
191.Sh HISTORY
192.Nm
193first appeared in
194.Fx 6.0 .
195.Sh AUTHORS
196.An -nosplit
197.Nm
198was originally written by
199.An Bosko Milekic Aq Mt bmilekic@FreeBSD.org .
200This manual page was originally written by
201.An Christian Brueffer Aq Mt brueffer@FreeBSD.org .
202Additions have been made by
203.An Matthew Fleming Aq Mt mdf@FreeBSD.org
204and
205.An Gleb Smirnoff Aq Mt glebius@FreeBSD.org
206to both the implementation and the documentation.
207.Sh BUGS
208It is not possible to guard allocations that really expect themselves to be
209allocated from
210.Xr uma 9 ,
211utilizing additional interfaces apart from
212.Fn uma_zalloc
213and
214.Fn uma_free ,
215for example
216.Fn uma_find_refcnt .
217For the moment of writing only
218.Xr mbuf 9
219cluster zones belong to that kind of allocations.
220Attempt to guard them would lead to kernel panic.
221