1847a2a17SPawel Jakub Dawidek.\" Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 2847a2a17SPawel Jakub Dawidek.\" All rights reserved. 3847a2a17SPawel Jakub Dawidek.\" 4847a2a17SPawel Jakub Dawidek.\" Redistribution and use in source and binary forms, with or without 5847a2a17SPawel Jakub Dawidek.\" modification, are permitted provided that the following conditions 6847a2a17SPawel Jakub Dawidek.\" are met: 7847a2a17SPawel Jakub Dawidek.\" 1. Redistributions of source code must retain the above copyright 8847a2a17SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer. 9847a2a17SPawel Jakub Dawidek.\" 2. Redistributions in binary form must reproduce the above copyright 10847a2a17SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer in the 11847a2a17SPawel Jakub Dawidek.\" documentation and/or other materials provided with the distribution. 12847a2a17SPawel Jakub Dawidek.\" 13847a2a17SPawel Jakub Dawidek.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14847a2a17SPawel Jakub Dawidek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15847a2a17SPawel Jakub Dawidek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16847a2a17SPawel Jakub Dawidek.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17847a2a17SPawel Jakub Dawidek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18847a2a17SPawel Jakub Dawidek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19847a2a17SPawel Jakub Dawidek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20847a2a17SPawel Jakub Dawidek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21847a2a17SPawel Jakub Dawidek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22847a2a17SPawel Jakub Dawidek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23847a2a17SPawel Jakub Dawidek.\" SUCH DAMAGE. 24847a2a17SPawel Jakub Dawidek.\" 25b9a2c489SChristian Brueffer.Dd January 9, 2009 26847a2a17SPawel Jakub Dawidek.Dt REDZONE 9 27847a2a17SPawel Jakub Dawidek.Os 28847a2a17SPawel Jakub Dawidek.Sh NAME 29847a2a17SPawel Jakub Dawidek.Nm RedZone 30847a2a17SPawel Jakub Dawidek.Nd "buffer corruptions detector" 31847a2a17SPawel Jakub Dawidek.Sh SYNOPSIS 32b9a2c489SChristian Brueffer.Cd "options KDB" 33b9a2c489SChristian Brueffer.Cd "options DDB" 34847a2a17SPawel Jakub Dawidek.Cd "options DEBUG_REDZONE" 35847a2a17SPawel Jakub Dawidek.Sh DESCRIPTION 36847a2a17SPawel Jakub Dawidek.Nm 37847a2a17SPawel Jakub Dawidekdetects buffer underflow and buffer overflow bugs at runtime. 38847a2a17SPawel Jakub DawidekCurrently 39847a2a17SPawel Jakub Dawidek.Nm 40847a2a17SPawel Jakub Dawidekonly detects buffer corruptions for memory allocated with 41847a2a17SPawel Jakub Dawidek.Xr malloc 9 . 42847a2a17SPawel Jakub DawidekWhen such corruption is detected two backtraces are printed on the console. 43847a2a17SPawel Jakub DawidekThe first one shows from where memory was allocated, the second one shows from 44847a2a17SPawel Jakub Dawidekwhere memory was freed. 45847a2a17SPawel Jakub DawidekBy default the system will not panic when buffer corruption is detected. 46847a2a17SPawel Jakub DawidekThis can be changed by setting the 47847a2a17SPawel Jakub Dawidek.Va vm.redzone.panic 48847a2a17SPawel Jakub Dawidek.Xr sysctl 8 49847a2a17SPawel Jakub Dawidekvariable to 1. 50847a2a17SPawel Jakub DawidekThe amount of extra memory allocated for 51847a2a17SPawel Jakub Dawidek.Nm Ns 's 52847a2a17SPawel Jakub Dawidekneeds is stored in the 53847a2a17SPawel Jakub Dawidek.Va vm.redzone.extra_mem 54847a2a17SPawel Jakub Dawidek.Xr sysctl 8 55847a2a17SPawel Jakub Dawidekvariable. 56847a2a17SPawel Jakub Dawidek.Sh EXAMPLE 57847a2a17SPawel Jakub DawidekThe example below shows the logs from the detection of a buffer underflow and a 58847a2a17SPawel Jakub Dawidekbuffer overflow. 59847a2a17SPawel Jakub Dawidek.Bd -literal -offset indent 60847a2a17SPawel Jakub DawidekREDZONE: Buffer underflow detected. 2 bytes corrupted before 0xc8688580 (16 bytes allocated). 61847a2a17SPawel Jakub DawidekAllocation backtrace: 62847a2a17SPawel Jakub Dawidek#0 0xc0583e4e at redzone_setup+0x3c 63847a2a17SPawel Jakub Dawidek#1 0xc04a23fa at malloc+0x19e 64847a2a17SPawel Jakub Dawidek#2 0xcdeb69ca at redzone_modevent+0x60 65847a2a17SPawel Jakub Dawidek#3 0xc04a3f3c at module_register_init+0x82 66847a2a17SPawel Jakub Dawidek#4 0xc049d96a at linker_file_sysinit+0x8e 67847a2a17SPawel Jakub Dawidek#5 0xc049dc7c at linker_load_file+0xed 68847a2a17SPawel Jakub Dawidek#6 0xc04a041f at linker_load_module+0xc4 69847a2a17SPawel Jakub Dawidek#7 0xc049e883 at kldload+0x116 70847a2a17SPawel Jakub Dawidek#8 0xc05d9b3d at syscall+0x325 71847a2a17SPawel Jakub Dawidek#9 0xc05c944f at Xint0x80_syscall+0x1f 72847a2a17SPawel Jakub DawidekFree backtrace: 73847a2a17SPawel Jakub Dawidek#0 0xc0583f92 at redzone_check+0xd4 74847a2a17SPawel Jakub Dawidek#1 0xc04a2422 at free+0x1c 75847a2a17SPawel Jakub Dawidek#2 0xcdeb69a6 at redzone_modevent+0x3c 76847a2a17SPawel Jakub Dawidek#3 0xc04a438d at module_unload+0x61 77847a2a17SPawel Jakub Dawidek#4 0xc049e0b3 at linker_file_unload+0x89 78847a2a17SPawel Jakub Dawidek#5 0xc049e979 at kern_kldunload+0x96 79847a2a17SPawel Jakub Dawidek#6 0xc049ea00 at kldunloadf+0x2c 80847a2a17SPawel Jakub Dawidek#7 0xc05d9b3d at syscall+0x325 81847a2a17SPawel Jakub Dawidek#8 0xc05c944f at Xint0x80_syscall+0x1f 82847a2a17SPawel Jakub Dawidek 83847a2a17SPawel Jakub DawidekREDZONE: Buffer overflow detected. 4 bytes corrupted after 0xc8688590 (16 bytes allocated). 84847a2a17SPawel Jakub DawidekAllocation backtrace: 85847a2a17SPawel Jakub Dawidek#0 0xc0583e4e at redzone_setup+0x3c 86847a2a17SPawel Jakub Dawidek#1 0xc04a23fa at malloc+0x19e 87847a2a17SPawel Jakub Dawidek#2 0xcdeb69ca at redzone_modevent+0x60 88847a2a17SPawel Jakub Dawidek#3 0xc04a3f3c at module_register_init+0x82 89847a2a17SPawel Jakub Dawidek#4 0xc049d96a at linker_file_sysinit+0x8e 90847a2a17SPawel Jakub Dawidek#5 0xc049dc7c at linker_load_file+0xed 91847a2a17SPawel Jakub Dawidek#6 0xc04a041f at linker_load_module+0xc4 92847a2a17SPawel Jakub Dawidek#7 0xc049e883 at kldload+0x116 93847a2a17SPawel Jakub Dawidek#8 0xc05d9b3d at syscall+0x325 94847a2a17SPawel Jakub Dawidek#9 0xc05c944f at Xint0x80_syscall+0x1f 95847a2a17SPawel Jakub DawidekFree backtrace: 96847a2a17SPawel Jakub Dawidek#0 0xc0584020 at redzone_check+0x162 97847a2a17SPawel Jakub Dawidek#1 0xc04a2422 at free+0x1c 98847a2a17SPawel Jakub Dawidek#2 0xcdeb69a6 at redzone_modevent+0x3c 99847a2a17SPawel Jakub Dawidek#3 0xc04a438d at module_unload+0x61 100847a2a17SPawel Jakub Dawidek#4 0xc049e0b3 at linker_file_unload+0x89 101847a2a17SPawel Jakub Dawidek#5 0xc049e979 at kern_kldunload+0x96 102847a2a17SPawel Jakub Dawidek#6 0xc049ea00 at kldunloadf+0x2c 103847a2a17SPawel Jakub Dawidek#7 0xc05d9b3d at syscall+0x325 104847a2a17SPawel Jakub Dawidek#8 0xc05c944f at Xint0x80_syscall+0x1f 105847a2a17SPawel Jakub Dawidek.Ed 106847a2a17SPawel Jakub Dawidek.Sh SEE ALSO 107847a2a17SPawel Jakub Dawidek.Xr sysctl 8 , 108847a2a17SPawel Jakub Dawidek.Xr malloc 9 , 109847a2a17SPawel Jakub Dawidek.Xr memguard 9 110847a2a17SPawel Jakub Dawidek.Sh HISTORY 111847a2a17SPawel Jakub Dawidek.Nm 112847a2a17SPawel Jakub Dawidekfirst appeared in 113847a2a17SPawel Jakub Dawidek.Fx 7.0 . 114847a2a17SPawel Jakub Dawidek.Sh AUTHORS 115*8a7314fcSBaptiste Daroussin.An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org 116847a2a17SPawel Jakub Dawidek.Sh BUGS 117847a2a17SPawel Jakub DawidekCurrently, 118847a2a17SPawel Jakub Dawidek.Nm 119847a2a17SPawel Jakub Dawidekdoes not cooperate with 120847a2a17SPawel Jakub Dawidek.Xr memguard 9 . 121847a2a17SPawel Jakub DawidekAllocations from a memory type controlled by 122847a2a17SPawel Jakub Dawidek.Xr memguard 9 123847a2a17SPawel Jakub Dawidekare simply skipped, so buffer corruptions will not be detected there. 124