1847a2a17SPawel Jakub Dawidek.\" Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 2847a2a17SPawel Jakub Dawidek.\" All rights reserved. 3847a2a17SPawel Jakub Dawidek.\" 4847a2a17SPawel Jakub Dawidek.\" Redistribution and use in source and binary forms, with or without 5847a2a17SPawel Jakub Dawidek.\" modification, are permitted provided that the following conditions 6847a2a17SPawel Jakub Dawidek.\" are met: 7847a2a17SPawel Jakub Dawidek.\" 1. Redistributions of source code must retain the above copyright 8847a2a17SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer. 9847a2a17SPawel Jakub Dawidek.\" 2. Redistributions in binary form must reproduce the above copyright 10847a2a17SPawel Jakub Dawidek.\" notice, this list of conditions and the following disclaimer in the 11847a2a17SPawel Jakub Dawidek.\" documentation and/or other materials provided with the distribution. 12847a2a17SPawel Jakub Dawidek.\" 13847a2a17SPawel Jakub Dawidek.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14847a2a17SPawel Jakub Dawidek.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15847a2a17SPawel Jakub Dawidek.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16847a2a17SPawel Jakub Dawidek.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17847a2a17SPawel Jakub Dawidek.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18847a2a17SPawel Jakub Dawidek.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19847a2a17SPawel Jakub Dawidek.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20847a2a17SPawel Jakub Dawidek.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21847a2a17SPawel Jakub Dawidek.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22847a2a17SPawel Jakub Dawidek.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23847a2a17SPawel Jakub Dawidek.\" SUCH DAMAGE. 24847a2a17SPawel Jakub Dawidek.\" 25847a2a17SPawel Jakub Dawidek.\" $FreeBSD$ 26847a2a17SPawel Jakub Dawidek.\" 27b9a2c489SChristian Brueffer.Dd January 9, 2009 28847a2a17SPawel Jakub Dawidek.Dt REDZONE 9 29847a2a17SPawel Jakub Dawidek.Os 30847a2a17SPawel Jakub Dawidek.Sh NAME 31847a2a17SPawel Jakub Dawidek.Nm RedZone 32847a2a17SPawel Jakub Dawidek.Nd "buffer corruptions detector" 33847a2a17SPawel Jakub Dawidek.Sh SYNOPSIS 34b9a2c489SChristian Brueffer.Cd "options KDB" 35b9a2c489SChristian Brueffer.Cd "options DDB" 36847a2a17SPawel Jakub Dawidek.Cd "options DEBUG_REDZONE" 37847a2a17SPawel Jakub Dawidek.Sh DESCRIPTION 38847a2a17SPawel Jakub Dawidek.Nm 39847a2a17SPawel Jakub Dawidekdetects buffer underflow and buffer overflow bugs at runtime. 40847a2a17SPawel Jakub DawidekCurrently 41847a2a17SPawel Jakub Dawidek.Nm 42847a2a17SPawel Jakub Dawidekonly detects buffer corruptions for memory allocated with 43847a2a17SPawel Jakub Dawidek.Xr malloc 9 . 44847a2a17SPawel Jakub DawidekWhen such corruption is detected two backtraces are printed on the console. 45847a2a17SPawel Jakub DawidekThe first one shows from where memory was allocated, the second one shows from 46847a2a17SPawel Jakub Dawidekwhere memory was freed. 47847a2a17SPawel Jakub DawidekBy default the system will not panic when buffer corruption is detected. 48847a2a17SPawel Jakub DawidekThis can be changed by setting the 49847a2a17SPawel Jakub Dawidek.Va vm.redzone.panic 50847a2a17SPawel Jakub Dawidek.Xr sysctl 8 51847a2a17SPawel Jakub Dawidekvariable to 1. 52847a2a17SPawel Jakub DawidekThe amount of extra memory allocated for 53847a2a17SPawel Jakub Dawidek.Nm Ns 's 54847a2a17SPawel Jakub Dawidekneeds is stored in the 55847a2a17SPawel Jakub Dawidek.Va vm.redzone.extra_mem 56847a2a17SPawel Jakub Dawidek.Xr sysctl 8 57847a2a17SPawel Jakub Dawidekvariable. 58847a2a17SPawel Jakub Dawidek.Sh EXAMPLE 59847a2a17SPawel Jakub DawidekThe example below shows the logs from the detection of a buffer underflow and a 60847a2a17SPawel Jakub Dawidekbuffer overflow. 61847a2a17SPawel Jakub Dawidek.Bd -literal -offset indent 62847a2a17SPawel Jakub DawidekREDZONE: Buffer underflow detected. 2 bytes corrupted before 0xc8688580 (16 bytes allocated). 63847a2a17SPawel Jakub DawidekAllocation backtrace: 64847a2a17SPawel Jakub Dawidek#0 0xc0583e4e at redzone_setup+0x3c 65847a2a17SPawel Jakub Dawidek#1 0xc04a23fa at malloc+0x19e 66847a2a17SPawel Jakub Dawidek#2 0xcdeb69ca at redzone_modevent+0x60 67847a2a17SPawel Jakub Dawidek#3 0xc04a3f3c at module_register_init+0x82 68847a2a17SPawel Jakub Dawidek#4 0xc049d96a at linker_file_sysinit+0x8e 69847a2a17SPawel Jakub Dawidek#5 0xc049dc7c at linker_load_file+0xed 70847a2a17SPawel Jakub Dawidek#6 0xc04a041f at linker_load_module+0xc4 71847a2a17SPawel Jakub Dawidek#7 0xc049e883 at kldload+0x116 72847a2a17SPawel Jakub Dawidek#8 0xc05d9b3d at syscall+0x325 73847a2a17SPawel Jakub Dawidek#9 0xc05c944f at Xint0x80_syscall+0x1f 74847a2a17SPawel Jakub DawidekFree backtrace: 75847a2a17SPawel Jakub Dawidek#0 0xc0583f92 at redzone_check+0xd4 76847a2a17SPawel Jakub Dawidek#1 0xc04a2422 at free+0x1c 77847a2a17SPawel Jakub Dawidek#2 0xcdeb69a6 at redzone_modevent+0x3c 78847a2a17SPawel Jakub Dawidek#3 0xc04a438d at module_unload+0x61 79847a2a17SPawel Jakub Dawidek#4 0xc049e0b3 at linker_file_unload+0x89 80847a2a17SPawel Jakub Dawidek#5 0xc049e979 at kern_kldunload+0x96 81847a2a17SPawel Jakub Dawidek#6 0xc049ea00 at kldunloadf+0x2c 82847a2a17SPawel Jakub Dawidek#7 0xc05d9b3d at syscall+0x325 83847a2a17SPawel Jakub Dawidek#8 0xc05c944f at Xint0x80_syscall+0x1f 84847a2a17SPawel Jakub Dawidek 85847a2a17SPawel Jakub DawidekREDZONE: Buffer overflow detected. 4 bytes corrupted after 0xc8688590 (16 bytes allocated). 86847a2a17SPawel Jakub DawidekAllocation backtrace: 87847a2a17SPawel Jakub Dawidek#0 0xc0583e4e at redzone_setup+0x3c 88847a2a17SPawel Jakub Dawidek#1 0xc04a23fa at malloc+0x19e 89847a2a17SPawel Jakub Dawidek#2 0xcdeb69ca at redzone_modevent+0x60 90847a2a17SPawel Jakub Dawidek#3 0xc04a3f3c at module_register_init+0x82 91847a2a17SPawel Jakub Dawidek#4 0xc049d96a at linker_file_sysinit+0x8e 92847a2a17SPawel Jakub Dawidek#5 0xc049dc7c at linker_load_file+0xed 93847a2a17SPawel Jakub Dawidek#6 0xc04a041f at linker_load_module+0xc4 94847a2a17SPawel Jakub Dawidek#7 0xc049e883 at kldload+0x116 95847a2a17SPawel Jakub Dawidek#8 0xc05d9b3d at syscall+0x325 96847a2a17SPawel Jakub Dawidek#9 0xc05c944f at Xint0x80_syscall+0x1f 97847a2a17SPawel Jakub DawidekFree backtrace: 98847a2a17SPawel Jakub Dawidek#0 0xc0584020 at redzone_check+0x162 99847a2a17SPawel Jakub Dawidek#1 0xc04a2422 at free+0x1c 100847a2a17SPawel Jakub Dawidek#2 0xcdeb69a6 at redzone_modevent+0x3c 101847a2a17SPawel Jakub Dawidek#3 0xc04a438d at module_unload+0x61 102847a2a17SPawel Jakub Dawidek#4 0xc049e0b3 at linker_file_unload+0x89 103847a2a17SPawel Jakub Dawidek#5 0xc049e979 at kern_kldunload+0x96 104847a2a17SPawel Jakub Dawidek#6 0xc049ea00 at kldunloadf+0x2c 105847a2a17SPawel Jakub Dawidek#7 0xc05d9b3d at syscall+0x325 106847a2a17SPawel Jakub Dawidek#8 0xc05c944f at Xint0x80_syscall+0x1f 107847a2a17SPawel Jakub Dawidek.Ed 108847a2a17SPawel Jakub Dawidek.Sh SEE ALSO 109847a2a17SPawel Jakub Dawidek.Xr sysctl 8 , 110847a2a17SPawel Jakub Dawidek.Xr malloc 9 , 111847a2a17SPawel Jakub Dawidek.Xr memguard 9 112847a2a17SPawel Jakub Dawidek.Sh HISTORY 113847a2a17SPawel Jakub Dawidek.Nm 114847a2a17SPawel Jakub Dawidekfirst appeared in 115847a2a17SPawel Jakub Dawidek.Fx 7.0 . 116847a2a17SPawel Jakub Dawidek.Sh AUTHORS 117*8a7314fcSBaptiste Daroussin.An Pawel Jakub Dawidek Aq Mt pjd@FreeBSD.org 118847a2a17SPawel Jakub Dawidek.Sh BUGS 119847a2a17SPawel Jakub DawidekCurrently, 120847a2a17SPawel Jakub Dawidek.Nm 121847a2a17SPawel Jakub Dawidekdoes not cooperate with 122847a2a17SPawel Jakub Dawidek.Xr memguard 9 . 123847a2a17SPawel Jakub DawidekAllocations from a memory type controlled by 124847a2a17SPawel Jakub Dawidek.Xr memguard 9 125847a2a17SPawel Jakub Dawidekare simply skipped, so buffer corruptions will not be detected there. 126