1.\" Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 31, 2006 28.Dt REDZONE 9 29.Os 30.Sh NAME 31.Nm RedZone 32.Nd "buffer corruptions detector" 33.Sh SYNOPSIS 34.Cd "options DEBUG_REDZONE" 35.Sh DESCRIPTION 36.Nm 37detects buffer underflow and buffer overflow bugs at runtime. 38Currently 39.Nm 40only detects buffer corruptions for memory allocated with 41.Xr malloc 9 . 42When such corruption is detected two backtraces are printed on the console. 43The first one shows from where memory was allocated, the second one shows from 44where memory was freed. 45By default the system will not panic when buffer corruption is detected. 46This can be changed by setting the 47.Va vm.redzone.panic 48.Xr sysctl 8 49variable to 1. 50The amount of extra memory allocated for 51.Nm Ns 's 52needs is stored in the 53.Va vm.redzone.extra_mem 54.Xr sysctl 8 55variable. 56.Sh EXAMPLE 57The example below shows the logs from the detection of a buffer underflow and a 58buffer overflow. 59.Bd -literal -offset indent 60REDZONE: Buffer underflow detected. 2 bytes corrupted before 0xc8688580 (16 bytes allocated). 61Allocation backtrace: 62#0 0xc0583e4e at redzone_setup+0x3c 63#1 0xc04a23fa at malloc+0x19e 64#2 0xcdeb69ca at redzone_modevent+0x60 65#3 0xc04a3f3c at module_register_init+0x82 66#4 0xc049d96a at linker_file_sysinit+0x8e 67#5 0xc049dc7c at linker_load_file+0xed 68#6 0xc04a041f at linker_load_module+0xc4 69#7 0xc049e883 at kldload+0x116 70#8 0xc05d9b3d at syscall+0x325 71#9 0xc05c944f at Xint0x80_syscall+0x1f 72Free backtrace: 73#0 0xc0583f92 at redzone_check+0xd4 74#1 0xc04a2422 at free+0x1c 75#2 0xcdeb69a6 at redzone_modevent+0x3c 76#3 0xc04a438d at module_unload+0x61 77#4 0xc049e0b3 at linker_file_unload+0x89 78#5 0xc049e979 at kern_kldunload+0x96 79#6 0xc049ea00 at kldunloadf+0x2c 80#7 0xc05d9b3d at syscall+0x325 81#8 0xc05c944f at Xint0x80_syscall+0x1f 82 83REDZONE: Buffer overflow detected. 4 bytes corrupted after 0xc8688590 (16 bytes allocated). 84Allocation backtrace: 85#0 0xc0583e4e at redzone_setup+0x3c 86#1 0xc04a23fa at malloc+0x19e 87#2 0xcdeb69ca at redzone_modevent+0x60 88#3 0xc04a3f3c at module_register_init+0x82 89#4 0xc049d96a at linker_file_sysinit+0x8e 90#5 0xc049dc7c at linker_load_file+0xed 91#6 0xc04a041f at linker_load_module+0xc4 92#7 0xc049e883 at kldload+0x116 93#8 0xc05d9b3d at syscall+0x325 94#9 0xc05c944f at Xint0x80_syscall+0x1f 95Free backtrace: 96#0 0xc0584020 at redzone_check+0x162 97#1 0xc04a2422 at free+0x1c 98#2 0xcdeb69a6 at redzone_modevent+0x3c 99#3 0xc04a438d at module_unload+0x61 100#4 0xc049e0b3 at linker_file_unload+0x89 101#5 0xc049e979 at kern_kldunload+0x96 102#6 0xc049ea00 at kldunloadf+0x2c 103#7 0xc05d9b3d at syscall+0x325 104#8 0xc05c944f at Xint0x80_syscall+0x1f 105.Ed 106.Sh SEE ALSO 107.Xr sysctl 8 , 108.Xr malloc 9 , 109.Xr memguard 9 110.Sh HISTORY 111.Nm 112first appeared in 113.Fx 7.0 . 114.Sh AUTHORS 115.An Pawel Jakub Dawidek Aq pjd@FreeBSD.org 116.Sh BUGS 117Currently, 118.Nm 119does not cooperate with 120.Xr memguard 9 . 121Allocations from a memory type controlled by 122.Xr memguard 9 123are simply skipped, so buffer corruptions will not be detected there. 124