/share/man/man9/redzone.9

https://bitbucket.org/freebsd/freebsd-head/ · Unknown · 125 lines · 124 code · 1 blank · 0 comment · 0 complexity · 3fc3dcae5969fadc85bd7693842299b5 MD5 · raw file 

    

  1. .\" Copyright (c) 2006 Pawel Jakub Dawidek <pjd@FreeBSD.org>
    2. 

  2. .\" All rights reserved.
    3. 

  3. .\"
    4. 

  4. .\" Redistribution and use in source and binary forms, with or without
    5. 

  5. .\" modification, are permitted provided that the following conditions
    6. 

  6. .\" are met:
    7. 

  7. .\" 1. Redistributions of source code must retain the above copyright
    8. 

  8. .\"    notice, this list of conditions and the following disclaimer.
    9. 

  9. .\" 2. Redistributions in binary form must reproduce the above copyright
    10. 

  10. .\"    notice, this list of conditions and the following disclaimer in the
    11. 

  11. .\"    documentation and/or other materials provided with the distribution.
    12. 

  12. .\"
    13. 

  13. .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
    14. 

  14. .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    15. 

  15. .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    16. 

  16. .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
    17. 

  17. .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    18. 

  18. .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    19. 

  19. .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    20. 

  20. .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    21. 

  21. .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    22. 

  22. .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    23. 

  23. .\" SUCH DAMAGE.
    24. 

  24. .\"
    25. 

  25. .\" $FreeBSD$
    26. 

  26. .\"
    27. 

  27. .Dd January 9, 2009
    28. 

  28. .Dt REDZONE 9
    29. 

  29. .Os
    30. 

  30. .Sh NAME
    31. 

  31. .Nm RedZone
    32. 

  32. .Nd "buffer corruptions detector"
    33. 

  33. .Sh SYNOPSIS
    34. 

  34. .Cd "options KDB"
    35. 

  35. .Cd "options DDB"
    36. 

  36. .Cd "options DEBUG_REDZONE"
    37. 

  37. .Sh DESCRIPTION
    38. 

  38. .Nm
    39. 

  39. detects buffer underflow and buffer overflow bugs at runtime.
    40. 

  40. Currently
    41. 

  41. .Nm
    42. 

  42. only detects buffer corruptions for memory allocated with
    43. 

  43. .Xr malloc 9 .
    44. 

  44. When such corruption is detected two backtraces are printed on the console.
    45. 

  45. The first one shows from where memory was allocated, the second one shows from
    46. 

  46. where memory was freed.
    47. 

  47. By default the system will not panic when buffer corruption is detected.
    48. 

  48. This can be changed by setting the
    49. 

  49. .Va vm.redzone.panic
    50. 

  50. .Xr sysctl 8
    51. 

  51. variable to 1.
    52. 

  52. The amount of extra memory allocated for
    53. 

  53. .Nm Ns 's
    54. 

  54. needs is stored in the
    55. 

  55. .Va vm.redzone.extra_mem
    56. 

  56. .Xr sysctl 8
    57. 

  57. variable.
    58. 

  58. .Sh EXAMPLE
    59. 

  59. The example below shows the logs from the detection of a buffer underflow and a
    60. 

  60. buffer overflow.
    61. 

  61. .Bd -literal -offset indent
    62. 

  62. REDZONE: Buffer underflow detected. 2 bytes corrupted before 0xc8688580 (16 bytes allocated).
    63. 

  63. Allocation backtrace:
    64. 

  64. #0 0xc0583e4e at redzone_setup+0x3c
    65. 

  65. #1 0xc04a23fa at malloc+0x19e
    66. 

  66. #2 0xcdeb69ca at redzone_modevent+0x60
    67. 

  67. #3 0xc04a3f3c at module_register_init+0x82
    68. 

  68. #4 0xc049d96a at linker_file_sysinit+0x8e
    69. 

  69. #5 0xc049dc7c at linker_load_file+0xed
    70. 

  70. #6 0xc04a041f at linker_load_module+0xc4
    71. 

  71. #7 0xc049e883 at kldload+0x116
    72. 

  72. #8 0xc05d9b3d at syscall+0x325
    73. 

  73. #9 0xc05c944f at Xint0x80_syscall+0x1f
    74. 

  74. Free backtrace:
    75. 

  75. #0 0xc0583f92 at redzone_check+0xd4
    76. 

  76. #1 0xc04a2422 at free+0x1c
    77. 

  77. #2 0xcdeb69a6 at redzone_modevent+0x3c
    78. 

  78. #3 0xc04a438d at module_unload+0x61
    79. 

  79. #4 0xc049e0b3 at linker_file_unload+0x89
    80. 

  80. #5 0xc049e979 at kern_kldunload+0x96
    81. 

  81. #6 0xc049ea00 at kldunloadf+0x2c
    82. 

  82. #7 0xc05d9b3d at syscall+0x325
    83. 

  83. #8 0xc05c944f at Xint0x80_syscall+0x1f
    84. 

  84. 

  85. REDZONE: Buffer overflow detected. 4 bytes corrupted after 0xc8688590 (16 bytes allocated).
    86. 

  86. Allocation backtrace:
    87. 

  87. #0 0xc0583e4e at redzone_setup+0x3c
    88. 

  88. #1 0xc04a23fa at malloc+0x19e
    89. 

  89. #2 0xcdeb69ca at redzone_modevent+0x60
    90. 

  90. #3 0xc04a3f3c at module_register_init+0x82
    91. 

  91. #4 0xc049d96a at linker_file_sysinit+0x8e
    92. 

  92. #5 0xc049dc7c at linker_load_file+0xed
    93. 

  93. #6 0xc04a041f at linker_load_module+0xc4
    94. 

  94. #7 0xc049e883 at kldload+0x116
    95. 

  95. #8 0xc05d9b3d at syscall+0x325
    96. 

  96. #9 0xc05c944f at Xint0x80_syscall+0x1f
    97. 

  97. Free backtrace:
    98. 

  98. #0 0xc0584020 at redzone_check+0x162
    99. 

  99. #1 0xc04a2422 at free+0x1c
    100. 

  100. #2 0xcdeb69a6 at redzone_modevent+0x3c
    101. 

  101. #3 0xc04a438d at module_unload+0x61
    102. 

  102. #4 0xc049e0b3 at linker_file_unload+0x89
    103. 

  103. #5 0xc049e979 at kern_kldunload+0x96
    104. 

  104. #6 0xc049ea00 at kldunloadf+0x2c
    105. 

  105. #7 0xc05d9b3d at syscall+0x325
    106. 

  106. #8 0xc05c944f at Xint0x80_syscall+0x1f
    107. 

  107. .Ed
    108. 

  108. .Sh SEE ALSO
    109. 

  109. .Xr sysctl 8 ,
    110. 

  110. .Xr malloc 9 ,
    111. 

  111. .Xr memguard 9
    112. 

  112. .Sh HISTORY
    113. 

  113. .Nm
    114. 

  114. first appeared in
    115. 

  115. .Fx 7.0 .
    116. 

  116. .Sh AUTHORS
    117. 

  117. .An Pawel Jakub Dawidek Aq pjd@FreeBSD.org
    118. 

  118. .Sh BUGS
    119. 

  119. Currently,
    120. 

  120. .Nm
    121. 

  121. does not cooperate with
    122. 

  122. .Xr memguard 9 .
    123. 

  123. Allocations from a memory type controlled by
    124. 

  124. .Xr memguard 9
    125. 

  125. are simply skipped, so buffer corruptions will not be detected there.
    126.