Bring in MemGuard, a very simple and small replacement allocator
designed to help detect tamper-after-free scenarios, a problem more
and more common and likely with multithreaded kernels where race
conditions are more prevalent.
Currently MemGuard can only take over malloc()/realloc()/free() for
particular (a) malloc type(s) and the code brought in with this
change manually instruments it to take over M_SUBPROC allocations
as an example. If you are planning to use it, for now you must:
- Put "options DEBUG_MEMGUARD" in your kernel config.
- Edit src/sys/kern/kern_malloc.c manually, look for
"XXX CHANGEME" and replace the M_SUBPROC comparison with the appropriate malloc type (this might require additional but small/simple code modification if, say, the malloc type is declared out of scope).
- Build and install your kernel. Tune vm.memguard_divisor
boot-time tunable which is used to scale how much of kmem_map you want to allott for MemGuard's use. The default is 10, so kmem_size/10.
ToDo:
- Bring in a memguard(9) man page.
- Better instrumentation (e.g., boot-time) of MemGuard taking
over malloc types.
- Teach UMA about MemGuard to allow MemGuard to override zone
allocations too.
- Improve MemGuard if necessary.
This work is partly based on some old patches from Ian Dowse.