Date: Fri, 2 May 2003 01:08:45 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: freebsd-net@freebsd.org Subject: More mbuf INVARIANTS code, comments needed Message-ID: <20030502010545.U610@odysseus.silby.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] Now that I have the double-free code in (under INVARIANTS), I'm considering the attached patch as well; it fills the m_data, m_next, and m_nextpkt fields with non-NULL garbage in hopes that any uses after free will be immediately fatal. Does anyone see problems with this, and/or other simple checks that could be added cheaply? Thanks, Mike "Silby" Silbersack [-- Attachment #2 --] diff -u -r /usr/src/sys.old/kern/subr_mbuf.c /usr/src/sys/kern/subr_mbuf.c --- /usr/src/sys.old/kern/subr_mbuf.c Thu May 1 22:55:09 2003 +++ /usr/src/sys/kern/subr_mbuf.c Fri May 2 00:53:08 2003 @@ -1404,6 +1404,12 @@ } } } +#ifdef INVARIANTS + /* Fill with junk data to provoke panics from accesses after free */ + mb->m_data = (void *) 0x137; + mb->m_next = (void *) 0x138; + mb->m_nextpkt = (void *) 0x139; +#endif mb_free(&mb_list_mbuf, mb, mb->m_type, persist, &cchnum); return (nb); } @@ -1453,6 +1459,12 @@ } } } +#ifdef INVARIANTS + /* Fill with junk data to provoke panics from accesses after free */ + m->m_data = (void *) 0x137; + m->m_next = (void *) 0x138; + m->m_nextpkt = (void *) 0x139; +#endif mb_free(&mb_list_mbuf, m, m->m_type, persist, &cchnum); } }help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030502010545.U610>