From owner-freebsd-hackers@FreeBSD.ORG Mon Jun 1 16:55:52 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E090EE80 for ; Mon, 1 Jun 2015 16:55:52 +0000 (UTC) (envelope-from Suresh.Gumpula@netapp.com) Received: from mx142.netapp.com (mx142.netapp.com [216.240.21.19]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mx142.netapp.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B40F31981 for ; Mon, 1 Jun 2015 16:55:52 +0000 (UTC) (envelope-from Suresh.Gumpula@netapp.com) X-IronPort-AV: E=Sophos;i="5.13,534,1427785200"; d="scan'208";a="44639024" Received: from hioexcmbx05-prd.hq.netapp.com ([10.122.105.38]) by mx142-out.netapp.com with ESMTP; 01 Jun 2015 09:50:52 -0700 Received: from HIOEXCMBX03-PRD.hq.netapp.com (10.122.105.36) by hioexcmbx05-prd.hq.netapp.com (10.122.105.38) with Microsoft SMTP Server (TLS) id 15.0.1076.9; Mon, 1 Jun 2015 09:50:51 -0700 Received: from HIOEXCMBX03-PRD.hq.netapp.com ([fe80::10a9:77a2:f937:e9da]) by hioexcmbx03-prd.hq.netapp.com ([fe80::10a9:77a2:f937:e9da%21]) with mapi id 15.00.1076.000; Mon, 1 Jun 2015 09:50:50 -0700 From: "Gumpula, Suresh" To: "freebsd-hackers@freebsd.org" Subject: Re: Use after free check for all private zones too Thread-Topic: Use after free check for all private zones too Thread-Index: AQHQhopTQv6FyLvjkE2duWbwV+tNQZ2YO22A Date: Mon, 1 Jun 2015 16:50:50 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.7.141117 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.122.56.79] Content-Type: multipart/mixed; boundary="_002_D19203B63975Cgsureshnetappcom_" MIME-Version: 1.0 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Jun 2015 16:55:53 -0000 --_002_D19203B63975Cgsureshnetappcom_ Content-Type: text/plain; charset="us-ascii" Content-ID: <17DE2A073DA2BD4CB2583EE0D741C3BC@hq.netapp.com> Content-Transfer-Encoding: quoted-printable Hi, I have attached the diff. Can somebody please review and commit this ? Thanks Suresh On 5/4/15, 12:49 PM, "Gumpula, Suresh" wrote: >Hi , > Currently use after free check is available for power of 2 malloc >zones ( mt_rash_ctor/ m_trash_dotr ) which writes uma_junk(0xdeadc0de) on >freed memory and >validates on reusing the object for others . > Similary we( NETAPP) have added a check for all other private zones >too with trash_ctor/ trash_dtor . We pass the trash_ctor/trash_dtor >to uma_zcreate(9) if it is called with NULL for constructor/destructor. >This change uncovered the couple of bugs inernally. One of this is in >tcp timer bug >https://svnweb.freebsd.org/base?view=3Drevision&revision=3D281599 > >Its a useful check and uncovers use after free bugs . Would like to push >this change . Any comments/suggestions please ? > >Thanks >Suresh > > > >_______________________________________________ >freebsd-hackers@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" --_002_D19203B63975Cgsureshnetappcom_ Content-Type: application/octet-stream; name="patch.patch" Content-Description: patch.patch Content-Disposition: attachment; filename="patch.patch"; size=1446; creation-date="Mon, 01 Jun 2015 16:50:49 GMT"; modification-date="Mon, 01 Jun 2015 16:50:49 GMT" Content-ID: <65EE2E0E69E38741ABDC01EE474295E6@hq.netapp.com> Content-Transfer-Encoding: base64 ZGlmZiAtdXJOIGhlYWQvc3lzL3ZtL3VtYV9jb3JlLmMgem9uZV9jcHVfY2FjaGUvc3lzL3ZtL3Vt YV9jb3JlLmMKLS0tIGhlYWQvc3lzL3ZtL3VtYV9jb3JlLmMJMjAxNC0xMS0xMyAyMDozNjo0NS4w MTE0MDYwMDAgLTA1MDAKKysrIHpvbmVfY3B1X2NhY2hlL3N5cy92bS91bWFfY29yZS5jCTIwMTUt MDUtMjEgMTA6MzM6NDEuMjM5NTY4MDAwIC0wNDAwCkBAIC0xOTM5LDYgKzE5MzksMTcgQEAKIAlh cmdzLmR0b3IgPSBkdG9yOwogCWFyZ3MudW1pbml0ID0gdW1pbml0OwogCWFyZ3MuZmluaSA9IGZp bmk7CisjaWZkZWYgIElOVkFSSUFOVFMKKyAgICAgICAgLypJZiBhIHpvbmUgaXMgYmVpbmcgY3Jl YXRlZCB3aXRoIGFuIGVtcHR5IGNvbnN0cnVjdG9yIGFuZCBkZXN0cnVjdG9yICwgcGFzcyBVTUEg Y29uc3RydWN0b3IvZGVzdHJ1Y3RvcgorICAgICAgICAgIHdoaWNoIGNoZWNrIGZvciB1c2UgYWZ0 ZXIgZnJlZSBvZiBtZW1vcnkKKyAgICAgICAgICAqLworICAgICAgICBpZiAoKCEoZmxhZ3MgJiBV TUFfWk9ORV9aSU5JVCkpICYmIGN0b3IgPT0gTlVMTCAmJiBkdG9yID09IE5VTEwgJiYgdW1pbml0 ID09IE5VTEwgJiYgZmluaSA9PSBOVUxMKSB7CisgICAgICAgICAgICAgICAgYXJncy5jdG9yID0g dHJhc2hfY3RvcjsKKyAgICAgICAgICAgICAgICBhcmdzLmR0b3IgPSB0cmFzaF9kdG9yOworICAg ICAgICAgICAgICAgIGFyZ3MudW1pbml0ID0gdHJhc2hfaW5pdDsKKyAgICAgICAgICAgICAgICBh cmdzLmZpbmkgPSB0cmFzaF9maW5pOworICAgICAgICB9CisjZW5kaWYKIAlhcmdzLmFsaWduID0g YWxpZ247CiAJYXJncy5mbGFncyA9IGZsYWdzOwogCWFyZ3Mua2VnID0gTlVMTDsKZGlmZiAtdXJO IGhlYWQvc3lzL3ZtL3VtYV9kYmcuYyB6b25lX2NwdV9jYWNoZS9zeXMvdm0vdW1hX2RiZy5jCi0t LSBoZWFkL3N5cy92bS91bWFfZGJnLmMJMjAxNC0xMS0xMyAyMDozNjo0NC44MTQ0MDAwMDAgLTA1 MDAKKysrIHpvbmVfY3B1X2NhY2hlL3N5cy92bS91bWFfZGJnLmMJMjAxNS0wNS0yMSAxMDozNjow NC44NTg0NjgwMDAgLTA0MDAKQEAgLTY5LDggKzY5LDExIEBACiAKIAlmb3IgKHAgPSBtZW07IGNu dCA+IDA7IGNudC0tLCBwKyspCiAJCWlmICgqcCAhPSB1bWFfanVuaykgewotCQkJcHJpbnRmKCJN ZW1vcnkgbW9kaWZpZWQgYWZ0ZXIgZnJlZSAlcCglZCkgdmFsPSV4IEAgJXBcbiIsCi0JCQkgICAg bWVtLCBzaXplLCAqcCwgcCk7CisjaWZkZWYgSU5WQVJJQU5UUworCQkJcGFuaWMoIk1lbW9yeSBt b2RpZmllZCBhZnRlciBmcmVlICVwKCVkKSB2YWw9JXggQCAlcFxuIiwgbWVtLCBzaXplLCAqcCwg cCk7CisjZWxzZQorCQkJcHJpbnRmKCJNZW1vcnkgbW9kaWZpZWQgYWZ0ZXIgZnJlZSAlcCglZCkg dmFsPSV4IEAgJXBcbiIsIG1lbSwgc2l6ZSwgKnAsIHApOworI2VuZGlmCiAJCQlyZXR1cm4gKDAp OwogCQl9CiAJcmV0dXJuICgwKTsK --_002_D19203B63975Cgsureshnetappcom_--