Date: Wed, 30 Apr 2003 14:35:23 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: freebsd-net@freebsd.org Subject: Review needed: Mbuf double-free detection patch Message-ID: <20030430142532.F3741@odysseus.silby.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1764443641-1051731323=:3741 Content-Type: TEXT/PLAIN; charset=US-ASCII I'd be interested in comments on the attached patch from anyone who's been doing work with network drivers & such. All it does is add a M_FREELIST flag which is set whenever a mbuf is freed. If m_free or m_freem find this flag to be set, they will panic, as this is a clear sign that the mbuf was freed twice. (All flags are cleared whenever a mbuf is taken off the freelist, so false M_FREELIST hits shouldn't occur.) The system isn't perfect, as it won't catch mbufs which are reallocated before their second free occurs. However, it does seem to do a good job in catching simple double-free errors, which previously caused corruption that lead to panics in codepaths totally unrelated to the original double-free. (One of my double-free tests without this code managed to cause a mutex-related panic, somehow!) I could probably make this code test for use-after-free by checksumming the entire mbuf when M_FREELIST is set and verifying that the checksum has not changed when the mbuf is reallocated, but I think this code is useful enough as it is. Comments? Thanks, Mike "Silby" Silbersack --0-1764443641-1051731323=:3741 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="mbuf_double_free_detection.patch" Content-Transfer-Encoding: BASE64 Content-ID: <20030430143523.B3741@odysseus.silby.com> Content-Description: Content-Disposition: attachment; filename="mbuf_double_free_detection.patch" ZGlmZiAtdSAtciAvdXNyL3NyYy9zeXMub2xkL2tlcm4vc3Vicl9tYnVmLmMg L3Vzci9zcmMvc3lzL2tlcm4vc3Vicl9tYnVmLmMNCi0tLSAvdXNyL3NyYy9z eXMub2xkL2tlcm4vc3Vicl9tYnVmLmMJV2VkIEFwciAzMCAwMDowNTowMyAy MDAzDQorKysgL3Vzci9zcmMvc3lzL2tlcm4vc3Vicl9tYnVmLmMJV2VkIEFw ciAzMCAxNDoyODozMSAyMDAzDQpAQCAtMTM4MCw2ICsxMzgwLDkgQEANCiAJ aW50IGNjaG51bTsNCiAJc2hvcnQgcGVyc2lzdCA9IDA7DQogDQorCWlmICht Yi0+bV9mbGFncyAmIE1fRlJFRUxJU1QpDQorCQlwYW5pYygibV9mcmVlIGRl dGVjdGVkIGEgbWJ1ZiBkb3VibGUtZnJlZSIpOw0KKwltYi0+bV9mbGFncyB8 PSBNX0ZSRUVMSVNUOw0KIAlpZiAoKG1iLT5tX2ZsYWdzICYgTV9QS1RIRFIp ICE9IDApDQogCQltX3RhZ19kZWxldGVfY2hhaW4obWIsIE5VTEwpOw0KIAlu YiA9IG1iLT5tX25leHQ7DQpAQCAtMTQyMiw2ICsxNDI1LDkgQEANCiAJc2hv cnQgcGVyc2lzdDsNCiANCiAJd2hpbGUgKG1iICE9IE5VTEwpIHsNCisJCWlm IChtYi0+bV9mbGFncyAmIE1fRlJFRUxJU1QpDQorCQkJcGFuaWMoIm1fZnJl ZW0gZGV0ZWN0ZWQgYSBtYnVmIGRvdWJsZS1mcmVlIik7DQorCQltYi0+bV9m bGFncyB8PSBNX0ZSRUVMSVNUOw0KIAkJaWYgKChtYi0+bV9mbGFncyAmIE1f UEtUSERSKSAhPSAwKQ0KIAkJCW1fdGFnX2RlbGV0ZV9jaGFpbihtYiwgTlVM TCk7DQogCQlwZXJzaXN0ID0gMDsNCmRpZmYgLXUgLXIgL3Vzci9zcmMvc3lz Lm9sZC9zeXMvbWJ1Zi5oIC91c3Ivc3JjL3N5cy9zeXMvbWJ1Zi5oDQotLS0g L3Vzci9zcmMvc3lzLm9sZC9zeXMvbWJ1Zi5oCVdlZCBBcHIgMzAgMDA6MDQ6 MDAgMjAwMw0KKysrIC91c3Ivc3JjL3N5cy9zeXMvbWJ1Zi5oCVdlZCBBcHIg MzAgMTI6NDk6NTIgMjAwMw0KQEAgLTE1Myw2ICsxNTMsNyBAQA0KICNkZWZp bmUJTV9QUk9UTzMJMHgwMDQwCS8qIHByb3RvY29sLXNwZWNpZmljICovDQog I2RlZmluZQlNX1BST1RPNAkweDAwODAJLyogcHJvdG9jb2wtc3BlY2lmaWMg Ki8NCiAjZGVmaW5lCU1fUFJPVE81CTB4MDEwMAkvKiBwcm90b2NvbC1zcGVj aWZpYyAqLw0KKyNkZWZpbmUgTV9GUkVFTElTVAkweDQwMDAJLyogbWJ1ZiBp cyBvbiB0aGUgZnJlZSBsaXN0ICovDQogDQogLyoNCiAgKiBtYnVmIHBrdGhk ciBmbGFncyAoYWxzbyBzdG9yZWQgaW4gbV9mbGFncykuDQo= --0-1764443641-1051731323=:3741--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030430142532.F3741>