[Bug 191359] [memguard] [panic] Memory modified after free w/MEMGUARD build
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jan 7 13:44:34 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191359
luke.tw at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |luke.tw at gmail.com
--- Comment #1 from luke.tw at gmail.com ---
Dear Peter,
I managed to find the root cause.
The bug can be reproduced by setting "sysctl vm.memguard.options=2" and ssh
activity
1. memguard.options = 2 enable memguard to protect all allocations that are
bigger than PAGE_SIZE.
2. ssh activity allocates mbuf that uses zone with UMA_ZONE_REFCNT flag. The
zone is protected by memguard.
However, these two features save values in the same union plinks in vm_page
1. memguard save allocation size in vm_page->plinks.memguard.v
2. UMA_ZONE_REFCNT save refcount in vm_page->plinks.s.pv
The following patch can work around this bug.
Index: sys/vm/memguard.c
===================================================================
--- sys/vm/memguard.c (revision 276729)
+++ sys/vm/memguard.c (working copy)
@@ -506,6 +506,9 @@
zone->uz_flags & UMA_ZONE_NOFREE)
return (0);
+ if (zone->uz_flags & UMA_ZONE_REFCNT)
+ return (0);
+
if (memguard_cmp(zone->uz_size))
return (1);
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list