Heap overflow in mps(4) (was: Re: stable/9 mps(4) rev 254938 == BOOM!)
wollman at csail.mit.edu
wollman at csail.mit.edu
Wed Jan 29 21:37:18 UTC 2014
In article <52E94FC2.1010901 at bitfrost.no>, hps at bitfrost.no writes:
>To me this sounds like someone is writing outside their assigned area.
>
>options DEBUG_REDZONE
hselasky@ nails it! The mps(4) changes in stable/9 r254938 reliably
cause a GPF during boot in non-debugging kernels, but adding
DEBUG_REDZONE is sufficient to prevent the fault. Whichever heap
allocation is being overrun does *not* ever get freed: there are no
redzone messages on the console. (It also boots much faster with the
new probing code, which is certainly a plus for debugging.)
I can confirm that the tip of stable/9 (r261256) also works with
DEBUG_REDZONE and fails without it. Only trouble is that I need to do
performance testing, which DEBUG_REDZONE is not exactly going to help
with.
-GAWollman
More information about the freebsd-scsi
mailing list