Kernels compiled with the
DEBUG option perform CPU intensive sanity checks on kmem operations, and include the
kmguard facility which can be enabled at runtime.
kmguard adds additional, very high overhead runtime verification to kmem operations. To enable it, boot the system with the
-d option, which causes the debugger to be entered early during the kernel boot process. Issue commands such as the following:
db> w kmem_guard_depth 0t30000
db> c
This instructs
kmguard to queue up to 60000 (30000*2) pages of unmapped KVA to catch use-after-free type errors. When
kmem_free() is called, memory backing a freed item is unmapped and the kernel VA space pushed onto a FIFO. The VA space will not be reused until another 30k items have been freed. Until reused the kernel will catch invalid accesses and panic with a page fault. Limitations:
•
It has a severe impact on performance.
•
It is best used on a 64-bit machine with lots of RAM.
•
Allocations larger than PAGE_SIZE bypass the kmguard facility.
kmguard tries to catch the following types of bugs:
•
Overflow at time of occurrence, by means of a guard page.
•
Underflow at kmem_free(), by using a canary value.
•
Invalid pointer or size passed, at kmem_free().