MEMGUARD(9) BSD Kernel Developer's Manual MEMGUARD(9)NAME
MemGuard — memory allocator for debugging purposes
MemGuard is a simple and small replacement memory allocator designed to
help detect tamper-after-free scenarios. These problems are more and
more common and likely with multithreaded kernels where race conditions
are more prevalent.
Currently, MemGuard can take over malloc(), realloc() and free() for a
single malloc type. MemGuard can also guard all allocations larger than
PAGE_SIZE, and can guard a random fraction of all allocations. There is
also a knob to prevent allocations smaller than a specified size from
being guarded, to limit memory waste.
To use MemGuard for a memory type, either add an entry to
Or set the vm.memguard.desc sysctl(8) variable at run-time:
Where memory_type is a short description of the memory type to monitor.
Only allocations from that memory_type made after vm.memguard.desc is set
will potentially be guarded. If vm.memguard.desc is modified at run-time
then only allocations of the new memory_type will potentially be guarded
once the sysctl(8) is set. Existing guarded allocations will still be
properly released by free(9).
The short description of a malloc(9) type is the second argument to
MALLOC_DEFINE(9), so one has to find it in the kernel source.
The vm.memguard.divisor boot-time tunable is used to scale how much of
the system's physical memory MemGuard is allowed to consume. The default
is 10, so up to cnt.v_page_count/10 pages can be used. MemGuard will
reserve vm_kmem_max / vm.memguard.divisor bytes of virtual address space,
limited by twice the physical memory size. The physical limit is
reported as vm.memguard.phys_limit and the virtual space reserved for
MemGuard is reported as vm.memguard.mapsize.
MemGuard will not do page promotions for any allocation smaller than
vm.memguard.minsize bytes. The default is 0, meaning all allocations can
potentially be guarded. MemGuard can guard sufficiently large alloca‐
tions randomly, with average frequency of every one in 100000 /
vm.memguard.frequency allocations. The default is 0, meaning no alloca‐
tions are randomly guarded.
MemGuard can optionally add unmapped guard pages around each allocation
to detect overflow and underflow, if vm.memguard.options has the 1 bit
set. This option is enabled by default. MemGuard will optionally guard
all allocations of PAGE_SIZE or larger if vm.memguard.options has the 2
bit set. This option is off by default.
SEE ALSOsysctl(8), vmstat(8), contigmalloc(9), malloc(9), redzone(9)HISTORY
MemGuard first appeared in FreeBSD 6.0.
MemGuard was originally written by Bosko Milekic ⟨bmilekic@FreeBSD.org⟩.
This manual page was originally written by Christian Brueffer
⟨brueffer@FreeBSD.org⟩. Additions have been made by Matthew Fleming
⟨mdf@FreeBSD.org⟩ to both the implementation and the documentation.
Currently, it is not possible to override UMA zone(9) allocations.
BSD August 2, 2010 BSD