From owner-freebsd-current@FreeBSD.ORG  Thu Jun 23 05:23:27 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6C13D16A41C
	for <current@freebsd.org>; Thu, 23 Jun 2005 05:23:27 +0000 (GMT)
	(envelope-from silby@silby.com)
Received: from relay03.pair.com (relay03.pair.com [209.68.5.17])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0B82143D49
	for <current@freebsd.org>; Thu, 23 Jun 2005 05:23:26 +0000 (GMT)
	(envelope-from silby@silby.com)
Received: (qmail 95004 invoked from network); 23 Jun 2005 05:23:25 -0000
Received: from unknown (HELO localhost) (unknown)
	by unknown with SMTP; 23 Jun 2005 05:23:25 -0000
X-pair-Authenticated: 209.68.2.70
Date: Thu, 23 Jun 2005 00:23:09 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: current@freebsd.org
Message-ID: <20050623002212.N66538@odysseus.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; FORMAT=flowed
Content-ID: <20050615024806.L660@odysseus.silby.com>
Cc: 
Subject: now committed: UMA mbuf allocator use after free detection
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2005 05:23:27 -0000


I just commit the patch described below - if you start seeing any weird 
behavior that's networking related, please tell me - the trash allocator 
might be provoking a use after free that wasn't detected until now.

Mike "Silby" Silbersack

---------- Forwarded message ----------
Date: Wed, 15 Jun 2005 02:49:08 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: current@freebsd.org
Cc: Bosko Milekic <bmilekic@technokratis.com>
Subject: UMA mbuf allocator use after free detection


The attached patch uses the trash ctor/dtor routines from uma_dbg to help 
detect use after free conditions for mbufs, and mbuf clusters.  It doesn't seem 
to cause any unexpected problems with xl, ath, or wi, but it does cause issues 
with iwi.  That is good, because iwi has some problems that need to be 
resolved.

I'd appreciate it if people could apply the patch and see if it causes any 
panics or unexpected behavior on their systems.  If all mbuf usage is correct, 
there should be no visible effect.

This code is of course only active when you have INVARIANTS compiled in so that 
it does not slow down performance otherwise.

Thanks,

Mike "Silby" Silbersack