Module Name: src Committed By: maxv Date: Wed Mar 27 18:27:47 UTC 2019
Modified Files: src/sys/kern: subr_pool.c src/sys/sys: pool.h Log Message: Kernel Heap Hardening: detect frees-in-wrong-pool on on-page pools. The detection is already implicitly done for off-page pools. We recycle pr_slack (unused) in struct pool, and make ph_node a union in order to recycle an unsigned int in struct pool_item_header. Each time a pool is created we atomically increase a global counter, and register the current value in pp. We then propagate this value in each ph, and ensure they match in pool_put. This can catch several classes of kernel bugs and basically makes them unexploitable. It comes with no increase in memory usage and no measurable increase in CPU cost (inexistent cost actually, just one check predicted false). To generate a diff of this commit: cvs rdiff -u -r1.244 -r1.245 src/sys/kern/subr_pool.c cvs rdiff -u -r1.86 -r1.87 src/sys/sys/pool.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.