summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/kern/kern_malloc.c6
-rw-r--r--sys/kern/subr_pool.c6
-rw-r--r--sys/uvm/uvm_init.c19
3 files changed, 28 insertions, 3 deletions
diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c
index 42291b0c7e6..cd7a54107ef 100644
--- a/sys/kern/kern_malloc.c
+++ b/sys/kern/kern_malloc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_malloc.c,v 1.68 2007/04/11 12:10:42 art Exp $ */
+/* $OpenBSD: kern_malloc.c,v 1.69 2007/04/12 21:47:45 miod Exp $ */
/* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */
/*
@@ -101,7 +101,11 @@ const long addrmask[] = { 0,
* The WEIRD_ADDR is used as known text to copy into free objects so
* that modifications after frees can be detected.
*/
+#ifdef DEADBEEF0
+#define WEIRD_ADDR ((unsigned) DEADBEEF0)
+#else
#define WEIRD_ADDR ((unsigned) 0xdeadbeef)
+#endif
#define MAX_COPY 32
/*
diff --git a/sys/kern/subr_pool.c b/sys/kern/subr_pool.c
index 6d08f849656..15b812ecdaf 100644
--- a/sys/kern/subr_pool.c
+++ b/sys/kern/subr_pool.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: subr_pool.c,v 1.49 2007/04/11 12:10:42 art Exp $ */
+/* $OpenBSD: subr_pool.c,v 1.50 2007/04/12 21:47:45 miod Exp $ */
/* $NetBSD: subr_pool.c,v 1.61 2001/09/26 07:14:56 chs Exp $ */
/*-
@@ -100,7 +100,11 @@ struct pool_item {
#ifdef DIAGNOSTIC
int pi_magic;
#endif
+#ifdef DEADBEEF1
+#define PI_MAGIC DEADBEEF1
+#else
#define PI_MAGIC 0xdeafbeef
+#endif
/* Other entries use only this list entry */
TAILQ_ENTRY(pool_item) pi_list;
};
diff --git a/sys/uvm/uvm_init.c b/sys/uvm/uvm_init.c
index 92f14bcccbc..2f33534d941 100644
--- a/sys/uvm/uvm_init.c
+++ b/sys/uvm/uvm_init.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uvm_init.c,v 1.13 2006/07/13 22:51:26 deraadt Exp $ */
+/* $OpenBSD: uvm_init.c,v 1.14 2007/04/12 21:47:46 miod Exp $ */
/* $NetBSD: uvm_init.c,v 1.14 2000/06/27 17:29:23 mrg Exp $ */
/*
@@ -153,6 +153,23 @@ uvm_init()
uvm_km_page_init();
/*
+ * reserve some unmapped space for malloc/pool use after free usage
+ */
+#ifdef DEADBEEF0
+ kvm_start = DEADBEEF0 - PAGE_SIZE;
+ if (uvm_map(kernel_map, &kvm_start, 3 * PAGE_SIZE,
+ NULL, UVM_UNKNOWN_OFFSET, 0, UVM_MAPFLAG(UVM_PROT_NONE,
+ UVM_PROT_NONE, UVM_INH_NONE, UVM_ADV_RANDOM, UVM_FLAG_FIXED)))
+ panic("uvm_init: cannot reserve dead beef @0x%x\n", DEADBEEF0);
+#endif
+#ifdef DEADBEEF1
+ kvm_start = DEADBEEF1 - PAGE_SIZE;
+ if (uvm_map(kernel_map, &kvm_start, 3 * PAGE_SIZE,
+ NULL, UVM_UNKNOWN_OFFSET, 0, UVM_MAPFLAG(UVM_PROT_NONE,
+ UVM_PROT_NONE, UVM_INH_NONE, UVM_ADV_RANDOM, UVM_FLAG_FIXED)))
+ panic("uvm_init: cannot reserve dead beef @0x%x\n", DEADBEEF1);
+#endif
+ /*
* done!
*/