From 64bf8795069dedf75fabb11925f3e631ad442ffa Mon Sep 17 00:00:00 2001
From: Michael Lotz <mmlr@mlotz.ch>
Date: Mon, 15 Feb 2010 23:48:51 +0000
Subject: [PATCH] Finish the implementation of
 heap_debug_malloc_with_guard_page() using mprotect to make the guard page
 inaccessible. Thanks Ingo for the pointer!

git-svn-id: file:///srv/svn/repos/haiku/haiku/trunk@35488 a95241bf-73f2-0310-859d-f6bbb57e9c96
---
 src/system/libroot/posix/malloc_debug/heap.cpp | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/system/libroot/posix/malloc_debug/heap.cpp b/src/system/libroot/posix/malloc_debug/heap.cpp
index 013f553edf..05aed47b6b 100644
--- a/src/system/libroot/posix/malloc_debug/heap.cpp
+++ b/src/system/libroot/posix/malloc_debug/heap.cpp
@@ -10,10 +10,14 @@
  */
 
 #include <malloc.h>
+#include <malloc_debug.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 
+#include <errno.h>
+#include <sys/mman.h>
+
 #include <locks.h>
 #include <syscalls.h>
 
@@ -1703,15 +1707,14 @@ heap_debug_dump_heaps(bool dumpAreas, bool dumpBins)
 extern "C" void *
 heap_debug_malloc_with_guard_page(size_t size)
 {
-	size_t areaSize = ROUNDUP(size + sizeof(area_allocation_info), B_PAGE_SIZE);
+	size_t areaSize = ROUNDUP(size + sizeof(area_allocation_info) + B_PAGE_SIZE,
+		B_PAGE_SIZE);
 	if (areaSize < size) {
 		// the size overflowed
 		return NULL;
 	}
 
 	void *address = NULL;
-	// TODO: this needs a kernel backend (flag) to enforce adding an unmapped
-	// page past the required pages so it will reliably crash
 	area_id allocationArea = create_area("guarded area", &address,
 		B_ANY_ADDRESS, areaSize, B_NO_LOCK, B_READ_AREA | B_WRITE_AREA);
 	if (allocationArea < B_OK) {
@@ -1720,6 +1723,13 @@ heap_debug_malloc_with_guard_page(size_t size)
 		return NULL;
 	}
 
+	if (mprotect((void *)((addr_t)address + areaSize - B_PAGE_SIZE),
+			B_PAGE_SIZE, PROT_NONE) != 0) {
+		panic("heap: failed to protect guard page: %s\n", strerror(errno));
+		delete_area(allocationArea);
+		return NULL;
+	}
+
 	area_allocation_info *info = (area_allocation_info *)address;
 	info->magic = kAreaAllocationMagic;
 	info->area = allocationArea;
@@ -1731,7 +1741,7 @@ heap_debug_malloc_with_guard_page(size_t size)
 
 	// the address is calculated so that the end of the allocation
 	// is at the end of the usable space of the requested area
-	address = (void *)((addr_t)address + areaSize - size);
+	address = (void *)((addr_t)address + areaSize - B_PAGE_SIZE - size);
 
 	INFO(("heap: allocated area %ld for guarded allocation of %lu bytes\n",
 		allocationArea, size));