MemGuard can detect use-after-free kernel memory bugs on FreeBSD. It was originally designed to protect the memory allocated by malloc(9). Later the support for UMA was added. However, some UMA zones are not compatible with MemGuard. For example, some UMA zones use the conflict field in vm_page structure. Some zones have init and fini functions that need to be called. This results in panic whe MemGuard tries to guard these zones.
This talk will cover the implementation and experience of MemGuard. With this enhancement, three previous unknown memory bugs are found.
Further Reading: FreeBSD Journal article