The last poison change is awesome, it is triggering use after free bugs.

Some of them aren't too difficult to find and fix, but others are turning
out to be deeply hidden.  The timing is poor -- disable this for now.
We need to revisit this right after tree unlock.

diff --git a/sys/kern/subr_poison.c b/sys/kern/subr_poison.c
index 580406f..126462b 100644 (file)
--- a/sys/kern/subr_poison.c
+++ b/sys/kern/subr_poison.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: subr_poison.c,v 1.10 2014/07/08 22:30:26 tedu Exp $ */
+/*     $OpenBSD: subr_poison.c,v 1.11 2014/07/22 21:41:09 deraadt Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -44,17 +44,7 @@ poison_value(void *v)
 
        l = l >> PAGE_SHIFT;
 
-       switch (l & 3) {
-       case 0:
-               return POISON0;
-       case 1:
-               return POISON1;
-       case 2:
-               return ~POISON0;
-       case 3:
-               return ~POISON1;
-       }
-       return 0;
+       return (l & 1) ? POISON0 : POISON1;
 }
 
 void