Using Application Data Integrity (ADI)

The SPARC M7, SPARC M8, SPARC S7, SPARC T7, and SPARC T8 servers support the Application Data Integrity (ADI) feature. The adiheap and adistack security extensions enable ADI usage on these platforms by the malloc() family of functions in the libumem and libc libraries. You can also use the libadimalloc library on platforms that support ADI.

ADI detects memory corruptions in optimized production code by adding version numbers to the application's memory pointers and the memory they point to. The hardware does this by allowing software to mark software buffers with special versions. On execution the processor compares the version encoded in the pointer used by a load or store instruction with the version assigned to the target location and generates an exception if there is a mismatch. The ADI feature can be used by the Database, by user applications that manage memory, and by the OS. For more information about developing applications that use ADI, see the adi(2) and adi(3C) man pages.

High-level interfaces that support ADI include the following:

adiheap security extension

Protects against process heap corruption by enabling ADI usage by the malloc family of functions in libumem and libc. For more information, see Preventing Process Heap Corruption Using adiheap in Securing Systems and Attached Devices in Oracle Solaris 11.4.

adistack security extension

Protects against stack buffer overflow. For more information, see ADI-Based Stack Protection Using adistack in Securing Systems and Attached Devices in Oracle Solaris 11.4.

kadi security extension

Uses ADI to assist in debugging kernel ADI errors. For more information, see Using KADI in Writing Device Drivers in Oracle Solaris 11.4.

libc library

After the adiheap security extension is enabled, the malloc family of functions is ADI-aware. For more information, see the libc(3LIB) man page.

libumem library

After the adiheap security extension is enabled, the malloc family of functions is ADI-aware. For more information, see the libumem(3LIB) man page.

libadimalloc library

Contains ADI-aware memory allocation functions. For more information, see the libadimalloc(3LIB) man page.

For additional information and examples. refer to:

• Requesting Security Extensions in Oracle Solaris 11.4 Linkers and Libraries Guide

• Protecting Against Malware With Security Extensions in Securing Systems and Attached Devices in Oracle Solaris 11.4.

• sxadm(8) man page

Low-level interfaces that support ADI include the following:

copyin()

Returns an error value when there is a version mismatch. For more information, see the copyin(9F) man page.

copyout()

Returns an error value when there is a version mismatch. For more information, see the copyout(9F) man page.

ddi_copyin()

Returns an error value when there is a version mismatch. For more information, see the ddi_copyin(9F) man page.

ddi_copyout()

Returns an error value when there is a version mismatch. For more information, see the ddi_copyout(9F) man page.

getmsg()

Returns an error value if a version mismatch is detected while the system is writing data to the buffer. For more information, see the getmsg(2) man page.

memcntl()

Allows ADI to be enabled or disabled for specified memory pages. For more information, see the memcntl(2) man page.

meminfo()

Provides the status of ADI for a specified virtual address. For more information, see the meminfo(2) man page.

mmap()

Enables ADI for mapped pages. For more information, see the mmap(2) man page.

pmap()

Reports which process mappings have ADI enabled. For more information, see the pmap(1) man page.

proc()

Provides information about the state of a ADI process. For more information, see the proc(5) man page.

putmsg()

Returns an error value if there is a version mismatch while the system is reading data from the buffer. For more information, see the putmsg(2) man page.

read()

Returns an error value if there is a version mismatch while the system is writing data to the buffer. For more information, see the read(2) man page.

siginfo()

Defines signal values for signals raised for ADI exceptions. For more information, see the siginfo(3HEAD) man page.

uiomove()

Returns an error value if a version mismatch is detected while the system is transferring data to or from the buffer. For more information, see the uiomove(9F) man page.

write()

Returns an error value if a version mismatch is detected while the system is reading data from the buffer. For more information, see the write(2) man page.