Page MenuHomeFreeBSD
Differential D14767

Check for wrap-around in vm_phys_alloc_seg_contig().
ClosedPublic
Actions

Authored by kib on Mar 20 2018, 10:27 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 11:30 AM
Unknown Object (File)
Thu, Nov 7, 5:51 PM
Unknown Object (File)
Mon, Oct 28, 2:45 AM
Unknown Object (File)
Oct 1 2024, 3:52 PM
Unknown Object (File)
Sep 30 2024, 7:43 AM
Unknown Object (File)
Sep 27 2024, 3:26 PM
Unknown Object (File)
Sep 21 2024, 8:10 AM
Unknown Object (File)
Sep 21 2024, 3:57 AM
View All 39 Files
Subscribers
imp
pho

Details

Reviewers
alc
jeff
markj
Commits
rS331247: Check for wrap-around in vm_phys_alloc_seg_contig().
Summary

It is possible to provide insane values for size in contigmalloc(9) request, which usually not reaches the phys allocator due to failing KVA allocation. But with the 4/4 i386, where 32bit architecture has almost 4G KVA, contigmalloc(1G) is not unreasonable outright and KVA might be available sometimes.

Then, the calculation of pa_end could wrap around, depending on the physical address, and the checks in vm_phys_alloc_seg_contig() would pass while the iteration in the loop after the 'done' label goes out of the vm_page_array bounds.

Fix it by detecting the wrap.

Reported and tested by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Mar 20 2018, 10:27 AM
Herald added a subscriber: imp. · View Herald TranscriptMar 20 2018, 10:27 AM
Harbormaster completed remote builds in B15656: Diff 40490.Mar 20 2018, 10:27 AM
kib edited the summary of this revision. (Show Details)Mar 20 2018, 10:29 AM
kib added a subscriber: pho.
alc added inline comments.Mar 20 2018, 3:11 PM
sys/vm/vm_phys.c
1192 ↗(On Diff #40490)

Doesn't the first condition suffice?

kib updated this revision to Diff 40501.Mar 20 2018, 3:38 PM

Remove redundant check.

markj accepted this revision.Mar 20 2018, 3:39 PM
This revision is now accepted and ready to land.Mar 20 2018, 3:39 PM
alc accepted this revision.Mar 20 2018, 3:41 PM
Closed by commit rS331247: Check for wrap-around in vm_phys_alloc_seg_contig(). (authored by kib). · Explain WhyMar 20 2018, 4:18 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
vm/
2 lines

Diff 40504

View Options

head/sys/vm/vm_phys.c

Loading...