Page MenuHomeFreeBSD
Differential D14767

Check for wrap-around in vm_phys_alloc_seg_contig().
ClosedPublic
Actions

Authored by kib on Mar 20 2018, 10:27 AM.
Tags
None
Referenced Files
F151315596: D14767.id40504.diff
Tue, Apr 7, 1:20 PM
Unknown Object (File)
Mon, Mar 30, 11:26 PM
Unknown Object (File)
Sun, Mar 29, 1:55 AM
Unknown Object (File)
Fri, Mar 27, 12:17 PM
Unknown Object (File)
Wed, Mar 25, 2:21 AM
Unknown Object (File)
Mon, Mar 23, 5:25 AM
Unknown Object (File)
Fri, Mar 20, 8:18 AM
Unknown Object (File)
Thu, Mar 19, 10:21 PM
View All Files
Subscribers
imp
pho

Details

Reviewers
alc
jeff
markj
Commits
rS331247: Check for wrap-around in vm_phys_alloc_seg_contig().
Summary

It is possible to provide insane values for size in contigmalloc(9) request, which usually not reaches the phys allocator due to failing KVA allocation. But with the 4/4 i386, where 32bit architecture has almost 4G KVA, contigmalloc(1G) is not unreasonable outright and KVA might be available sometimes.

Then, the calculation of pa_end could wrap around, depending on the physical address, and the checks in vm_phys_alloc_seg_contig() would pass while the iteration in the loop after the 'done' label goes out of the vm_page_array bounds.

Fix it by detecting the wrap.

Reported and tested by: pho

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kib created this revision.Mar 20 2018, 10:27 AM
Herald added a subscriber: imp. · View Herald TranscriptMar 20 2018, 10:27 AM
Harbormaster completed remote builds in B15656: Diff 40490.Mar 20 2018, 10:27 AM
kib edited the summary of this revision. (Show Details)Mar 20 2018, 10:29 AM
kib added a subscriber: pho.
alc added inline comments.Mar 20 2018, 3:11 PM
sys/vm/vm_phys.c
1192 ↗(On Diff #40490)

Doesn't the first condition suffice?

kib updated this revision to Diff 40501.Mar 20 2018, 3:38 PM

Remove redundant check.

markj accepted this revision.Mar 20 2018, 3:39 PM
This revision is now accepted and ready to land.Mar 20 2018, 3:39 PM
alc accepted this revision.Mar 20 2018, 3:41 PM
Closed by commit rS331247: Check for wrap-around in vm_phys_alloc_seg_contig(). (authored by kib). · Explain WhyMar 20 2018, 4:18 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sys/
vm/
2 lines

Diff 40504

View Options

head/sys/vm/vm_phys.c

Loading...