Page MenuHomeFreeBSD
Differential D2106

Fix integer truncation bug in malloc(9)
ClosedPublic
Actions

Authored by rstone on Mar 21 2015, 12:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jan 10, 8:40 AM
Unknown Object (File)
Tue, Jan 7, 6:33 PM
Unknown Object (File)
Jan 1 2025, 1:47 AM
Unknown Object (File)
Dec 14 2024, 4:22 PM
Unknown Object (File)
Dec 12 2024, 2:06 AM
Unknown Object (File)
Dec 2 2024, 12:29 AM
Unknown Object (File)
Nov 27 2024, 12:40 AM
Unknown Object (File)
Nov 23 2024, 9:12 AM
View All 86 Files
Subscribers
alc
emaste
imp
kib

Details

Reviewers
kib
Commits
rS280957: Fix integer truncation bug in malloc(9)
Summary

A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int. This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc. zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.

Note to self: When this is MFCed, sparc64 needs the same fix.

Reported by: Michael Fuckner <michael@fuckner.net>
Tested by: Michael Fuckner <michael@fuckner.net>
MFC after: 2 weeks

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

rstone updated this revision to Diff 4319.Mar 21 2015, 12:22 PM
rstone retitled this revision from to Fix integer truncation bug in malloc(9).
rstone edited the test plan for this revision. (Show Details)
rstone updated this object.
Herald added a subscriber: imp. · View Herald TranscriptMar 21 2015, 12:22 PM
alc added a subscriber: alc.Mar 21 2015, 5:13 PM

This patch looks fine. I don't see any reason not to commit it.

emaste added a subscriber: emaste.Mar 24 2015, 9:26 PM
kib accepted this revision.Mar 28 2015, 11:47 PM
kib added a reviewer: kib.
kib added a subscriber: kib.

I used the previous version of the patch on the same 3Tb machine.

This revision is now accepted and ready to land.Mar 28 2015, 11:47 PM
rstone closed this revision.Apr 1 2015, 12:42 PM
rstone updated this revision to Diff 4572.

Closed by commit rS280957 (authored by @rstone).

Revision Contents
Changeset List

PathSize
head/
sys/
amd64/
amd64/
4 lines
i386/
i386/
5 lines
kern/
4 lines
6 lines
2 lines
mips/
mips/
4 lines
powerpc/
aim/
3 lines
2 lines
4 lines
sparc64/
sparc64/
4 lines
sys/
7 lines
vm/
5 lines
18 lines
7 lines

Diff 4572

View Options

head/sys/amd64/amd64/uma_machdep.c

Loading...
View Options

head/sys/i386/i386/pmap.c

Loading...
View Options

head/sys/kern/kern_mbuf.c

Loading...
View Options

head/sys/kern/subr_busdma_bufalloc.c

Loading...
View Options

head/sys/kern/subr_vmem.c

Loading...
View Options

head/sys/mips/mips/uma_machdep.c

Loading...
View Options

head/sys/powerpc/aim/mmu_oea64.c

Loading...
View Options

head/sys/powerpc/aim/slb.c

Loading...
View Options

head/sys/powerpc/aim/uma_machdep.c

Loading...
View Options

head/sys/sparc64/sparc64/vm_machdep.c

Loading...
View Options

head/sys/sys/busdma_bufalloc.h

Loading...
View Options

head/sys/vm/uma.h

Loading...
View Options

head/sys/vm/uma_core.c

Loading...
View Options

head/sys/vm/uma_int.h

Loading...