Diffusion FreeBSD src repository - subversion rS280957

Fix integer truncation bug in malloc(9)
rS280957
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

Fix integer truncation bug in malloc(9)

A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int. This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc. zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.

Note to self: When this is MFCed, sparc64 needs the same fix.

Differential revision: https://reviews.freebsd.org/D2106
Reviewed by: kib
Reported by: Michael Fuckner <michael@fuckner.net>
Tested by: Michael Fuckner <michael@fuckner.net>
MFC after: 2 weeks

Details

Provenance

Authored on

Differential Revision

D2106: Fix integer truncation bug in malloc(9)

Parents

rS280956: pf: Deal with runt packets

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (14)

Path

Size

head/

sys/

amd64/

amd64/

i386/

i386/

kern/

subr_busdma_bufalloc.c

mips/

mips/

powerpc/

aim/

sparc64/

sparc64/

sys/

busdma_bufalloc.h

vm/

rS280957

head/sys/amd64/amd64/uma_machdep.c

Loading...

head/sys/i386/i386/pmap.c

Loading...

head/sys/kern/kern_mbuf.c

Loading...

head/sys/kern/subr_busdma_bufalloc.c

Loading...

head/sys/kern/subr_vmem.c

Loading...

head/sys/mips/mips/uma_machdep.c

Loading...

head/sys/powerpc/aim/mmu_oea64.c

Loading...

head/sys/powerpc/aim/slb.c

Loading...

head/sys/powerpc/aim/uma_machdep.c

Loading...

head/sys/sparc64/sparc64/vm_machdep.c

Loading...

head/sys/sys/busdma_bufalloc.h

Loading...

head/sys/vm/uma.h

Loading...

head/sys/vm/uma_core.c

Loading...

head/sys/vm/uma_int.h

Loading...