From owner-svn-src-all@FreeBSD.ORG Sun Dec 9 20:35:12 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B39BB4AD; Sun, 9 Dec 2012 20:35:12 +0000 (UTC) (envelope-from alc@rice.edu) Received: from mh1.mail.rice.edu (mh1.mail.rice.edu [128.42.201.20]) by mx1.freebsd.org (Postfix) with ESMTP id 774818FC08; Sun, 9 Dec 2012 20:35:12 +0000 (UTC) Received: from mh1.mail.rice.edu (localhost.localdomain [127.0.0.1]) by mh1.mail.rice.edu (Postfix) with ESMTP id 76BCC460150; Sun, 9 Dec 2012 14:35:06 -0600 (CST) Received: from mh1.mail.rice.edu (localhost.localdomain [127.0.0.1]) by mh1.mail.rice.edu (Postfix) with ESMTP id 74939460147; Sun, 9 Dec 2012 14:35:06 -0600 (CST) X-Virus-Scanned: by amavis-2.7.0 at mh1.mail.rice.edu, auth channel Received: from mh1.mail.rice.edu ([127.0.0.1]) by mh1.mail.rice.edu (mh1.mail.rice.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id cYkcu6Rmuwqi; Sun, 9 Dec 2012 14:35:06 -0600 (CST) Received: from adsl-216-63-78-18.dsl.hstntx.swbell.net (adsl-216-63-78-18.dsl.hstntx.swbell.net [216.63.78.18]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: alc) by mh1.mail.rice.edu (Postfix) with ESMTPSA id E777046011D; Sun, 9 Dec 2012 14:35:05 -0600 (CST) Message-ID: <50C4F5F7.7080101@rice.edu> Date: Sun, 09 Dec 2012 14:35:03 -0600 From: Alan Cox User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:16.0) Gecko/20121111 Thunderbird/16.0.2 MIME-Version: 1.0 To: Andre Oppermann Subject: Re: svn commit: r243668 - in head/sys: kern sys References: <201211290730.qAT7Uhkv016745@svn.freebsd.org> In-Reply-To: <201211290730.qAT7Uhkv016745@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Dec 2012 20:35:12 -0000 Andre, I believe that this change did not actually correct the overflow problem. See below for an explanation. On 11/29/2012 01:30, Andre Oppermann wrote: > Author: andre > Date: Thu Nov 29 07:30:42 2012 > New Revision: 243668 > URL: http://svnweb.freebsd.org/changeset/base/243668 > > Log: > Using a long is the wrong type to represent the realmem and maxmbufmem > variable as they may overflow on i386/PAE and i386 with > 2GB RAM. > > Use 64bit quad_t instead. It has broader kernel infrastructure support > with TUNABLE_QUAD_FETCH() and qmin/qmax() than other available types. > > Pointed out by: alc, bde > > Modified: > head/sys/kern/subr_param.c > head/sys/sys/mbuf.h > > Modified: head/sys/kern/subr_param.c > ============================================================================== > --- head/sys/kern/subr_param.c Thu Nov 29 06:26:42 2012 (r243667) > +++ head/sys/kern/subr_param.c Thu Nov 29 07:30:42 2012 (r243668) > @@ -93,7 +93,7 @@ int ncallout; /* maximum # of timer ev > int nbuf; > int ngroups_max; /* max # groups per process */ > int nswbuf; > -long maxmbufmem; /* max mbuf memory */ > +quad_t maxmbufmem; /* max mbuf memory */ > pid_t pid_max = PID_MAX; > long maxswzone; /* max swmeta KVA storage */ > long maxbcache; /* max buffer cache KVA storage */ > @@ -271,7 +271,7 @@ init_param1(void) > void > init_param2(long physpages) > { > - long realmem; > + quad_t realmem; > > /* Base parameters */ > maxusers = MAXUSERS; > @@ -332,10 +332,10 @@ init_param2(long physpages) > * available kernel memory (physical or kmem). > * At most it can be 3/4 of available kernel memory. > */ > - realmem = lmin(physpages * PAGE_SIZE, > + realmem = qmin(physpages * PAGE_SIZE, > VM_MAX_KERNEL_ADDRESS - VM_MIN_KERNEL_ADDRESS); "physpages" is a signed long. Suppose it is 1,000,000. On i386/PAE, the product of 1,000,000 and PAGE_SIZE will be a negative number. Likewise, quad_t is a signed type. So, the negative product of 1,000,000 and PAGE_SIZE will be sign extended to a 64-bit signed value when it is passed to qmin(), and qmin() will return a negative number. > maxmbufmem = realmem / 2; > - TUNABLE_LONG_FETCH("kern.maxmbufmem", &maxmbufmem); > + TUNABLE_QUAD_FETCH("kern.maxmbufmem", &maxmbufmem); > if (maxmbufmem > (realmem / 4) * 3) > maxmbufmem = (realmem / 4) * 3; > > > Modified: head/sys/sys/mbuf.h > ============================================================================== > --- head/sys/sys/mbuf.h Thu Nov 29 06:26:42 2012 (r243667) > +++ head/sys/sys/mbuf.h Thu Nov 29 07:30:42 2012 (r243668) > @@ -395,7 +395,7 @@ struct mbstat { > * > * The rest of it is defined in kern/kern_mbuf.c > */ > -extern long maxmbufmem; > +extern quad_t maxmbufmem; > extern uma_zone_t zone_mbuf; > extern uma_zone_t zone_clust; > extern uma_zone_t zone_pack; >