Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Aug 2008 15:28:45 +0400 (MSD)
From:      Dmitry Tejblum <tejblum@yandex-team.ru>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/126158: [patch] [vm] integer overflow in vm_pageout.c
Message-ID:  <200808011128.m71BSjAu000784@purple.yandex.net>
Resent-Message-ID: <200808011150.m71Bo3uY094772@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         126158
>Category:       kern
>Synopsis:       [patch] [vm] integer overflow in vm_pageout.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Aug 01 11:50:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry Tejblum
>Release:        FreeBSD 7.0-STABLE i386
>Organization:
OOO Yandex
>Environment:
System: FreeBSD purple.yandex.net 7.0-STABLE FreeBSD 7.0-STABLE #12: Fri Aug 1 15:11:21 MSD 2008 root@purple.yandex.net:/usr/src/sys/i386/compile/PURPLE i386


>Description:

The function vm_pageout_page_stats() compute 
(vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count
at the start. The intention is to compute (cnt.v_active_count / cnt.v_page_count)
fraction of vm_pageout_stats_max. But on machine with relatively large amount of memory,
vm_pageout_stats_max * cnt.v_active_count easily overflows 32-bit numbers. Say, on some our machines with 16G RAM,
cnt.v_active_count is about 3000000, and default value of vm_pageout_stats_max is about 100000.

>How-To-Repeat:

>Fix:



--- sys/vm/vm_pageout.c	2008-07-28 19:15:05.000000000 +0400
+++ sys/vm/vm_pageout.c	2008-08-01 15:10:40.000000000 +0400
@@ -1284,7 +1284,7 @@
 	pcount = cnt.v_active_count;
 	fullintervalcount += vm_pageout_stats_interval;
 	if (fullintervalcount < vm_pageout_full_stats_interval) {
-		tpcount = (vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count;
+		tpcount = ((int64_t)vm_pageout_stats_max * cnt.v_active_count) / cnt.v_page_count;
 		if (pcount > tpcount)
 			pcount = tpcount;
 	} else {
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808011128.m71BSjAu000784>