Date: Tue, 05 Apr 2022 20:53:56 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 263073] integer overflow in mstosbt, nstosbt and ustosbt Message-ID: <bug-263073-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263073 Bug ID: 263073 Summary: integer overflow in mstosbt, nstosbt and ustosbt Product: Base System Version: 13.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org Attachment #232981 text/plain mime type: Created attachment 232981 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D232981&action= =3Dedit Test case demonstrating the bug, and a solution The Xstosbt functions all contain an integer overflow for input values of 2 seconds or greater. The cause is a comparison against the SBT_1S constant, which was probably intended precisely to prevent such an overflow, but it's= the wrong constant. Instead of "one second in sbintime units", it should be "o= ne second in the input type's units". A visible symptom of this bug is the ZFS's write throttle. On a very heavi= ly loaded system ZFS will sometimes decide to delay a thread by over 2 seconds= .=20 dmu_tx_delay will trigger the overflow in ustosbt, resulting in a delay of = over 4000 seconds instead. Very frustrating! The bug was present in FreeBSD 12, too. But there ZFS's logic was different, so the symptom was that any dela= y of > 2 seconds would turn into a delay of < 2 seconds. Not as noticeable. The bug was introduced in revision 68f57679d66016ba4625f5bf8a99447bbae84fda (SVN r340664). Before that there was a different overflow bug. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263073-227>