From owner-freebsd-fs@FreeBSD.ORG Wed May 20 01:23:10 2015 Return-Path: Delivered-To: freebsd-fs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 19D68974 for ; Wed, 20 May 2015 01:23:10 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 04EA01376 for ; Wed, 20 May 2015 01:23:10 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t4K1N9Ka042561 for ; Wed, 20 May 2015 01:23:09 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-fs@FreeBSD.org Subject: [Bug 200288] Modify after Free: ZFS Date: Wed, 20 May 2015 01:23:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: kan@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-fs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 01:23:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200288 --- Comment #16 from Alexander Kabaev --- Looking at the allocation path, I think it tries to allocate structure of 96 bytes in size, which should put the allocation into '128' malloc zone. You might be better off watching that instead of 'solaris'. 'solaris' is an umbrella type that covers all of the allocations of the code imported from OpenSolaris. On my machine, vmstat -z gives 123470 active allocations in said bucket, while vmstat -m reports 1614027 active allocations for the whole solaris type, about 13x more. Due to the way memguard is implemented, it might be more practical to use selector with less active entries. In reality, I think one will need to hack memguard_cmp_mtp so match 'solaris' _and_ size to match sizeof(struct rl). -- You are receiving this mail because: You are the assignee for the bug.