From owner-cvs-src  Sun Feb 16 16:45:38 2003
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3223637B401; Sun, 16 Feb 2003 16:45:35 -0800 (PST)
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 1C6B443F75; Sun, 16 Feb 2003 16:45:33 -0800 (PST)
	(envelope-from bde@zeta.org.au)
Received: from katana.zip.com.au (katana.zip.com.au [61.8.7.246])
	by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id LAA24837;
	Mon, 17 Feb 2003 11:45:30 +1100
Date: Mon, 17 Feb 2003 11:46:10 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-X-Sender: bde@gamplex.bde.org
To: Alfred Perlstein <alfred@FreeBSD.org>
Cc: Max Khon <fjoe@FreeBSD.org>, <src-committers@FreeBSD.org>,
	<cvs-src@FreeBSD.org>, <cvs-all@FreeBSD.org>
Subject: Re: cvs commit: src/sys/kern sysv_shm.c
In-Reply-To: <20030216161224.GE93252@elvis.mu.org>
Message-ID: <20030217111423.R3751-100000@gamplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-src@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-src.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-src>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-src>
X-Loop: FreeBSD.ORG

On Sun, 16 Feb 2003, Alfred Perlstein wrote:

> * Max Khon <fjoe@FreeBSD.org> [030216 02:50] wrote:
> > hi, there!
> >
> > On Sat, Feb 15, 2003 at 10:08:55PM -0800, Alfred Perlstein wrote:
> >
> > > alfred      2003/02/15 22:08:55 PST
> > >
> > >   Modified files:
> > >     sys/kern             sysv_shm.c
> > >   Log:
> > >   prevent overflow in shminfo.shmmax
> > >
> > >   Revision  Changes    Path
> > >   1.79      +5 -1      src/sys/kern/sysv_shm.c
> > > http://cvsweb.FreeBSD.org/src/sys/kern/sysv_shm.c.diff?r1=1.78&r2=1.79
> >
> > for() loop will never be executed
> > calculations in for() loop also look suspicious
>
> GAh, thanks!

The contents of the loop are still suspicious.  I think the only effect of
revs.1.79-1.80 is to risk undefined behaviour for overflow PAGE_MAX times
instead of only once.

Overflow checking of shminfo.shmmax isn't very useful.  Most tunables
have no sanity checking, and none have complete sanity checking.  For
shminfo.shmmax, users can get the same effect as overflow by setting
kern.ipc.shmmaxpages to a too-small value.  E.g., 0 gives the same
result as 2^32/PAGE_SIZE after overflow, and overflow is benign on all
supported machines so the effect is also the same.

Bruce


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message