Date: Thu, 29 Oct 2009 12:07:44 -0700 From: Matt Reimer <mattjreimer@gmail.com> To: fs@freebsd.org Subject: Bogus malloc in zfsboot.c? Message-ID: <f383264b0910291207t24a922aaxf03032b68786c7f6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I'm trying to debug why I suddenly can't boot an amd64 machine off a
raidz2 pool, after using freebsd-update to go from -rc1 to rc2. I'm
getting an error, "ZFS: out of temporary buffer space."
Is zfsboot.c's malloc really correct in the way it sets up its heap?
heap_next = (char *) dmadat + sizeof(*dmadat);
heap_end = (char *) (640*1024);
If I'm reading the code correctly, it assumes that dmadat is the last
item in bss, and that it can use all the memory from the end of dmadat
to 640KB.
But dmadat is not the last item in bss, as zfsimpl.c gets included and
it defines its own variables that end up in bss, with the result that
malloc could overwrite ZFS variables.
Am I reading this correctly?
Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f383264b0910291207t24a922aaxf03032b68786c7f6>