From owner-freebsd-fs@FreeBSD.ORG  Thu Oct 29 19:07:45 2009
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: fs@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1BBC8106566B
	for <fs@freebsd.org>; Thu, 29 Oct 2009 19:07:45 +0000 (UTC)
	(envelope-from mattjreimer@gmail.com)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com
	[209.85.160.44])
	by mx1.freebsd.org (Postfix) with ESMTP id EC4C08FC15
	for <fs@freebsd.org>; Thu, 29 Oct 2009 19:07:44 +0000 (UTC)
Received: by pwj8 with SMTP id 8so243150pwj.3
	for <fs@freebsd.org>; Thu, 29 Oct 2009 12:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:date:message-id:subject
	:from:to:content-type;
	bh=WslUIpvB08V8P/UY2QS6PGWuIzfKmPv4hM02WY+YT9I=;
	b=kzrfNG+E2x1XHGIwBAPlXrQEMPILQmpohjVUN3jdBLt4Wkn86Tj4JGulna/hN6YcQB
	V06R5L8b6QQnt1D9zgInFSljZjMrz+4KVxggPY7pSSd1r6WXzN9AteRbYe2Rof3ZWnBo
	8dRjGj4oF0Z9H3t0ZVP3rQYKfjqgU0EiED204=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type;
	b=Xk5jIWmorVJH/aTYR3mN61QOQoTlOe58wXAQzdk6NcQ3Ss0dO+2tMVJTULs1Xc/uRv
	WKrhRUZZKlccLhyyS8fInAn2Ziv7MJqiJgENp9ubp0jIjnh8Gum4iQeENykCTRVRZnPS
	3n/4SKD49Qf2Xw3Cll03PfIqgloKH9UTkEpco=
MIME-Version: 1.0
Received: by 10.142.202.9 with SMTP id z9mr41019wff.166.1256843264261; Thu, 29 
	Oct 2009 12:07:44 -0700 (PDT)
Date: Thu, 29 Oct 2009 12:07:44 -0700
Message-ID: <f383264b0910291207t24a922aaxf03032b68786c7f6@mail.gmail.com>
From: Matt Reimer <mattjreimer@gmail.com>
To: fs@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Cc: 
Subject: Bogus malloc in zfsboot.c?
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Oct 2009 19:07:45 -0000

I'm trying to debug why I suddenly can't boot an amd64 machine off a
raidz2 pool, after using freebsd-update to go from -rc1 to rc2. I'm
getting an error, "ZFS: out of temporary buffer space."

Is zfsboot.c's malloc really correct in the way it sets up its heap?

    heap_next = (char *) dmadat + sizeof(*dmadat);
    heap_end = (char *) (640*1024);

If I'm reading the code correctly, it assumes that dmadat is the last
item in bss, and that it can use all the memory from the end of dmadat
to 640KB.

But dmadat is not the last item in bss, as zfsimpl.c gets included and
it defines its own variables that end up in bss, with the result that
malloc could overwrite ZFS variables.

Am I reading this correctly?

Matt