Date: Wed, 01 Apr 2015 10:10:19 -0500 From: Alan Cox <alc@rice.edu> To: Ryan Stone <rstone@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r280957 - in head/sys: amd64/amd64 i386/i386 kern mips/mips powerpc/aim sparc64/sparc64 sys vm Message-ID: <551C0A5B.9060409@rice.edu> In-Reply-To: <201504011242.t31CgRX5061551@svn.freebsd.org> References: <201504011242.t31CgRX5061551@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/01/2015 07:42, Ryan Stone wrote: > Author: rstone > Date: Wed Apr 1 12:42:26 2015 > New Revision: 280957 > URL: https://svnweb.freebsd.org/changeset/base/280957 > > Log: > Fix integer truncation bug in malloc(9) > > A couple of internal functions used by malloc(9) and uma truncated > a size_t down to an int. This could cause any number of issues > (e.g. indefinite sleeps, memory corruption) if any kernel > subsystem tried to allocate 2GB or more through malloc. zfs would > attempt such an allocation when run on a system with 2TB or more > of RAM. > > Note to self: When this is MFCed, sparc64 needs the same fix. > I suspect that you mean ia64 here, not sparc64. Yes? > Differential revision: https://reviews.freebsd.org/D2106 > Reviewed by: kib > Reported by: Michael Fuckner <michael@fuckner.net> > Tested by: Michael Fuckner <michael@fuckner.net> > MFC after: 2 weeks > > Modified: > head/sys/amd64/amd64/uma_machdep.c > head/sys/i386/i386/pmap.c > head/sys/kern/kern_mbuf.c > head/sys/kern/subr_busdma_bufalloc.c > head/sys/kern/subr_vmem.c > head/sys/mips/mips/uma_machdep.c > head/sys/powerpc/aim/mmu_oea64.c > head/sys/powerpc/aim/slb.c > head/sys/powerpc/aim/uma_machdep.c > head/sys/sparc64/sparc64/vm_machdep.c > head/sys/sys/busdma_bufalloc.h > head/sys/vm/uma.h > head/sys/vm/uma_core.c > head/sys/vm/uma_int.h > > Modified: head/sys/amd64/amd64/uma_machdep.c > ============================================================================== > --- head/sys/amd64/amd64/uma_machdep.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/amd64/amd64/uma_machdep.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$"); > #include <machine/vmparam.h> > > void * > -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) > { > vm_page_t m; > vm_paddr_t pa; > @@ -70,7 +70,7 @@ uma_small_alloc(uma_zone_t zone, int byt > } > > void > -uma_small_free(void *mem, int size, u_int8_t flags) > +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) > { > vm_page_t m; > vm_paddr_t pa; > > Modified: head/sys/i386/i386/pmap.c > ============================================================================== > --- head/sys/i386/i386/pmap.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/i386/i386/pmap.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -340,7 +340,8 @@ static pt_entry_t *pmap_pte_quick(pmap_t > static void pmap_pte_release(pt_entry_t *pte); > static int pmap_unuse_pt(pmap_t, vm_offset_t, struct spglist *); > #ifdef PAE > -static void *pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait); > +static void *pmap_pdpt_allocf(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, > + int wait); > #endif > static void pmap_set_pg(void); > > @@ -658,7 +659,7 @@ pmap_page_init(vm_page_t m) > > #ifdef PAE > static void * > -pmap_pdpt_allocf(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +pmap_pdpt_allocf(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, int wait) > { > > /* Inform UMA that this allocator uses kernel_map/object. */ > > Modified: head/sys/kern/kern_mbuf.c > ============================================================================== > --- head/sys/kern/kern_mbuf.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/kern/kern_mbuf.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -284,7 +284,7 @@ static int mb_zinit_pack(void *, int, in > static void mb_zfini_pack(void *, int); > > static void mb_reclaim(void *); > -static void *mbuf_jumbo_alloc(uma_zone_t, int, uint8_t *, int); > +static void *mbuf_jumbo_alloc(uma_zone_t, vm_size_t, uint8_t *, int); > > /* Ensure that MSIZE is a power of 2. */ > CTASSERT((((MSIZE - 1) ^ MSIZE) + 1) >> 1 == MSIZE); > @@ -389,7 +389,7 @@ SYSINIT(mbuf, SI_SUB_MBUF, SI_ORDER_FIRS > * pages. > */ > static void * > -mbuf_jumbo_alloc(uma_zone_t zone, int bytes, uint8_t *flags, int wait) > +mbuf_jumbo_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, int wait) > { > > /* Inform UMA that this allocator uses kernel_map/object. */ > > Modified: head/sys/kern/subr_busdma_bufalloc.c > ============================================================================== > --- head/sys/kern/subr_busdma_bufalloc.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/kern/subr_busdma_bufalloc.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -147,8 +147,8 @@ busdma_bufalloc_findzone(busdma_bufalloc > } > > void * > -busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, int size, u_int8_t *pflag, > - int wait) > +busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, vm_size_t size, > + uint8_t *pflag, int wait) > { > #ifdef VM_MEMATTR_UNCACHEABLE > > @@ -166,7 +166,7 @@ busdma_bufalloc_alloc_uncacheable(uma_zo > } > > void > -busdma_bufalloc_free_uncacheable(void *item, int size, u_int8_t pflag) > +busdma_bufalloc_free_uncacheable(void *item, vm_size_t size, uint8_t pflag) > { > > kmem_free(kernel_arena, (vm_offset_t)item, size); > > Modified: head/sys/kern/subr_vmem.c > ============================================================================== > --- head/sys/kern/subr_vmem.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/kern/subr_vmem.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -609,7 +609,7 @@ static struct mtx_padalign vmem_bt_lock; > * we are really out of KVA. > */ > static void * > -vmem_bt_alloc(uma_zone_t zone, int bytes, uint8_t *pflag, int wait) > +vmem_bt_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait) > { > vmem_addr_t addr; > > > Modified: head/sys/mips/mips/uma_machdep.c > ============================================================================== > --- head/sys/mips/mips/uma_machdep.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/mips/mips/uma_machdep.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$"); > #include <machine/vmparam.h> > > void * > -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) > { > vm_paddr_t pa; > vm_page_t m; > @@ -70,7 +70,7 @@ uma_small_alloc(uma_zone_t zone, int byt > } > > void > -uma_small_free(void *mem, int size, u_int8_t flags) > +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) > { > vm_page_t m; > vm_paddr_t pa; > > Modified: head/sys/powerpc/aim/mmu_oea64.c > ============================================================================== > --- head/sys/powerpc/aim/mmu_oea64.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/powerpc/aim/mmu_oea64.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -1437,7 +1437,8 @@ retry: > static mmu_t installed_mmu; > > static void * > -moea64_uma_page_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +moea64_uma_page_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, > + int wait) > { > struct pvo_entry *pvo; > vm_offset_t va; > > Modified: head/sys/powerpc/aim/slb.c > ============================================================================== > --- head/sys/powerpc/aim/slb.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/powerpc/aim/slb.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -473,7 +473,7 @@ slb_insert_user(pmap_t pm, struct slb *s > } > > static void * > -slb_uma_real_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +slb_uma_real_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) > { > static vm_offset_t realmax = 0; > void *va; > > Modified: head/sys/powerpc/aim/uma_machdep.c > ============================================================================== > --- head/sys/powerpc/aim/uma_machdep.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/powerpc/aim/uma_machdep.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -50,7 +50,7 @@ SYSCTL_INT(_hw, OID_AUTO, uma_mdpages, C > "UMA MD pages in use"); > > void * > -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) > { > void *va; > vm_page_t m; > @@ -82,7 +82,7 @@ uma_small_alloc(uma_zone_t zone, int byt > } > > void > -uma_small_free(void *mem, int size, u_int8_t flags) > +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) > { > vm_page_t m; > > > Modified: head/sys/sparc64/sparc64/vm_machdep.c > ============================================================================== > --- head/sys/sparc64/sparc64/vm_machdep.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/sparc64/sparc64/vm_machdep.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -396,7 +396,7 @@ swi_vm(void *v) > } > > void * > -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) > +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) > { > vm_paddr_t pa; > vm_page_t m; > @@ -434,7 +434,7 @@ uma_small_alloc(uma_zone_t zone, int byt > } > > void > -uma_small_free(void *mem, int size, u_int8_t flags) > +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) > { > vm_page_t m; > > > Modified: head/sys/sys/busdma_bufalloc.h > ============================================================================== > --- head/sys/sys/busdma_bufalloc.h Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/sys/busdma_bufalloc.h Wed Apr 1 12:42:26 2015 (r280957) > @@ -110,9 +110,10 @@ struct busdma_bufzone * busdma_bufalloc_ > * routines support pmap_page_set_memattr() and the VM_MEMATTR_UNCACHEABLE flag > * you can probably use these when you need uncacheable buffers. > */ > -void * busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, int size, > - u_int8_t *pflag, int wait); > -void busdma_bufalloc_free_uncacheable(void *item, int size, u_int8_t pflag); > +void * busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, vm_size_t size, > + uint8_t *pflag, int wait); > +void busdma_bufalloc_free_uncacheable(void *item, vm_size_t size, > + uint8_t pflag); > > #endif /* _MACHINE_BUSDMA_BUFALLOC_H_ */ > > > Modified: head/sys/vm/uma.h > ============================================================================== > --- head/sys/vm/uma.h Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/vm/uma.h Wed Apr 1 12:42:26 2015 (r280957) > @@ -382,7 +382,8 @@ uma_zfree(uma_zone_t zone, void *item) > * A pointer to the allocated memory or NULL on failure. > */ > > -typedef void *(*uma_alloc)(uma_zone_t zone, int size, uint8_t *pflag, int wait); > +typedef void *(*uma_alloc)(uma_zone_t zone, vm_size_t size, uint8_t *pflag, > + int wait); > > /* > * Backend page free routines > @@ -395,7 +396,7 @@ typedef void *(*uma_alloc)(uma_zone_t zo > * Returns: > * None > */ > -typedef void (*uma_free)(void *item, int size, uint8_t pflag); > +typedef void (*uma_free)(void *item, vm_size_t size, uint8_t pflag); > > > > > Modified: head/sys/vm/uma_core.c > ============================================================================== > --- head/sys/vm/uma_core.c Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/vm/uma_core.c Wed Apr 1 12:42:26 2015 (r280957) > @@ -230,10 +230,10 @@ enum zfreeskip { SKIP_NONE = 0, SKIP_DTO > > /* Prototypes.. */ > > -static void *noobj_alloc(uma_zone_t, int, uint8_t *, int); > -static void *page_alloc(uma_zone_t, int, uint8_t *, int); > -static void *startup_alloc(uma_zone_t, int, uint8_t *, int); > -static void page_free(void *, int, uint8_t); > +static void *noobj_alloc(uma_zone_t, vm_size_t, uint8_t *, int); > +static void *page_alloc(uma_zone_t, vm_size_t, uint8_t *, int); > +static void *startup_alloc(uma_zone_t, vm_size_t, uint8_t *, int); > +static void page_free(void *, vm_size_t, uint8_t); > static uma_slab_t keg_alloc_slab(uma_keg_t, uma_zone_t, int); > static void cache_drain(uma_zone_t); > static void bucket_drain(uma_zone_t, uma_bucket_t); > @@ -1038,7 +1038,7 @@ out: > * the VM is ready. > */ > static void * > -startup_alloc(uma_zone_t zone, int bytes, uint8_t *pflag, int wait) > +startup_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait) > { > uma_keg_t keg; > uma_slab_t tmps; > @@ -1098,7 +1098,7 @@ startup_alloc(uma_zone_t zone, int bytes > * NULL if M_NOWAIT is set. > */ > static void * > -page_alloc(uma_zone_t zone, int bytes, uint8_t *pflag, int wait) > +page_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait) > { > void *p; /* Returned page */ > > @@ -1120,7 +1120,7 @@ page_alloc(uma_zone_t zone, int bytes, u > * NULL if M_NOWAIT is set. > */ > static void * > -noobj_alloc(uma_zone_t zone, int bytes, uint8_t *flags, int wait) > +noobj_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, int wait) > { > TAILQ_HEAD(, vm_page) alloctail; > u_long npages; > @@ -1183,7 +1183,7 @@ noobj_alloc(uma_zone_t zone, int bytes, > * Nothing > */ > static void > -page_free(void *mem, int size, uint8_t flags) > +page_free(void *mem, vm_size_t size, uint8_t flags) > { > struct vmem *vmem; > > @@ -3266,7 +3266,7 @@ uma_zone_exhausted_nolock(uma_zone_t zon > } > > void * > -uma_large_malloc(int size, int wait) > +uma_large_malloc(vm_size_t size, int wait) > { > void *mem; > uma_slab_t slab; > > Modified: head/sys/vm/uma_int.h > ============================================================================== > --- head/sys/vm/uma_int.h Wed Apr 1 12:16:56 2015 (r280956) > +++ head/sys/vm/uma_int.h Wed Apr 1 12:42:26 2015 (r280957) > @@ -341,7 +341,7 @@ zone_first_keg(uma_zone_t zone) > #ifdef _KERNEL > /* Internal prototypes */ > static __inline uma_slab_t hash_sfind(struct uma_hash *hash, uint8_t *data); > -void *uma_large_malloc(int size, int wait); > +void *uma_large_malloc(vm_size_t size, int wait); > void uma_large_free(uma_slab_t slab); > > /* Lock Macros */ > @@ -424,8 +424,9 @@ vsetslab(vm_offset_t va, uma_slab_t slab > * if they can provide more effecient allocation functions. This is useful > * for using direct mapped addresses. > */ > -void *uma_small_alloc(uma_zone_t zone, int bytes, uint8_t *pflag, int wait); > -void uma_small_free(void *mem, int size, uint8_t flags); > +void *uma_small_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, > + int wait); > +void uma_small_free(void *mem, vm_size_t size, uint8_t flags); > #endif /* _KERNEL */ > > #endif /* VM_UMA_INT_H */ > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551C0A5B.9060409>