Date: Wed, 7 Dec 2011 07:03:14 +0000 (UTC) From: Alan Cox <alc@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r228317 - head/sys/kern Message-ID: <201112070703.pB773EWl026849@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: alc Date: Wed Dec 7 07:03:14 2011 New Revision: 228317 URL: http://svn.freebsd.org/changeset/base/228317 Log: Eliminate the possibility of 32-bit arithmetic overflow in the calculation of vm_kmem_size that may occur if the system administrator has specified a vm.vm_kmem_size tunable value that exceeds the hard cap. PR: 162741 Submitted by: Adam McDougall Reviewed by: bde@ MFC after: 3 weeks Modified: head/sys/kern/kern_malloc.c Modified: head/sys/kern/kern_malloc.c ============================================================================== --- head/sys/kern/kern_malloc.c Wed Dec 7 00:22:34 2011 (r228316) +++ head/sys/kern/kern_malloc.c Wed Dec 7 07:03:14 2011 (r228317) @@ -740,11 +740,11 @@ kmeminit(void *dummy) /* * Limit kmem virtual size to twice the physical memory. * This allows for kmem map sparseness, but limits the size - * to something sane. Be careful to not overflow the 32bit - * ints while doing the check. + * to something sane. Be careful to not overflow the 32bit + * ints while doing the check or the adjustment. */ - if (((vm_kmem_size / 2) / PAGE_SIZE) > cnt.v_page_count) - vm_kmem_size = 2 * cnt.v_page_count * PAGE_SIZE; + if (vm_kmem_size / 2 / PAGE_SIZE > mem_size) + vm_kmem_size = 2 * mem_size * PAGE_SIZE; #ifdef DEBUG_MEMGUARD tmp = memguard_fudge(vm_kmem_size, vm_kmem_size_max);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112070703.pB773EWl026849>