From owner-freebsd-current@FreeBSD.ORG Tue Sep 20 19:15:33 2005 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F314D16A41F for ; Tue, 20 Sep 2005 19:15:32 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fileserver.fields.utoronto.ca (fileserver.fields.utoronto.ca [128.100.216.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8D6A43D69 for ; Tue, 20 Sep 2005 19:15:29 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from fields.fields.utoronto.ca (fields.localdomain [192.168.216.11]) by fileserver.fields.utoronto.ca (8.12.8/8.12.8/Fields 6.0) with ESMTP id j8KJFT0r011112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 20 Sep 2005 15:15:29 -0400 Received: from obsecurity.dyndns.org (localhost.localdomain [127.0.0.1]) by fields.fields.utoronto.ca (8.12.8/8.12.8/Fields WS 6.0) with ESMTP id j8KJFS6P019331 for ; Tue, 20 Sep 2005 15:15:29 -0400 Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6CC1C511FD; Tue, 20 Sep 2005 15:15:28 -0400 (EDT) Date: Tue, 20 Sep 2005 15:15:28 -0400 From: Kris Kennaway To: Kris Kennaway Message-ID: <20050920191528.GA6657@xor.obsecurity.org> References: <20050920165740.GA60761@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn" Content-Disposition: inline In-Reply-To: <20050920165740.GA60761@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i Cc: current@FreeBSD.org Subject: Re: integer overflow in bufinit() on large-memory machines X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2005 19:15:33 -0000 --bp/iNruPH9dso1Pn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 20, 2005 at 12:57:40PM -0400, Kris Kennaway wrote: > I have a sparc64 machine with 10GB of RAM that is hanging at boot in > bufinit() (also seen on other sparc64 machines with more than this > amount of RAM). Instrumenting the code shows that it's happening > here: >=20 > /* > * To support extreme low-memory systems, make sure hidirtybuffers cannot > * eat up all available buffer space. This occurs when our minimum cannot > * be met. We try to size hidirtybuffers to 3/4 our buffer space assuming > * BKVASIZE'd (8K) buffers. > */ > while (hidirtybuffers * BKVASIZE > 3 * hibufspace / 4) { > hidirtybuffers >>=3D 1; > } > lodirtybuffers =3D hidirtybuffers / 2; >=20 > because 3*hibufspace is overflowing the 32-bit int hibufspace (this > code was added a few years ago by dillon). >=20 > hidirtybuffers=3D18182 BKVASIZE=3D16384 hibufspace=3D1189625856 BTW, on a 16gb amd64 machine I get this: hidirtybuffers=3D3462, BKVASIZE=3D16384, hibufspace=3D224968704, 3 * hibufs= pace=3D674906112 so amd64 is not hitting the problem because it's sizing things very differently. Kris --bp/iNruPH9dso1Pn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDMF/PWry0BWjoQKURAig7AKDt8K6Pc/bJzaRXVaAUv7YFCSC8JgCg++6u YyQy+tXhlEU2F2OnMpdgCa4= =GXG5 -----END PGP SIGNATURE----- --bp/iNruPH9dso1Pn--