Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Sep 2005 15:15:28 -0400
From:      Kris Kennaway <kris@obsecurity.org>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        current@FreeBSD.org
Subject:   Re: integer overflow in bufinit() on large-memory machines
Message-ID:  <20050920191528.GA6657@xor.obsecurity.org>
In-Reply-To: <20050920165740.GA60761@xor.obsecurity.org>
References:  <20050920165740.GA60761@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--bp/iNruPH9dso1Pn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 20, 2005 at 12:57:40PM -0400, Kris Kennaway wrote:
> I have a sparc64 machine with 10GB of RAM that is hanging at boot in
> bufinit() (also seen on other sparc64 machines with more than this
> amount of RAM).  Instrumenting the code shows that it's happening
> here:
>=20
> /*
>  * To support extreme low-memory systems, make sure hidirtybuffers cannot
>  * eat up all available buffer space.  This occurs when our minimum cannot
>  * be met.  We try to size hidirtybuffers to 3/4 our buffer space assuming
>  * BKVASIZE'd (8K) buffers.
>  */
>         while (hidirtybuffers * BKVASIZE > 3 * hibufspace / 4) {
>                 hidirtybuffers >>=3D 1;
>         }
>         lodirtybuffers =3D hidirtybuffers / 2;
>=20
> because 3*hibufspace is overflowing the 32-bit int hibufspace (this
> code was added a few years ago by dillon).
>=20
> hidirtybuffers=3D18182 BKVASIZE=3D16384 hibufspace=3D1189625856

BTW, on a 16gb amd64 machine I get this:

hidirtybuffers=3D3462, BKVASIZE=3D16384, hibufspace=3D224968704, 3 * hibufs=
pace=3D674906112

so amd64 is not hitting the problem because it's sizing things very
differently.

Kris
--bp/iNruPH9dso1Pn
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDMF/PWry0BWjoQKURAig7AKDt8K6Pc/bJzaRXVaAUv7YFCSC8JgCg++6u
YyQy+tXhlEU2F2OnMpdgCa4=
=GXG5
-----END PGP SIGNATURE-----

--bp/iNruPH9dso1Pn--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050920191528.GA6657>