Date: Mon, 10 Aug 2015 17:16:49 +0000 (UTC) From: Zbigniew Bodek <zbb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r286583 - head/sys/vm Message-ID: <201508101716.t7AHGnUB040220@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zbb Date: Mon Aug 10 17:16:49 2015 New Revision: 286583 URL: https://svnweb.freebsd.org/changeset/base/286583 Log: Avoid sign extension of value passed to kva_alloc from uma_zone_reserve_kva Fixes "panic: vm_radix_reserve_kva: unable to reserve KVA" caused by sign extention of "pages * UMA_SLAB_SIZE" value passed to kva_alloc() which takes unsigned long argument. In the erroneus case that triggered this bug, the number of pages to allocate in uma_zone_reserve_kva() was 0x8ebe6, that gave the total number of bytes to allocate equal to 0x8ebe6000 (int). This was then sign extended in kva_alloc() to 0xffffffff8ebe6000 (unsigned long). Reviewed by: alc, kib Submitted by: Zbigniew Bodek <zbb@semihalf.com> Obtained from: Semihalf Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D3346 Modified: head/sys/vm/uma_core.c Modified: head/sys/vm/uma_core.c ============================================================================== --- head/sys/vm/uma_core.c Mon Aug 10 17:02:42 2015 (r286582) +++ head/sys/vm/uma_core.c Mon Aug 10 17:16:49 2015 (r286583) @@ -3126,7 +3126,7 @@ uma_zone_reserve_kva(uma_zone_t zone, in { uma_keg_t keg; vm_offset_t kva; - int pages; + u_int pages; keg = zone_first_keg(zone); if (keg == NULL) @@ -3141,7 +3141,7 @@ uma_zone_reserve_kva(uma_zone_t zone, in #else if (1) { #endif - kva = kva_alloc(pages * UMA_SLAB_SIZE); + kva = kva_alloc((vm_size_t)pages * UMA_SLAB_SIZE); if (kva == 0) return (0); } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201508101716.t7AHGnUB040220>