From owner-freebsd-current@FreeBSD.ORG Sat Jul 20 11:22:20 2013 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 1A770728; Sat, 20 Jul 2013 11:22:20 +0000 (UTC) (envelope-from jlh@FreeBSD.org) Received: from caravan.chchile.org (caravan.chchile.org [178.32.125.136]) by mx1.freebsd.org (Postfix) with ESMTP id DEB58DDE; Sat, 20 Jul 2013 11:22:19 +0000 (UTC) Received: by caravan.chchile.org (Postfix, from userid 1000) id B121DBD6F2; Sat, 20 Jul 2013 11:22:18 +0000 (UTC) Date: Sat, 20 Jul 2013 13:22:18 +0200 From: Jeremie Le Hen To: trasz@FreeBSD.org, alc@FreeBSD.org Subject: Fix for sys_munlock(2) with racct Message-ID: <20130720112218.GD13628@caravan.chchile.org> Mail-Followup-To: trasz@FreeBSD.org, alc@FreeBSD.org, freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-current@FreeBSD.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Jul 2013 11:22:20 -0000 Hi Edward, Alan, I plan to commit the following patch: http://people.freebsd.org/~jlh/racct_munlock.diff This solves the following panic: panic: racct_sub: freeing 301989888 of resource 5, which is more than allocated 73728 for pwsafe (pid 4177) The problem is that the racct code in sys_munlock() trusts too much the user's input. vm_map_unwire_count() now returns how much memory has really been unwired. Any objection? -- Jeremie Le Hen Scientists say the world is made up of Protons, Neutrons and Electrons. They forgot to mention Morons.