Date: Tue, 20 Sep 2005 15:15:28 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Kris Kennaway <kris@obsecurity.org> Cc: current@FreeBSD.org Subject: Re: integer overflow in bufinit() on large-memory machines Message-ID: <20050920191528.GA6657@xor.obsecurity.org> In-Reply-To: <20050920165740.GA60761@xor.obsecurity.org> References: <20050920165740.GA60761@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--bp/iNruPH9dso1Pn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 20, 2005 at 12:57:40PM -0400, Kris Kennaway wrote: > I have a sparc64 machine with 10GB of RAM that is hanging at boot in > bufinit() (also seen on other sparc64 machines with more than this > amount of RAM). Instrumenting the code shows that it's happening > here: >=20 > /* > * To support extreme low-memory systems, make sure hidirtybuffers cannot > * eat up all available buffer space. This occurs when our minimum cannot > * be met. We try to size hidirtybuffers to 3/4 our buffer space assuming > * BKVASIZE'd (8K) buffers. > */ > while (hidirtybuffers * BKVASIZE > 3 * hibufspace / 4) { > hidirtybuffers >>=3D 1; > } > lodirtybuffers =3D hidirtybuffers / 2; >=20 > because 3*hibufspace is overflowing the 32-bit int hibufspace (this > code was added a few years ago by dillon). >=20 > hidirtybuffers=3D18182 BKVASIZE=3D16384 hibufspace=3D1189625856 BTW, on a 16gb amd64 machine I get this: hidirtybuffers=3D3462, BKVASIZE=3D16384, hibufspace=3D224968704, 3 * hibufs= pace=3D674906112 so amd64 is not hitting the problem because it's sizing things very differently. Kris --bp/iNruPH9dso1Pn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDMF/PWry0BWjoQKURAig7AKDt8K6Pc/bJzaRXVaAUv7YFCSC8JgCg++6u YyQy+tXhlEU2F2OnMpdgCa4= =GXG5 -----END PGP SIGNATURE----- --bp/iNruPH9dso1Pn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050920191528.GA6657>