diff options
| author | marcel <marcel@FreeBSD.org> | 2007-06-09 23:41:14 +0000 |
|---|---|---|
| committer | marcel <marcel@FreeBSD.org> | 2007-06-09 23:41:14 +0000 |
| commit | faf9b9cc383af4cb476fb3be50df73b3ef888e70 (patch) | |
| tree | 4ecb6ac8c9504f2dc044f2aa4551d3a585629d6e | |
| parent | 41b2f34ed7264ab1cb5952e4c5a1dc5452ffcea3 (diff) | |
| download | FreeBSD-src-faf9b9cc383af4cb476fb3be50df73b3ef888e70.zip FreeBSD-src-faf9b9cc383af4cb476fb3be50df73b3ef888e70.tar.gz | |
Work around an integer overflow in expression `3 * maxbufspace / 4',
when maxbufspace is larger than INT_MAX / 3. The overflow causes a
hard hang on ia64 when physical memory is sufficiently large (8GB).
| -rw-r--r-- | sys/kern/vfs_bio.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/sys/kern/vfs_bio.c b/sys/kern/vfs_bio.c index 58cedf3..d66b45d 100644 --- a/sys/kern/vfs_bio.c +++ b/sys/kern/vfs_bio.c @@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$"); #include <sys/buf.h> #include <sys/devicestat.h> #include <sys/eventhandler.h> +#include <sys/limits.h> #include <sys/lock.h> #include <sys/malloc.h> #include <sys/mount.h> @@ -454,6 +455,7 @@ bd_speedup(void) caddr_t kern_vfs_bio_buffer_alloc(caddr_t v, long physmem_est) { + int maxbuf; /* * physmem_est is in pages. Convert it to kilobytes (assumes @@ -483,6 +485,11 @@ kern_vfs_bio_buffer_alloc(caddr_t v, long physmem_est) if (maxbcache && nbuf > maxbcache / BKVASIZE) nbuf = maxbcache / BKVASIZE; + + /* XXX Avoid integer overflows later on with maxbufspace. */ + maxbuf = (INT_MAX / 3) / BKVASIZE; + if (nbuf > maxbuf) + nbuf = maxbuf; } #if 0 |
