diff options
| author | rstone <rstone@FreeBSD.org> | 2015-04-01 12:42:26 +0000 |
|---|---|---|
| committer | rstone <rstone@FreeBSD.org> | 2015-04-01 12:42:26 +0000 |
| commit | 57feb6fb43533ca4e0343a17ff4b78f93c27e3dd (patch) | |
| tree | a5f9ea26e9cde6035646a47810b3727348fe048b /sys/amd64/amd64/uma_machdep.c | |
| parent | 67c45e2f58234d2572b6698f17fcda098763a240 (diff) | |
| download | FreeBSD-src-57feb6fb43533ca4e0343a17ff4b78f93c27e3dd.zip FreeBSD-src-57feb6fb43533ca4e0343a17ff4b78f93c27e3dd.tar.gz | |
Fix integer truncation bug in malloc(9)
A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int. This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc. zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.
Note to self: When this is MFCed, sparc64 needs the same fix.
Differential revision: https://reviews.freebsd.org/D2106
Reviewed by: kib
Reported by: Michael Fuckner <michael@fuckner.net>
Tested by: Michael Fuckner <michael@fuckner.net>
MFC after: 2 weeks
Diffstat (limited to 'sys/amd64/amd64/uma_machdep.c')
| -rw-r--r-- | sys/amd64/amd64/uma_machdep.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/amd64/amd64/uma_machdep.c b/sys/amd64/amd64/uma_machdep.c index c0fb501..db566ae 100644 --- a/sys/amd64/amd64/uma_machdep.c +++ b/sys/amd64/amd64/uma_machdep.c @@ -41,7 +41,7 @@ __FBSDID("$FreeBSD$"); #include <machine/vmparam.h> void * -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) { vm_page_t m; vm_paddr_t pa; @@ -70,7 +70,7 @@ uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) } void -uma_small_free(void *mem, int size, u_int8_t flags) +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) { vm_page_t m; vm_paddr_t pa; |
