diff options
| author | rstone <rstone@FreeBSD.org> | 2015-09-17 23:31:44 +0000 |
|---|---|---|
| committer | rstone <rstone@FreeBSD.org> | 2015-09-17 23:31:44 +0000 |
| commit | 26a0cf375aceedb2911b79b762cbc4f28510040a (patch) | |
| tree | 0e2ce9e28f39248b1d87c63f4962c025c0735e6e /sys/kern | |
| parent | a5578a13a31cb57fe230f49fe8e7f959295992cd (diff) | |
| download | FreeBSD-src-26a0cf375aceedb2911b79b762cbc4f28510040a.zip FreeBSD-src-26a0cf375aceedb2911b79b762cbc4f28510040a.tar.gz | |
MFC r280957
Fix integer truncation bug in malloc(9)
A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int. This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc. zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_mbuf.c | 4 | ||||
| -rw-r--r-- | sys/kern/subr_busdma_bufalloc.c | 6 | ||||
| -rw-r--r-- | sys/kern/subr_vmem.c | 2 |
3 files changed, 6 insertions, 6 deletions
diff --git a/sys/kern/kern_mbuf.c b/sys/kern/kern_mbuf.c index e7b8016..c232a37 100644 --- a/sys/kern/kern_mbuf.c +++ b/sys/kern/kern_mbuf.c @@ -284,7 +284,7 @@ static int mb_zinit_pack(void *, int, int); static void mb_zfini_pack(void *, int); static void mb_reclaim(void *); -static void *mbuf_jumbo_alloc(uma_zone_t, int, uint8_t *, int); +static void *mbuf_jumbo_alloc(uma_zone_t, vm_size_t, uint8_t *, int); /* Ensure that MSIZE is a power of 2. */ CTASSERT((((MSIZE - 1) ^ MSIZE) + 1) >> 1 == MSIZE); @@ -389,7 +389,7 @@ SYSINIT(mbuf, SI_SUB_MBUF, SI_ORDER_FIRST, mbuf_init, NULL); * pages. */ static void * -mbuf_jumbo_alloc(uma_zone_t zone, int bytes, uint8_t *flags, int wait) +mbuf_jumbo_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, int wait) { /* Inform UMA that this allocator uses kernel_map/object. */ diff --git a/sys/kern/subr_busdma_bufalloc.c b/sys/kern/subr_busdma_bufalloc.c index a80a233..b0b1ba8 100644 --- a/sys/kern/subr_busdma_bufalloc.c +++ b/sys/kern/subr_busdma_bufalloc.c @@ -147,8 +147,8 @@ busdma_bufalloc_findzone(busdma_bufalloc_t ba, bus_size_t size) } void * -busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, int size, u_int8_t *pflag, - int wait) +busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, vm_size_t size, + uint8_t *pflag, int wait) { #ifdef VM_MEMATTR_UNCACHEABLE @@ -166,7 +166,7 @@ busdma_bufalloc_alloc_uncacheable(uma_zone_t zone, int size, u_int8_t *pflag, } void -busdma_bufalloc_free_uncacheable(void *item, int size, u_int8_t pflag) +busdma_bufalloc_free_uncacheable(void *item, vm_size_t size, uint8_t pflag) { kmem_free(kernel_arena, (vm_offset_t)item, size); diff --git a/sys/kern/subr_vmem.c b/sys/kern/subr_vmem.c index 8cc020a..389b7ee 100644 --- a/sys/kern/subr_vmem.c +++ b/sys/kern/subr_vmem.c @@ -608,7 +608,7 @@ static struct mtx_padalign vmem_bt_lock; * we are really out of KVA. */ static void * -vmem_bt_alloc(uma_zone_t zone, int bytes, uint8_t *pflag, int wait) +vmem_bt_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *pflag, int wait) { vmem_addr_t addr; |
