diff options
author | rstone <rstone@FreeBSD.org> | 2015-04-01 12:42:26 +0000 |
---|---|---|
committer | rstone <rstone@FreeBSD.org> | 2015-04-01 12:42:26 +0000 |
commit | 57feb6fb43533ca4e0343a17ff4b78f93c27e3dd (patch) | |
tree | a5f9ea26e9cde6035646a47810b3727348fe048b /sys/powerpc/aim | |
parent | 67c45e2f58234d2572b6698f17fcda098763a240 (diff) | |
download | FreeBSD-src-57feb6fb43533ca4e0343a17ff4b78f93c27e3dd.zip FreeBSD-src-57feb6fb43533ca4e0343a17ff4b78f93c27e3dd.tar.gz |
Fix integer truncation bug in malloc(9)
A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int. This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc. zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.
Note to self: When this is MFCed, sparc64 needs the same fix.
Differential revision: https://reviews.freebsd.org/D2106
Reviewed by: kib
Reported by: Michael Fuckner <michael@fuckner.net>
Tested by: Michael Fuckner <michael@fuckner.net>
MFC after: 2 weeks
Diffstat (limited to 'sys/powerpc/aim')
-rw-r--r-- | sys/powerpc/aim/mmu_oea64.c | 3 | ||||
-rw-r--r-- | sys/powerpc/aim/slb.c | 2 | ||||
-rw-r--r-- | sys/powerpc/aim/uma_machdep.c | 4 |
3 files changed, 5 insertions, 4 deletions
diff --git a/sys/powerpc/aim/mmu_oea64.c b/sys/powerpc/aim/mmu_oea64.c index 41c830e..23bd449 100644 --- a/sys/powerpc/aim/mmu_oea64.c +++ b/sys/powerpc/aim/mmu_oea64.c @@ -1437,7 +1437,8 @@ retry: static mmu_t installed_mmu; static void * -moea64_uma_page_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) +moea64_uma_page_alloc(uma_zone_t zone, vm_size_t bytes, uint8_t *flags, + int wait) { struct pvo_entry *pvo; vm_offset_t va; diff --git a/sys/powerpc/aim/slb.c b/sys/powerpc/aim/slb.c index 9d60b2b..89cfabf 100644 --- a/sys/powerpc/aim/slb.c +++ b/sys/powerpc/aim/slb.c @@ -473,7 +473,7 @@ slb_insert_user(pmap_t pm, struct slb *slb) } static void * -slb_uma_real_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) +slb_uma_real_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) { static vm_offset_t realmax = 0; void *va; diff --git a/sys/powerpc/aim/uma_machdep.c b/sys/powerpc/aim/uma_machdep.c index 4df562b..1c27e3e 100644 --- a/sys/powerpc/aim/uma_machdep.c +++ b/sys/powerpc/aim/uma_machdep.c @@ -50,7 +50,7 @@ SYSCTL_INT(_hw, OID_AUTO, uma_mdpages, CTLFLAG_RD, &hw_uma_mdpages, 0, "UMA MD pages in use"); void * -uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) +uma_small_alloc(uma_zone_t zone, vm_size_t bytes, u_int8_t *flags, int wait) { void *va; vm_page_t m; @@ -82,7 +82,7 @@ uma_small_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait) } void -uma_small_free(void *mem, int size, u_int8_t flags) +uma_small_free(void *mem, vm_size_t size, u_int8_t flags) { vm_page_t m; |