From a2e194654f9c9db1e1fbb03d651d57ffc1a2aa9e Mon Sep 17 00:00:00 2001
From: Eric van Gyzen <vangyzen@FreeBSD.org>
Date: Fri, 28 Aug 2020 19:50:40 +0000
Subject: [PATCH] memstat_kvm_uma: fix reading of uma_zone_domain structures

Coverity flagged the scaling by sizeof(uzd).  That is the type
of the pointer, so the scaling was already done by pointer arithmetic.
However, this was also passing a stack frame pointer to kvm_read,
so it was doubly wrong.

Move ZDOM_GET into the !_KERNEL section and use it in libmemstat.

Reported by:	Coverity
Reviewed by:	markj
MFC after:	2 weeks
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D26213
---
 lib/libmemstat/memstat_uma.c | 5 ++---
 sys/vm/uma_int.h             | 8 ++++----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/lib/libmemstat/memstat_uma.c b/lib/libmemstat/memstat_uma.c
index d014c3c2604a..b416cbc63297 100644
--- a/lib/libmemstat/memstat_uma.c
+++ b/lib/libmemstat/memstat_uma.c
@@ -455,9 +455,8 @@ memstat_kvm_uma(struct memory_type_list *list, void *kvm_handle)
 			mtp->mt_byteslimit = mtp->mt_countlimit * mtp->mt_size;
 			mtp->mt_count = mtp->mt_numallocs - mtp->mt_numfrees;
 			for (i = 0; i < ndomains; i++) {
-				ret = kread(kvm,
-				    &uz.uz_cpu[mp_maxid + 1] + i * sizeof(uzd),
-				    &uzd, sizeof(uzd), 0);
+				ret = kread(kvm, ZDOM_GET(uzp, i), &uzd,
+				    sizeof(uzd), 0);
 				if (ret != 0)
 					continue;
 				for (ubp =
diff --git a/sys/vm/uma_int.h b/sys/vm/uma_int.h
index 3c154ca75a47..b594c316e30b 100644
--- a/sys/vm/uma_int.h
+++ b/sys/vm/uma_int.h
@@ -526,6 +526,10 @@ struct uma_zone {
 	KASSERT(uma_zone_get_allocs((z)) == 0,				\
 	    ("zone %s initialization after use.", (z)->uz_name))
 
+/* Domains are contiguous after the last CPU */
+#define	ZDOM_GET(z, n)							\
+	(&((uma_zone_domain_t)&(z)->uz_cpu[mp_maxid + 1])[n])
+
 #undef	UMA_ALIGN
 
 #ifdef _KERNEL
@@ -561,10 +565,6 @@ static __inline uma_slab_t hash_sfind(struct uma_hash *hash, uint8_t *data);
 	KASSERT(uma_keg_get_allocs((k)) == 0,				\
 	    ("keg %s initialization after use.", (k)->uk_name))
 
-/* Domains are contiguous after the last CPU */
-#define	ZDOM_GET(z, n)							\
-    (&((uma_zone_domain_t)&(z)->uz_cpu[mp_maxid + 1])[n])
-
 #define	ZDOM_LOCK_INIT(z, zdom, lc)					\
 	do {								\
 		if ((lc))						\