freebsd-dev/sys/kern
Ryan Stone f2c2231e0c Fix integer truncation bug in malloc(9)
A couple of internal functions used by malloc(9) and uma truncated
a size_t down to an int.  This could cause any number of issues
(e.g. indefinite sleeps, memory corruption) if any kernel
subsystem tried to allocate 2GB or more through malloc.  zfs would
attempt such an allocation when run on a system with 2TB or more
of RAM.

Note to self: When this is MFCed, sparc64 needs the same fix.

Differential revision:	https://reviews.freebsd.org/D2106
Reviewed by:	kib
Reported by:	Michael Fuckner <michael@fuckner.net>
Tested by:	Michael Fuckner <michael@fuckner.net>
MFC after:	2 weeks
2015-04-01 12:42:26 +00:00
..
bus_if.m Add a bus method to fetch the VM domain for the given device/bus. 2014-10-09 05:33:25 +00:00
capabilities.conf Add futimens and utimensat system calls. 2015-01-23 21:07:08 +00:00
clock_if.m
cpufreq_if.m
device_if.m Change the default method for device_quiesce() to return 0 instead of 2015-01-08 21:46:28 +00:00
genassym.sh
imgact_aout.c
imgact_binmisc.c Allow multiple image activators to run on the same execution by changing 2014-09-04 21:31:25 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Reimplement support for userland core dump compression using a new interface 2015-03-09 03:50:53 +00:00
imgact_gzip.c Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use 2013-09-09 18:11:59 +00:00
imgact_shell.c Allow multiple image activators to run on the same execution by changing 2014-09-04 21:31:25 +00:00
inflate.c
init_main.c cred: add proc_set_cred_init helper 2015-03-21 20:24:54 +00:00
init_sysent.c Run make sysent. 2015-01-23 21:08:24 +00:00
kern_acct.c
kern_alq.c Prevent alq from panic when the invalid alq_file path specified. 2014-04-05 16:54:47 +00:00
kern_clock.c Initialize ticks so that it wraps 10 minutes after boot to increase the 2015-02-05 01:43:21 +00:00
kern_clocksource.c Add ddb command 'show clocksource' to display state of the per-cpu 2015-02-04 14:49:47 +00:00
kern_condvar.c Revert for r277213: 2015-01-22 11:12:42 +00:00
kern_conf.c Fix for out of order device destruction notifications when using the 2015-03-22 13:11:56 +00:00
kern_cons.c Include the nulterm byte in the sysctl string. 2015-03-15 00:36:08 +00:00
kern_context.c
kern_cpu.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_cpuset.c Reject attempts to read the cpuset mask of a negative domain ID. 2015-01-08 19:11:14 +00:00
kern_ctf.c Don't specify a resid parameter if we're just going to ignore it. Instead, 2015-02-20 20:49:00 +00:00
kern_descrip.c filedesc: microoptimize fget_unlocked by getting rid of fd < 0 branch 2015-03-24 00:10:11 +00:00
kern_dtrace.c Commit the rest of the changes that were intended to be part of r266826. 2014-05-29 01:42:22 +00:00
kern_dump.c Factor out duplicated code from dumpsys() on each architecture into generic 2015-01-07 01:01:39 +00:00
kern_environment.c Test if 'env' is NULL before doing memset() and strlen(), 2014-10-23 18:23:50 +00:00
kern_et.c Trivial change / forced-commit to document prior change that slipped in 2015-03-16 19:29:19 +00:00
kern_event.c prevent doing filter ops locking for staticly compiled filter ops... 2014-11-16 01:18:41 +00:00
kern_exec.c Introduce vm_object_color() and use it in mmap(2) to set the color of 2015-03-21 17:56:55 +00:00
kern_exit.c proc: get rid of proc lock + unlock pair in proc_reap 2015-03-16 01:09:49 +00:00
kern_fail.c Use a regular sbuf + SYSCTL_OUT() rather than sbuf_new_for_sysctl() with 2015-03-16 19:18:45 +00:00
kern_ffclock.c The SYSCTL data pointers can come from userspace and must not be 2014-10-28 12:00:39 +00:00
kern_fork.c cred: add proc_set_cred_init helper 2015-03-21 20:24:54 +00:00
kern_gzio.c Reimplement support for userland core dump compression using a new interface 2015-03-09 03:50:53 +00:00
kern_hhook.c
kern_idle.c
kern_intr.c This is the much-discussed major upgrade to the random(4) device, known to you all as /dev/random. 2014-10-30 21:21:53 +00:00
kern_jail.c Do not include if_var.h and in6_var.h into kern_jail.c. It is now possible 2015-03-24 16:46:40 +00:00
kern_khelp.c
kern_kthread.c The umtx_lock mutex is used by top-half of the kernel, but is 2015-02-28 04:19:02 +00:00
kern_ktr.c Drop KTR records when we're in the debugger so that the debugger isn't 2014-07-02 22:13:07 +00:00
kern_ktrace.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_linker.c Const poison in a few places to ensure we don't modify things 2014-12-03 22:14:13 +00:00
kern_lock.c Revert for r277213: 2015-01-22 11:12:42 +00:00
kern_lockf.c Improve style and fix a possible use-after-free case introduced in r268384 2015-01-10 06:48:35 +00:00
kern_lockstat.c - For kernel compiled only with KDTRACE_HOOKS and not any lock debugging 2013-11-25 07:38:45 +00:00
kern_loginclass.c cred: add proc_set_cred helper 2015-03-16 00:10:03 +00:00
kern_malloc.c Set the SBUF_INCLUDENUL flag in sbuf_new_for_sysctl() so that sysctl 2015-03-14 17:08:28 +00:00
kern_mbuf.c Fix integer truncation bug in malloc(9) 2015-04-01 12:42:26 +00:00
kern_mib.c Allow the kern.osrelease and kern.osreldate sysctl values to be set in a 2015-02-27 16:28:55 +00:00
kern_module.c
kern_mtxpool.c Garbage collect mtxpool_lockbuilder, the mutex pool historically used 2014-05-02 07:57:40 +00:00
kern_mutex.c Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9). 2014-12-13 21:00:10 +00:00
kern_ntptime.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_osd.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_physio.c Fix some issues in change 254760 pointed out by Bruce Evans: 2013-08-29 16:41:40 +00:00
kern_pmc.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_poll.c - Remove empty wrappers ether_poll_[de]register_drv(). [1] 2014-09-28 14:05:18 +00:00
kern_priv.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
kern_proc.c The sysctls that return process argv and envv return binary data, so clear 2015-03-22 21:18:44 +00:00
kern_procctl.c Reparenting done by debugger attach can leave reaper without direct 2015-02-15 08:44:30 +00:00
kern_prot.c cred: add proc_set_cred_init helper 2015-03-21 20:24:54 +00:00
kern_racct.c The process spin lock currently has the following distinct uses: 2014-11-26 14:10:00 +00:00
kern_rangelock.c Change the queue of locks in kern_rangelock.c from holding lock requests in 2013-08-15 20:19:17 +00:00
kern_rctl.c
kern_resource.c The process spin lock currently has the following distinct uses: 2014-11-26 14:10:00 +00:00
kern_rmlock.c Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9). 2014-12-13 21:00:10 +00:00
kern_rwlock.c Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9). 2014-12-13 21:00:10 +00:00
kern_sdt.c Print a backtrace if the SDT(9) stub gets called so that there's at least 2014-02-22 01:41:45 +00:00
kern_sema.c
kern_sharedpage.c Remove the deprecated VM_ALLOC_RETRY flag for the vm_page_grab(9). 2013-08-22 07:39:53 +00:00
kern_shutdown.c Factor out duplicated code from dumpsys() on each architecture into generic 2015-01-07 01:01:39 +00:00
kern_sig.c Disable coredump_devctl because it could lead to leaking paths to 2015-03-24 02:17:17 +00:00
kern_switch.c Revert for r277213: 2015-01-22 11:12:42 +00:00
kern_sx.c Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9). 2014-12-13 21:00:10 +00:00
kern_synch.c Revert for r277213: 2015-01-22 11:12:42 +00:00
kern_syscalls.c Fix up module unload for syscall_module_handler consumers. 2014-11-01 22:36:40 +00:00
kern_sysctl.c Implement a simple OID number garbage collector. Given the increasing 2015-03-25 08:55:34 +00:00
kern_tc.c Use sbuf_printf() for sysctl strings instead of stack buffers and snprintf(). 2015-03-14 23:16:12 +00:00
kern_thr.c The umtx_lock mutex is used by top-half of the kernel, but is 2015-02-28 04:19:02 +00:00
kern_thread.c The umtx_lock mutex is used by top-half of the kernel, but is 2015-02-28 04:19:02 +00:00
kern_time.c Fix an off by one in ppsratecheck(). If you asked for N=1 you'd get one, 2015-01-11 20:48:29 +00:00
kern_timeout.c Adopt jhb's suggested changes, updated comments and callout_migration() moving 2015-03-31 00:18:00 +00:00
kern_umtx.c Clean up some cosmetic nits in kern_umtx.c, found during recent work 2015-03-28 21:21:40 +00:00
kern_uuid.c Fix a bug in be_uuid_dec(); it called le16dec() instead of be16dec(), 2014-02-13 22:24:36 +00:00
kern_xxx.c
ksched.c
link_elf_obj.c Fully support constructors for the purpose of code coverage analysis. 2014-10-20 17:04:03 +00:00
link_elf.c Make 32-bit PowerPC kernels, like 64-bit PowerPC kernels, position-independent 2015-03-07 20:14:46 +00:00
linker_if.m
Make.tags.inc Remove AppleTalk support. 2014-03-14 06:29:43 +00:00
Makefile
makesyscalls.sh Fix syscalls that can be loaded as kernel modules - they were not given 2013-12-15 23:19:42 +00:00
md4c.c
md5c.c
p1003_1b.c
posix4_mib.c
sched_4bsd.c Restore pre-r239157 handling of sched_yield(), when thread time slice was 2014-08-23 17:31:56 +00:00
sched_ule.c Use sbuf_new_for_sysctl() instead of plain sbuf_new() to ensure sysctl 2015-03-14 18:42:30 +00:00
serdev_if.m
stack_protector.c
subr_acl_nfs4.c
subr_acl_posix1e.c
subr_autoconf.c
subr_blist.c
subr_bufring.c
subr_bus_dma.c Add bus_dmamap_load_ma() function to load map with the array of 2013-10-27 21:39:16 +00:00
subr_bus.c Use SYSCTL_OUT_STR() to return strings. 2015-03-14 21:40:01 +00:00
subr_busdma_bufalloc.c Fix integer truncation bug in malloc(9) 2015-04-01 12:42:26 +00:00
subr_capability.c Remove duplicated includes. 2014-06-26 13:57:44 +00:00
subr_clock.c For architectures where time_t is wide enough, in particular, 64bit 2014-12-12 09:37:18 +00:00
subr_counter.c Create two public UMA_ZONE_PCPU zones: 64 bit sized and pointer sized. 2014-02-10 19:59:46 +00:00
subr_devstat.c Fix multiple incorrect SYSCTL arguments in the kernel: 2014-10-21 07:31:21 +00:00
subr_disk.c
subr_dnvlist.c Move libnv into the kernel and hook it into the kernel build 2015-03-01 00:34:27 +00:00
subr_dummy_vdso_tc.c Update the vdso timehands only via tc_windup(). 2015-01-20 03:54:30 +00:00
subr_eventhandler.c
subr_fattime.c Where appropriate, use the modern terms for the one true time base 2014-12-21 05:07:11 +00:00
subr_firmware.c
subr_hash.c
subr_hints.c Add a new device control utility for new-bus devices called devctl. This 2015-02-06 16:09:01 +00:00
subr_kdb.c Fix multiple incorrect SYSCTL arguments in the kernel: 2014-10-21 07:31:21 +00:00
subr_kobj.c
subr_lock.c Add _NEW flag to mtx(9), sx(9), rmlock(9) and rwlock(9). 2014-12-13 21:00:10 +00:00
subr_log.c
subr_mbpool.c All mbuf external free functions never fail, so let them be void. 2014-07-11 13:58:48 +00:00
subr_mchain.c
subr_module.c Turns out, this isn't only called from i386... 2014-12-30 02:39:47 +00:00
subr_msgbuf.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
subr_nvlist.c Move libnv into the kernel and hook it into the kernel build 2015-03-01 00:34:27 +00:00
subr_nvpair.c Move libnv into the kernel and hook it into the kernel build 2015-03-01 00:34:27 +00:00
subr_param.c Use SYSCTL_OUT_STR() to return strings. 2015-03-14 21:40:01 +00:00
subr_pcpu.c Create two public UMA_ZONE_PCPU zones: 64 bit sized and pointer sized. 2014-02-10 19:59:46 +00:00
subr_pctrie.c
subr_power.c
subr_prf.c Add a nulterm byte to the returned sysctl string. 2015-03-15 00:39:18 +00:00
subr_prof.c The process spin lock currently has the following distinct uses: 2014-11-26 14:10:00 +00:00
subr_rman.c Nuke the never-used RF_TIMESHARE feature, reducing the complexity of the 2014-07-16 22:18:19 +00:00
subr_rtc.c
subr_sbuf.c The minimum sbuf buffer size is 2 bytes (a byte plus a nulterm), assert that. 2015-03-17 21:00:31 +00:00
subr_scanf.c
subr_sfbuf.c Move KASSERT into locked region. 2014-08-11 15:06:07 +00:00
subr_sglist.c Fix a couple of panics when detaching from a cxgbe/cxl interface that was 2015-01-26 16:26:28 +00:00
subr_sleepqueue.c Revert for r277213: 2015-01-22 11:12:42 +00:00
subr_smp.c Pull in r267961 and r267973 again. Fix for issues reported will follow. 2014-06-28 03:56:17 +00:00
subr_stack.c
subr_syscall.c Thread waiting for the vfork(2)-ed child to exec or exit, must allow 2014-12-08 16:18:05 +00:00
subr_taskqueue.c Remove taskqueue_start_threads_pinned(); there's noa generic cpuset version of this. 2015-02-25 21:59:03 +00:00
subr_terminal.c vt(4): Adjust the cursor position after changing the window size 2014-11-01 17:05:15 +00:00
subr_trap.c Revert r263475: TDP_DEVMEMIO no longer needed, since amd64 /dev/kmem 2015-01-12 08:58:07 +00:00
subr_turnstile.c dtrace sdt: remove the ugly sname parameter of SDT_PROBE_DEFINE 2013-11-26 08:46:27 +00:00
subr_uio.c Add type qualifier volatile to the base (userspace) address argument 2014-10-31 17:43:21 +00:00
subr_unit.c Move the definition of the struct unrhdr into a separate header file, 2013-08-30 07:37:45 +00:00
subr_vmem.c Fix integer truncation bug in malloc(9) 2015-04-01 12:42:26 +00:00
subr_witness.c The umtx_lock mutex is used by top-half of the kernel, but is 2015-02-28 04:19:02 +00:00
sys_capability.c cred: add proc_set_cred helper 2015-03-16 00:10:03 +00:00
sys_generic.c filedesc: simplify fget_unlocked & friends 2015-02-17 23:54:06 +00:00
sys_pipe.c Fix use after free in pipe_dtor(). PIPE_NAMED flag must be tested 2015-02-03 10:29:40 +00:00
sys_procdesc.c Add a new fo_fill_kinfo fileops method to add type-specific information to 2014-09-22 16:20:47 +00:00
sys_process.c Add a facility for non-init process to declare itself the reaper of 2014-12-15 12:01:42 +00:00
sys_socket.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
syscalls.c Run make sysent. 2015-01-23 21:08:24 +00:00
syscalls.master Add futimens and utimensat system calls. 2015-01-23 21:07:08 +00:00
systrace_args.c Run make sysent. 2015-01-23 21:08:24 +00:00
sysv_ipc.c
sysv_msg.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
sysv_sem.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
sysv_shm.c error is only used if MAC is defined, so make its declaration conditional 2015-03-21 16:16:17 +00:00
tty_compat.c
tty_info.c
tty_inq.c
tty_outq.c
tty_pts.c Implement FIODTYPE for master ptys. 2014-10-15 12:38:26 +00:00
tty_tty.c
tty_ttydisc.c
tty.c filedesc: simplify fget_unlocked & friends 2015-02-17 23:54:06 +00:00
uipc_accf.c The accept filter code is not specific to the FreeBSD IPv4 network stack, 2014-07-26 19:27:34 +00:00
uipc_debug.c Merge from projects/sendfile: 2014-11-30 12:52:33 +00:00
uipc_domain.c Merge from projects/sendfile: extend protocols API to support 2014-11-30 13:24:21 +00:00
uipc_mbuf2.c Remove a 'This is dumb' comment that has been incorrect for at least a 2015-01-09 12:08:51 +00:00
uipc_mbuf.c Use anonymous unions and structs to organize shared space in mbuf(9), 2015-02-17 20:52:51 +00:00
uipc_mbufhash.c Reduce header pollution. 2015-03-17 14:16:50 +00:00
uipc_mqueue.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
uipc_sem.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
uipc_shm.c Preset the object's color, or alignment, to maximize superpage usage. 2015-02-08 21:00:51 +00:00
uipc_sockbuf.c In sbappend*() family of functions clear M_PROTO flags of incoming 2014-12-22 15:39:24 +00:00
uipc_socket.c soreceive_generic() still has similar KASSERT(), therefore instead of 2015-02-23 15:24:43 +00:00
uipc_syscalls.c Correct the use of an unitialized variable in sendfind_getobj() 2015-02-28 21:49:59 +00:00
uipc_usrreq.c The VOP_LOOKUP() implementations for CREATE op do not put the name 2014-12-18 10:01:12 +00:00
vfs_acl.c Replace some calls to fuword() by fueword() with proper error checking. 2014-10-28 15:28:20 +00:00
vfs_aio.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
vfs_bio.c Reset bp->bio_done to unmapped_buf when removing a transient map in biodone. 2015-03-16 20:00:09 +00:00
vfs_cache.c Indeed, instead of hiding the kern___getcwd() bug by bogus cast 2015-01-04 10:34:02 +00:00
vfs_cluster.c When allocating a pbuf for the cluster write, do not sleep waiting 2013-08-27 01:31:12 +00:00
vfs_default.c Fix the comment introduced in r276192 so that it clearly 2014-12-25 14:44:04 +00:00
vfs_export.c After the changes in r274118 make NOIP kernels compile by hiding an 2014-11-06 12:19:39 +00:00
vfs_extattr.c Update kernel inclusions of capability.h to use capsicum.h instead; some 2014-03-16 10:55:57 +00:00
vfs_hash.c Convert vfs hash lock from a mutex to an rwlock. 2014-12-30 21:40:45 +00:00
vfs_init.c Rename sysctl_lock and _unlock to sysctl_xlock and _xunlock. 2014-10-21 19:02:26 +00:00
vfs_lookup.c Fix two issues with lockmgr(9) LK_CAN_SHARE() test, which determines 2014-11-02 13:10:31 +00:00
vfs_mount.c Mountd iterating over the mount points may race with the parallel 2015-02-10 18:00:32 +00:00
vfs_mountroot.c Remove the no-at variants of the kern_xx() syscall helpers. E.g., we 2014-11-13 18:01:51 +00:00
vfs_subr.c The VNASSERT in vflush() FORCECLOSE case is trying to panic early to 2015-02-27 16:43:50 +00:00
vfs_syscalls.c filedesc: simplify fget_unlocked & friends 2015-02-17 23:54:06 +00:00
vfs_vnops.c Add VN_OPEN_NAMECACHE flag for vn_open_cred(9), which requests that 2014-12-21 13:32:07 +00:00
vnode_if.src Catch up on r271387 and remove unused parameter from 2015-03-30 22:49:26 +00:00