uma: fix zone domain overlaying pcpu cache with disabled cpus

UMA zone structures have two arrays at the end which are sized according to the machine: an array of CPU count length, and an array of NUMA domain count length. The CPU counting was wrong in the case where some CPUs are disabled (when mp_ncpus != mp_maxid + 1), and this caused the second array to be overlaid with the first. Reported by: olivier Reviewed by: jeff, markj Sponsored by: Dell EMC Isilon Differential Revision: https://reviews.freebsd.org/D23318
2020-01-23 04:56:38 +00:00 · 2020-01-23 04:56:38 +00:00 · 8d1c459ae5
commit 8d1c459ae5
parent 7e2406774e
1 changed files with 2 additions and 1 deletions
--- a/sys/vm/uma_core.c
+++ b/sys/vm/uma_core.c
@ -2297,7 +2297,8 @@ zone_ctor(void *mem, int size, void *udata, int flags)
 	zone->uz_flags = 0;
 	zone->uz_warning = NULL;
 	/* The domain structures follow the cpu structures. */
-	zone->uz_domain = (struct uma_zone_domain *)&zone->uz_cpu[mp_ncpus];
+	zone->uz_domain =
+	    (struct uma_zone_domain *)&zone->uz_cpu[mp_maxid + 1];
 	zone->uz_bkt_max = ULONG_MAX;
 	timevalclear(&zone->uz_ratecheck);