d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid sign extension of value passed to kva_alloc from uma_zone_reserve_kva

Browse Source 
Fixes "panic: vm_radix_reserve_kva: unable to reserve KVA" caused by sign
extention of "pages * UMA_SLAB_SIZE" value passed to kva_alloc() which
takes unsigned long argument.

In the erroneus case that triggered this bug, the number of pages
to allocate in uma_zone_reserve_kva() was 0x8ebe6, that gave the
total number of bytes to allocate equal to 0x8ebe6000 (int).
This was then sign extended in kva_alloc() to 0xffffffff8ebe6000
(unsigned long).

Reviewed by:   alc, kib
Submitted by:  Zbigniew Bodek <zbb@semihalf.com>
Obtained from: Semihalf
Sponsored by:  The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D3346
This commit is contained in:
Zbigniew Bodek 2015-08-10 17:16:49 +00:00
parent 3d40192d3d
commit 9ba30bcb42
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/vm/uma_core.c
View File

@ -3126,7 +3126,7 @@ uma_zone_reserve_kva(uma_zone_t zone, int count)
{
uma_keg_t keg;
vm_offset_t kva;
int pages;
u_int pages;
keg = zone_first_keg(zone);
if (keg == NULL)
@ -3141,7 +3141,7 @@ uma_zone_reserve_kva(uma_zone_t zone, int count)
#else
if (1) {
#endif
kva = kva_alloc(pages * UMA_SLAB_SIZE);
kva = kva_alloc((vm_size_t)pages * UMA_SLAB_SIZE);
if (kva == 0)
return (0);
} else