From owner-cvs-all@FreeBSD.ORG Wed Dec 28 14:51:30 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D780916A41F; Wed, 28 Dec 2005 14:51:30 +0000 (GMT) (envelope-from jasone@freebsd.org) Received: from lh.synack.net (lh.synack.net [204.152.188.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ADC143D5A; Wed, 28 Dec 2005 14:51:30 +0000 (GMT) (envelope-from jasone@freebsd.org) Received: by lh.synack.net (Postfix, from userid 100) id 107595E48E3; Wed, 28 Dec 2005 06:51:30 -0800 (PST) Received: from [192.168.168.203] (moscow-cuda-gen2-68-64-60-20.losaca.adelphia.net [68.64.60.20]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by lh.synack.net (Postfix) with ESMTP id 13EA25E488C; Wed, 28 Dec 2005 06:51:27 -0800 (PST) In-Reply-To: <200512280153.jBS1rEd6086940@repoman.freebsd.org> References: <200512280153.jBS1rEd6086940@repoman.freebsd.org> Mime-Version: 1.0 (Apple Message framework v746.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <31F147B1-AC12-4479-9376-4550A163503C@freebsd.org> Content-Transfer-Encoding: 7bit From: Jason Evans Date: Wed, 28 Dec 2005 06:51:24 -0800 To: Pawel Jakub Dawidek X-Mailer: Apple Mail (2.746.2) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on lh.synack.net X-Spam-Level: * X-Spam-Status: No, score=1.8 required=5.0 tests=RCVD_IN_NJABL_DUL, RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_malloc.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Dec 2005 14:51:31 -0000 On Dec 27, 2005, at 5:53 PM, Pawel Jakub Dawidek wrote: > pjd 2005-12-28 01:53:13 UTC > > FreeBSD src repository > > Modified files: > sys/kern kern_malloc.c > Log: > In realloc(9), determine size of the original block based on > UMA_SLAB_MALLOC flag. > In some circumstances (I observed it when I was doing a lot of > reallocs) > UMA_SLAB_MALLOC can be set even if us_keg != NULL. > > If this is the case we have wonderful, silent data corruption, > because less > data is copied to the newly allocated region than should be. > > I'm not sure when this bug was introduced, it could be there > undetected > for years now, as we don't have a lot of realloc(9) consumers and > it was > hard to reproduce it... > ...but what I know for sure, is that I don't want to know who > introduce > the bug:) It took me two/three days to track it down (of course > most of > the time I was looking for the bug in my own code). > > Revision Changes Path > 1.150 +1 -1 src/sys/kern/kern_malloc.c > > http://www.FreeBSD.org/cgi/cvsweb.cgi/src/sys/kern/ > kern_malloc.c.diff?&r1=1.149&r2=1.150&f=H This bug appears to have been introduced in revision 1.95 (19 March 2002), and merely kept in place during other changes in revision 1.133. Here's the commit log message for revision 1.95: This is the first part of the new kernel memory allocator. This replaces malloc(9) and vm_zone with a slab like allocator. This looks like a strong MFC candidate to me. Jason