Date: Mon, 26 Sep 2005 10:44:42 -0400 From: Kris Kennaway <kris@obsecurity.org> To: sparc64@FreeBSD.org Subject: [kris@obsecurity.org: integer overflow in bufinit() on large-memory machines] Message-ID: <20050926144442.GA7733@xor.obsecurity.org>
next in thread | raw e-mail | index | archive | help
--4Ckj6UjgE2iN1+kY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Can someone please look at this so that large memory sparc machines (>11GB) are usable on FreeBSD? The best workaround for now is probably to limit the size of kva on sparc64 - e.g. amd64 sizes things very differently so that on a 24GB machine it avoids the overflow by a factor of 5. Kris ----- Forwarded message from Kris Kennaway <kris@obsecurity.org> ----- X-Original-To: kkenn@localhost Delivered-To: kkenn@localhost.obsecurity.org X-Original-To: kris@freebsd.org Delivered-To: kris@freebsd.org X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Date: Tue, 20 Sep 2005 12:57:40 -0400 From: Kris Kennaway <kris@obsecurity.org> To: current@FreeBSD.org User-Agent: Mutt/1.4.2.1i Cc:=20 Subject: integer overflow in bufinit() on large-memory machines X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-curren= t>,=20 <mailto:freebsd-current-request@freebsd.org?subject=3Dunsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>; List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=3Dhelp> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=3Dsubscribe> Errors-To: owner-freebsd-current@freebsd.org X-UIDL: ~kM!!<P"#!1&m!!)(o"! X-Bogosity: Ham, tests=3Dbogofilter, spamicity=3D0.000000, version=3D0.96.0 I have a sparc64 machine with 10GB of RAM that is hanging at boot in bufinit() (also seen on other sparc64 machines with more than this amount of RAM). Instrumenting the code shows that it's happening here: /* * To support extreme low-memory systems, make sure hidirtybuffers cannot * eat up all available buffer space. This occurs when our minimum cannot * be met. We try to size hidirtybuffers to 3/4 our buffer space assuming * BKVASIZE'd (8K) buffers. */ while (hidirtybuffers * BKVASIZE > 3 * hibufspace / 4) { hidirtybuffers >>=3D 1; } lodirtybuffers =3D hidirtybuffers / 2; because 3*hibufspace is overflowing the 32-bit int hibufspace (this code was added a few years ago by dillon). hidirtybuffers=3D18182 BKVASIZE=3D16384 hibufspace=3D1189625856 I tried making hibufspace into a long which allowed the system to boot, but the system panicked shortly afterwards while I was doing a cvs diff: > panic: vm_fault: fault on nofault entry, addr: 1e5884000 > db> wh > Tracing pid 42 tid 100037 td 0xfffff802b13c57c0 > panic() at panic+0x164 > vm_fault() at vm_fault+0x21c > trap_pfault() at trap_pfault+0x1a8 > trap() at trap+0x28c > -- fast data access mmu miss tar=3D0x1e5884000 %o7=3D0xc02b12d8 -- > bcopy() at bcopy+0x9c > ffs_sync() at ffs_sync+0x344 > sync_fsync() at sync_fsync+0x134 > VOP_FSYNC_APV() at VOP_FSYNC_APV+0xb4 > sync_vnode() at sync_vnode+0xfc > sched_sync() at sched_sync+0x24c > fork_exit() at fork_exit+0x94 > fork_trampoline() at fork_trampoline+0x8 and upon rebooting it seems that my disk has been destroyed: Boot device: disk File and args: >> FreeBSD/sparc64 boot block Boot path: /sbus@3,0/SUNW,fas@3,8800000/sd@0,0:a Boot loader: /boot/loader File /boot/loader not found Program terminated {0} ok I guess something else is really unhappy with hibufspace being that large (or maybe there is some other variable overflowing). Can anyone think of a solution? Kris ----- End forwarded message ----- --4Ckj6UjgE2iN1+kY Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDOAlaWry0BWjoQKURAu9tAJ9/30HgPEtYqK42KKWXko6LHfnOywCfQLgA z4pV8l7MPKr4mxVv5DRXnzo= =ilOw -----END PGP SIGNATURE----- --4Ckj6UjgE2iN1+kY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050926144442.GA7733>