[Bug 233377] [PowerPC64] Panic during high disk I/O activity
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Feb 5 18:52:41 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233377
--- Comment #12 from Mark Johnston <markj at FreeBSD.org> ---
(In reply to Leandro Lupori from comment #11)
Prior to rXXXXXX, zone_alloc_bucket() did:
max = MIN(bucket->ub_entries, zone->uz_count);
bucket->ub_cnt = zone->uz_import(zone->uz_arg, bucket->ub_bucket,
max, domain, flags);
However, the zone lock is not held at this point, so uz_count may change. In
particular, since MIN is a macro that evaluates its arguments twice, I believe
it's possible for max to end up being larger than bucket->ub_entries, which
would result in a use-after-free.
r343026 fixed this problem as part of some refactoring, so that might explain
why you don't see it anymore.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ppc
mailing list