[PATCH] fix integer overflow in txg_delay()
Andriy Gapon
avg at FreeBSD.org
Mon Aug 1 13:35:57 UTC 2011
on 01/08/2011 01:35 Martin Matuska said the following:
> The txg_delay() function in txg.c uses the following initialization:
> int timeout = ddi_get_lbolt() + ticks;
>
> Later, we have:
> while (ddi_get_lbolt() < timeout &&
> tx->tx_syncing_txg < txg-1 && !txg_stalled(dp))
> (void) cv_timedwait(&tx->tx_quiesce_more_cv,
> &tx->tx_sync_lock,
> timeout - ddi_get_lbolt());
>
> The function txg_delay() is called from:
> dsl_pool_tempreserve_space() and dsl_dir_tempreserve_space()
>
> In 24.855 days ddi_get_lbolt will be never smaller than timeout.
>
> Please review and/or comment the attached patch.
>
I agree with the patch - thank you for catching this bug!
--
Andriy Gapon
More information about the zfs-devel
mailing list