[PATCH] fix integer overflow in txg_delay()
Pawel Jakub Dawidek
pjd at FreeBSD.org
Tue Aug 2 05:33:34 UTC 2011
On Mon, Aug 01, 2011 at 12:35:33AM +0200, Martin Matuska wrote:
> The txg_delay() function in txg.c uses the following initialization:
> int timeout = ddi_get_lbolt() + ticks;
>
> Later, we have:
> while (ddi_get_lbolt() < timeout &&
> tx->tx_syncing_txg < txg-1 && !txg_stalled(dp))
> (void) cv_timedwait(&tx->tx_quiesce_more_cv,
> &tx->tx_sync_lock,
> timeout - ddi_get_lbolt());
>
> The function txg_delay() is called from:
> dsl_pool_tempreserve_space() and dsl_dir_tempreserve_space()
>
> In 24.855 days ddi_get_lbolt will be never smaller than timeout.
>
> Please review and/or comment the attached patch.
Looks good to me. Can you elaborate a bit on consequences of such
overflow? How the problem manifests itself?
BTW. Is this something that affects IllumOS as well? If so, it would be
nice to share with them.
> Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/txg.c
> ===================================================================
> --- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/txg.c (revision 224527)
> +++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/txg.c (working copy)
> @@ -488,7 +488,7 @@
> txg_delay(dsl_pool_t *dp, uint64_t txg, int ticks)
> {
> tx_state_t *tx = &dp->dp_tx;
> - int timeout = ddi_get_lbolt() + ticks;
> + clock_t timeout = ddi_get_lbolt() + ticks;
>
> /* don't delay if this txg could transition to quiesing immediately */
> if (tx->tx_open_txg > txg ||
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://yomoli.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/zfs-devel/attachments/20110802/4b69a396/attachment.pgp
More information about the zfs-devel
mailing list