[Bug 263073] integer overflow in mstosbt, nstosbt and ustosbt

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 05 Apr 2022 20:53:56 UTC

            Bug ID: 263073
           Summary: integer overflow in mstosbt, nstosbt and ustosbt
           Product: Base System
           Version: 13.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org
 Attachment #232981 text/plain
         mime type:

Created attachment 232981
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=232981&action=edit
Test case demonstrating the bug, and a solution

The Xstosbt functions all contain an integer overflow for input values of 2
seconds or greater.  The cause is a comparison against the SBT_1S constant,
which was probably intended precisely to prevent such an overflow, but it's the
wrong constant.  Instead of "one second in sbintime units", it should be "one
second in the input type's units".

A visible symptom of this bug is the ZFS's write throttle.  On a very heavily
loaded system ZFS will sometimes decide to delay a thread by over 2 seconds. 
dmu_tx_delay will trigger the overflow in ustosbt, resulting in a delay of over
4000 seconds instead.  Very frustrating!  The bug was present in FreeBSD 12,
too.  But there ZFS's logic was different, so the symptom was that any delay of
> 2 seconds would turn into a delay of < 2 seconds.  Not as noticeable.

The bug was introduced in revision 68f57679d66016ba4625f5bf8a99447bbae84fda
(SVN r340664).  Before that there was a different overflow bug.

You are receiving this mail because:
You are the assignee for the bug.