[Bug 263073] integer overflow in mstosbt, nstosbt and ustosbt
Date: Tue, 05 Apr 2022 20:53:56 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263073 Bug ID: 263073 Summary: integer overflow in mstosbt, nstosbt and ustosbt Product: Base System Version: 13.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org Attachment #232981 text/plain mime type: Created attachment 232981 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=232981&action=edit Test case demonstrating the bug, and a solution The Xstosbt functions all contain an integer overflow for input values of 2 seconds or greater. The cause is a comparison against the SBT_1S constant, which was probably intended precisely to prevent such an overflow, but it's the wrong constant. Instead of "one second in sbintime units", it should be "one second in the input type's units". A visible symptom of this bug is the ZFS's write throttle. On a very heavily loaded system ZFS will sometimes decide to delay a thread by over 2 seconds. dmu_tx_delay will trigger the overflow in ustosbt, resulting in a delay of over 4000 seconds instead. Very frustrating! The bug was present in FreeBSD 12, too. But there ZFS's logic was different, so the symptom was that any delay of > 2 seconds would turn into a delay of < 2 seconds. Not as noticeable. The bug was introduced in revision 68f57679d66016ba4625f5bf8a99447bbae84fda (SVN r340664). Before that there was a different overflow bug. -- You are receiving this mail because: You are the assignee for the bug.