Bogus malloc in zfsboot.c?
Matt Reimer
mattjreimer at gmail.com
Thu Oct 29 19:07:45 UTC 2009
I'm trying to debug why I suddenly can't boot an amd64 machine off a
raidz2 pool, after using freebsd-update to go from -rc1 to rc2. I'm
getting an error, "ZFS: out of temporary buffer space."
Is zfsboot.c's malloc really correct in the way it sets up its heap?
heap_next = (char *) dmadat + sizeof(*dmadat);
heap_end = (char *) (640*1024);
If I'm reading the code correctly, it assumes that dmadat is the last
item in bss, and that it can use all the memory from the end of dmadat
to 640KB.
But dmadat is not the last item in bss, as zfsimpl.c gets included and
it defines its own variables that end up in bss, with the result that
malloc could overwrite ZFS variables.
Am I reading this correctly?
Matt
More information about the freebsd-fs
mailing list