svn commit: r286583 - head/sys/vm

[Zbigniew Bodek]

Author: zbb
Date: Mon Aug 10 17:16:49 2015
New Revision: 286583
URL: https://svnweb.freebsd.org/changeset/base/286583

Log:
  Avoid sign extension of value passed to kva_alloc from uma_zone_reserve_kva
  
  Fixes "panic: vm_radix_reserve_kva: unable to reserve KVA" caused by sign
  extention of "pages * UMA_SLAB_SIZE" value passed to kva_alloc() which
  takes unsigned long argument.
  
  In the erroneus case that triggered this bug, the number of pages
  to allocate in uma_zone_reserve_kva() was 0x8ebe6, that gave the
  total number of bytes to allocate equal to 0x8ebe6000 (int).
  This was then sign extended in kva_alloc() to 0xffffffff8ebe6000
  (unsigned long).
  
  Reviewed by:   alc, kib
  Submitted by:  Zbigniew Bodek <zbb at semihalf.com>
  Obtained from: Semihalf
  Sponsored by:  The FreeBSD Foundation
  Differential Revision: https://reviews.freebsd.org/D3346

Modified:
  head/sys/vm/uma_core.c

Modified: head/sys/vm/uma_core.c
==============================================================================
--- head/sys/vm/uma_core.c	Mon Aug 10 17:02:42 2015	(r286582)
+++ head/sys/vm/uma_core.c	Mon Aug 10 17:16:49 2015	(r286583)
@@ -3126,7 +3126,7 @@ uma_zone_reserve_kva(uma_zone_t zone, in
 {
 	uma_keg_t keg;
 	vm_offset_t kva;
-	int pages;
+	u_int pages;
 
 	keg = zone_first_keg(zone);
 	if (keg == NULL)
@@ -3141,7 +3141,7 @@ uma_zone_reserve_kva(uma_zone_t zone, in
 #else
 	if (1) {
 #endif
-		kva = kva_alloc(pages * UMA_SLAB_SIZE);
+		kva = kva_alloc((vm_size_t)pages * UMA_SLAB_SIZE);
 		if (kva == 0)
 			return (0);
 	} else