OS-1541 vmem_xalloc() needs to check for overflow

author: Bryan Cantrill <bryan@joyent.com> 2012-09-12 02:20:29 +0000
committer: Bryan Cantrill <bryan@joyent.com> 2012-09-12 02:20:29 +0000
commit: 6dcd81245bc25effe5264217ebaf92ee24dfe472 (patch)
tree: 0ee67854f550411ca62c486dd94140fe422ac325
parent: 66353bb95123bbb670cc0f321c15b0f9d81f2e86 (diff)
download: illumos-joyent-6dcd81245bc25effe5264217ebaf92ee24dfe472.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/usr/src/uts/common/os/vmem.c b/usr/src/uts/common/os/vmem.c
index 771c439744..1b222538b3 100644
--- a/usr/src/uts/common/os/vmem.c
+++ b/usr/src/uts/common/os/vmem.c
@@ -25,6 +25,7 @@
 
 /*
  * Copyright (c) 2012 by Delphix. All rights reserved.
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
  */
 
 /*
@@ -1065,6 +1066,21 @@ do_alloc:
 			aneeded = MAX(size + aphase, vmp->vm_min_import);
 			asize = P2ROUNDUP(aneeded, aquantum);
 
+			if (asize < size) {
+				/*
+				 * The rounding induced overflow; return NULL
+				 * if we are permitted to fail the allocation
+				 * (and explicitly panic if we aren't).
+				 */
+				if ((vmflag & VM_NOSLEEP) &&
+				    !(vmflag & VM_PANIC)) {
+					mutex_exit(&vmp->vm_lock);
+					return (NULL);
+				}
+
+				panic("vmem_xalloc(): size overflow");
+			}
+
 			/*
 			 * Determine how many segment structures we'll consume.
 			 * The calculation must be precise because if we're
author	Bryan Cantrill <bryan@joyent.com>	2012-09-12 02:20:29 +0000
committer	Bryan Cantrill <bryan@joyent.com>	2012-09-12 02:20:29 +0000
commit	6dcd81245bc25effe5264217ebaf92ee24dfe472 (patch)
tree	0ee67854f550411ca62c486dd94140fe422ac325
parent	66353bb95123bbb670cc0f321c15b0f9d81f2e86 (diff)
download	illumos-joyent-6dcd81245bc25effe5264217ebaf92ee24dfe472.tar.gz