Bug 199891

Summary: [patch] 'vmstat -i' output is wrong on RPi
Product: Base System Reporter: Jia-Shiun Li <jiashiun>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Many People CC: loos
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
original 'vmstat -i' output on RPi
none
patch to vmstat.c none

Description Jia-Shiun Li 2015-05-03 16:21:01 UTC
Created attachment 156288 [details]
original 'vmstat -i' output on RPi

'vmstat -i' output is wrong on RPi. (See attached file)

The cause is in sufficient check for end of intrnames in dointr(). It only looks for zero-length string as end of buffer. But on every architecture FreeBSD supports, intrnames are all initialized to array of strings of 19 spaces plus NUL in kernel. The check will always make intrname run over the end of buffer.

x86 does not see this probably due to implementation of memory allocator. On arch like RPi, vmstat did not encounter immediate consecutive \0s to be intepreted as zero-length string. Thus it treated data after the buffer as long interrupt names.
Comment 1 Jia-Shiun Li 2015-05-03 16:24:29 UTC
Created attachment 156290 [details]
patch to vmstat.c

Add boundary check to intrnames in dointr().

But probably kernel & user space need to agree on how to treat the buffer safely.
Comment 2 commit-hook freebsd_committer 2015-05-13 02:26:47 UTC
A commit references this bug:

Author: loos
Date: Wed May 13 02:25:54 UTC 2015
New revision: 282829
URL: https://svnweb.freebsd.org/changeset/base/282829

Log:
  Fix the vmstat -i output on ARM.

  The consumers of hw.intrnames expect a NULL byte at end of the string
  containing the interrupt names.

  On ARM all the interrupt name slots are initialized and this leave no room
  for the terminating NULL byte, which makes vmstat read beyond the end of
  intrnames.

  PR:		199891
  Tested on:	RPi 2 and BeagleBone Black

Changes:
  head/sys/arm/arm/intr.c