Bug 249859

Summary: src/stand's kernel malloc emulation can fail M_WAITOK call
Product: Base System Reporter: Warner Losh <imp>
Component: miscAssignee: Warner Losh <imp>
Status: Closed FIXED    
Severity: Affects Only Me CC: cem, emaste
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description Warner Losh freebsd_committer freebsd_triage 2020-09-24 16:46:31 UTC

    
Comment 1 Warner Losh freebsd_committer freebsd_triage 2020-09-24 16:47:57 UTC
In theory, some malloc calls with M_WAITOK can fail because the underlying Malloc() implementation in src/stand can fail.

We should proactively detect this and fail in a helpful way, rather than waiting for the null pointer dereference.
Comment 2 Warner Losh freebsd_committer freebsd_triage 2020-09-24 16:56:50 UTC
Note to bug busters: this is an enhancement request that may languish (though hopefully not), please check with me before starting any timeout process on it. Thanks!
Comment 3 Warner Losh freebsd_committer freebsd_triage 2021-07-08 05:42:10 UTC
https://reviews.freebsd.org/D31106 has an experimental fix.
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-07-09 17:27:20 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=72821668b039c276914569e9caa1cdfa4e4cb674

commit 72821668b039c276914569e9caa1cdfa4e4cb674
Author:     Warner Losh <imp@FreeBSD.org>
AuthorDate: 2021-07-09 17:21:18 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-07-09 17:21:18 +0000

    stand/kmem_zalloc: panic when a M_WAITOK allocation fails

    Malloc() might return NULL, in which case we will panic with a NULL
    pointer deref. Make it panic when the allocation fails to preserve the
    postcondtion that we never return a non-NULL value.

    Reviewed by:            tsoome
    PR:                     249859
    Sponsored by:           Netflix
    Differential Revision:  https://reviews.freebsd.org/D31106

 sys/sys/malloc.h | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-07-12 19:43:50 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9cd9a0c86924c350f83e5c8fbcadc84ee0d72e26

commit 9cd9a0c86924c350f83e5c8fbcadc84ee0d72e26
Author:     Warner Losh <imp@FreeBSD.org>
AuthorDate: 2021-07-09 17:21:18 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-07-12 19:42:58 +0000

    stand/kmem_zalloc: panic when a M_WAITOK allocation fails

    Malloc() might return NULL, in which case we will panic with a NULL
    pointer deref. Make it panic when the allocation fails to preserve the
    postcondtion that we never return a non-NULL value.

    Reviewed by:            tsoome
    PR:                     249859
    Sponsored by:           Netflix
    Differential Revision:  https://reviews.freebsd.org/D31106

    (cherry picked from commit 72821668b039c276914569e9caa1cdfa4e4cb674)

 sys/sys/malloc.h | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)