Bug 26000

Summary: unchecked return in vm/swap_pager.c
Product: Base System Reporter: andrew <andrew>
Component: kernAssignee: dwmalone
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description andrew 2001-03-22 15:10:02 UTC 
There is an unchecked return from zinit() at line 307 in vm/swap_pager.c

this call will return NULL if kmem malloc limits have been increased beyond 
a certain point (~800MB) by modifying the algorithm or limits in kmeminit().  

It is unlikely that anyone would experience this in any normal situation,
still it seems like there should be a panic there.

How-To-Repeat: Increase kmem malloc limits to >800MB and boot the kernel.  It will run
fine until the first time it tries to page out, and then crash by
dereferencing the NULL pointer swap_zone.
Comment 1 dwmalone 2001-03-23 20:03:32 UTC 
On Thu, Mar 22, 2001 at 07:09:15AM -0800, andrew@nfr.net wrote:

> >Description:
> There is an unchecked return from zinit() at line 307 in vm/swap_pager.c

This seems to have been fixed in -current due to other work
which has gone on there. The stable tree is currently in a
code freeze, but I think a simple patch like this should be
OK.

Jordan - can I commit this now, or should I wait 'till after
the freeze?

	David.

Index: swap_pager.c
===================================================================
RCS file: /cvs/FreeBSD-CVS/src/sys/vm/swap_pager.c,v
retrieving revision 1.130.2.7
diff -u -r1.130.2.7 swap_pager.c
--- swap_pager.c	2000/11/26 02:55:14	1.130.2.7
+++ swap_pager.c	2001/03/23 20:01:12
@@ -312,6 +312,8 @@
 	    ZONE_INTERRUPT, 
 	    1
 	);
+	if (swap_zone == NULL)
+		panic("swap_pager_swap_init: swap_zone == NULL");
 
 	/*
 	 * Initialize our meta-data hash table.  The swapper does not need to
Comment 2 dwmalone freebsd_committer freebsd_triage 2001-03-23 20:04:20 UTC 
Responsible Changed
From-To: freebsd-bugs->dwmalone

I'll commit this as soon as I get the go ahead.
Comment 3 dwmalone freebsd_committer freebsd_triage 2001-03-27 21:42:46 UTC 
State Changed
From-To: open->closed

Committed - thanks!