Bug 249859 - src/stand's kernel malloc emulation can fail M_WAITOK call
Summary: src/stand's kernel malloc emulation can fail M_WAITOK call
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Warner Losh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-24 16:46 UTC by Warner Losh
Modified: 2021-07-12 19:43 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Warner Losh freebsd_committer 2020-09-24 16:46:31 UTC 

    


    


      



        
          Comment 1
        

        
          Warner Losh

        

        
            freebsd_committer
        

        
          2020-09-24 16:47:57 UTC
        

      






In theory, some malloc calls with M_WAITOK can fail because the underlying Malloc() implementation in src/stand can fail.

We should proactively detect this and fail in a helpful way, rather than waiting for the null pointer dereference.

    


    


      



        
          Comment 2
        

        
          Warner Losh

        

        
            freebsd_committer
        

        
          2020-09-24 16:56:50 UTC
        

      






Note to bug busters: this is an enhancement request that may languish (though hopefully not), please check with me before starting any timeout process on it. Thanks!

    


    


      



        
          Comment 3
        

        
          Warner Losh

        

        
            freebsd_committer
        

        
          2021-07-08 05:42:10 UTC
        

      






https://reviews.freebsd.org/D31106 has an experimental fix.

    


    


      



        
          Comment 4
        

        
          commit-hook

        

        
            freebsd_committer
        

        
          2021-07-09 17:27:20 UTC
        

      






A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=72821668b039c276914569e9caa1cdfa4e4cb674

commit 72821668b039c276914569e9caa1cdfa4e4cb674
Author:     Warner Losh <imp@FreeBSD.org>
AuthorDate: 2021-07-09 17:21:18 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-07-09 17:21:18 +0000

    stand/kmem_zalloc: panic when a M_WAITOK allocation fails

    Malloc() might return NULL, in which case we will panic with a NULL
    pointer deref. Make it panic when the allocation fails to preserve the
    postcondtion that we never return a non-NULL value.

    Reviewed by:            tsoome
    PR:                     249859
    Sponsored by:           Netflix
    Differential Revision:  https://reviews.freebsd.org/D31106

 sys/sys/malloc.h | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

    


    


      



        
          Comment 5
        

        
          commit-hook

        

        
            freebsd_committer
        

        
          2021-07-12 19:43:50 UTC
        

      






A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9cd9a0c86924c350f83e5c8fbcadc84ee0d72e26

commit 9cd9a0c86924c350f83e5c8fbcadc84ee0d72e26
Author:     Warner Losh <imp@FreeBSD.org>
AuthorDate: 2021-07-09 17:21:18 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2021-07-12 19:42:58 +0000

    stand/kmem_zalloc: panic when a M_WAITOK allocation fails

    Malloc() might return NULL, in which case we will panic with a NULL
    pointer deref. Make it panic when the allocation fails to preserve the
    postcondtion that we never return a non-NULL value.

    Reviewed by:            tsoome
    PR:                     249859
    Sponsored by:           Netflix
    Differential Revision:  https://reviews.freebsd.org/D31106

    (cherry picked from commit 72821668b039c276914569e9caa1cdfa4e4cb674)

 sys/sys/malloc.h | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)