Hi,
Fred wrote:
> With sthen@'s help I have tracked down the kernel that does not display this
> issue for me its:
> OpenBSD 5.6-current (GENERIC) #203: Tue Sep 2 19:32:42 MDT 2014
Are those kernel binaries still available from somewhere?
I'd like to double-check, since the problem is non-deterministic; maybe
that kernel was in fact bad and it was only luck that it ran stable when
you tested? And so we could be looking in the wrong place.
> I am currently running a kernel with the following patch, as suggested by
> tedu@, below [1] and currently it has been stable.
I'm quite sure the patch didn't fix anything, because (size*items)
is implicitly <= pgsize; I checked that with a KASSERT, made the change
tedu@ suggested, and still reproduced the crash. I suggest a reboot and
then try again to reproduce it?
I found some similar risky unsigned int arithmetic subr_pool.c:
/* Check our minimum page claim */
if (pp->pr_npages <= pp->pr_minpages)
break;
/*
* If freeing this page would put us below
* the low water mark, stop now.
*/
if ((pp->pr_nitems - pp->pr_itemsperpage) <
pp->pr_minitems)
break;
I think nitems is implictly >= itemsperpage here. Unless nitems=0, but
then npages=0 which is <= minpages. Otherwise, nitems will be a
multiple of itemsperpage so it cannot underflow.
Therefore ((pp->pr_nitems - pp->pr_itemsperpage) < pp->pr_minitems)
is implicitly never true, and I think the second check is redundant.
I agree if it was rewritten as
if (pp->pr_nitems < pp->pr_minitems + pp->pr_itemsperpage)
then we wouldn't have to wonder.
Regards,
--
Steven Chamberlain
[email protected]
