Re: bin/31557: vmstat(1) shows bogus values when the member of 'sturct uvmexp' is bigger than INT_MAX

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,ura%hiru.aoba.yokohama.jp@localhost
Subject: Re: bin/31557: vmstat(1) shows bogus values when the member of 'sturct uvmexp' is bigger than INT_MAX
From: David Holland <dholland-bugs%netbsd.org@localhost>
Date: Sun, 20 Mar 2016 04:40:00 +0000 (UTC)

The following reply was made to PR bin/31557; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/31557: vmstat(1) shows bogus values when the member of
 'sturct uvmexp' is bigger than INT_MAX
Date: Sun, 20 Mar 2016 04:36:40 +0000

 On Fri, Mar 18, 2016 at 01:20:01PM +0000, Andreas Gustafsson wrote:
  > From: Andreas Gustafsson <gson%gson.org@localhost>
  > To: gnats-bugs%NetBSD.org@localhost
  > Cc: 
  > Subject: Re: bin/31557: vmstat(1) shows bogus values when the member of 'sturct uvmexp' is bigger than INT_MAX
  > Date: Fri, 18 Mar 2016 15:15:31 +0200
  > 
  >  This issue still exists in 7.0.  On amd64, after 15 days of uptime:
  >  
  >    guido ~ $ vmstat -s | grep 1844
  >    18446744073377659897 pagealloc zero wanted and not avail
  >    18446744071575073291 pagealloc desired color not avail
  >    18446744073651766539 pagealloc local cpu avail
  >    18446744071668371373 pagealloc local cpu not avail
  >    18446744073295453023 faults relock (18446744073295759792 ok)
  >    18446744073251079458 neighbour object page faults
  >    18446744073294704034 unlocked pager get faults

 The problem is that everything in struct uvmexp_sysctl is 64 bits wide
 (explicit int64_t) but many of the source values in the real struct
 uvmexp, including the ones that lead to these prints, are of type
 "int", so that (a) they overflow and then (b) get sign-extended on the
 way out of the kernel. (And then vmstat prints all the signed int64_t
 values as unsigned.)

 One could insert the correct casting in sysctl_vm_uvmexp2 (in
 uvm_meter.c) but this will only prevent the sign extension, not the
 overflows. Given that signed integer overflows are formally UB, this
 should really be fixed properly by widening offending members of
 struct uvmexp.

 The problem with *that* is that IIRC there are still kmem grovelers
 that will break; they aren't all using the sysctl and struct
 uvmexp_sysctl yet. (There are a few of these in third-party code in
 pkgsrc, too; they all ought to be patched.)

 I think a good first step would be to hide struct uvmexp from userland
 and fix what that breaks...

 -- 
 David A. Holland
 dholland%netbsd.org@localhost

Prev by Date: Re: bin/50973 (src/sbin/fsck_lfs/lfs.c:291: set but not used ?)
Next by Date: Re: kern/50467: Panic from disconnecting phone while reading its contents
Previous by Thread: Re: bin/31557: vmstat(1) shows bogus values when the member of 'sturct uvmexp' is bigger than INT_MAX
Next by Thread: kern/50978: Default gateway does not work with IPsec
Indexes:

Home | Main Index | Thread Index | Old Index