the bitrig master branch has been updated by natano with 1 new commit:
commit 4d3fbe4f3f4a7d87c86e06a52a85feb150b87001
diff: https://github.com/bitrig/bitrig/commit/4d3fbe4
author: Martin Natano <[email protected]>
date: Sun Mar 8 08:34:46 2015 +0100
Fix a kernel freeze in mmrw().
The io length was truncated to zero via overflow, so the io loop never
finished and the kernel hangs in a busy loop. The overflow was caused by
passing a variable of type size_t to min() from libkern, which expects
an unsigned int argument. I hereby declare min(), imin(), lmin() and
their *max() counterparts as dangerous, or at least hard to use
correctly - new code shouldn't use those functions!
The busy loop can be triggered by any user with a read() of size 2**32.
See the following test program:
---
int
main(void)
{
char p[1];
int fd;
ssize_t n;
fd = open("/dev/zero", O_RDONLY);
if (fd == -1)
err(1, "open");
n = read(fd, NULL, (size_t)1 << 32);
if (n == -1)
err(1, "read");
(void)close(fd);
return (0);
}
---
ok pedro@
M sys/arch/amd64/amd64/mem.c
