From a2f15149ddb6a1ad875f5d512b8b83e85a33dfe7 Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Thu, 6 Nov 2014 17:29:24 +0000 Subject: need to calculate correct size before doing the free checks. the biggest malloc bucket isn't precise, it can have anything in it. should fix recent panics. sorry for inconvenience. ok deraadt millert --- sys/kern/kern_malloc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/kern/kern_malloc.c b/sys/kern/kern_malloc.c index 2dc05ed917d..dc52bc330ff 100644 --- a/sys/kern/kern_malloc.c +++ b/sys/kern/kern_malloc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_malloc.c,v 1.122 2014/11/06 03:20:36 deraadt Exp $ */ +/* $OpenBSD: kern_malloc.c,v 1.123 2014/11/06 17:29:23 tedu Exp $ */ /* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */ /* @@ -384,6 +384,8 @@ free(void *addr, int type, size_t freedsize) kup = btokup(addr); size = 1 << kup->ku_indx; kbp = &bucket[kup->ku_indx]; + if (size > MAXALLOCSAVE) + size = kup->ku_pagecnt << PAGE_SHIFT; s = splvm(); #ifdef DIAGNOSTIC if (freedsize != 0 && freedsize > size) @@ -407,7 +409,6 @@ free(void *addr, int type, size_t freedsize) if (size > MAXALLOCSAVE) { uvm_km_free(kmem_map, (vaddr_t)addr, ptoa(kup->ku_pagecnt)); #ifdef KMEMSTATS - size = kup->ku_pagecnt << PAGE_SHIFT; ksp->ks_memuse -= size; kup->ku_indx = 0; kup->ku_pagecnt = 0; -- cgit v1.2.3