DragonFlyBSD Kernel Audit
← dashboard
DF-0245

Per-cpu iowbytes counter underflow via thread migration accounting break

Summary

badjiosched adds to ioscpu[gd_cpuid].iowbytes(:79-80). Decay subtracts td->td_iosdata.iowbytes-derived amount from ioscpu[current_cpu](:88-90). Thread migration: accumulate on CPU A, migrate to CPU B, decay subtracts from B which never received contribution. size_t underflow -> SIZE_T_MAX. iostotal overflows, factor collapses, bwillwrite throttle bypassed. Unpriv: write heavily while being migrated.