Date: Tue, 8 Apr 2014 16:24:42 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Mateusz Guzik <mjguzik@gmail.com> Cc: freebsd-hackers@freebsd.org, Eduardo Morras <emorrasg@yahoo.es> Subject: Re: pipe() resource exhaustion Message-ID: <20140408132442.GZ21331@kib.kiev.ua> In-Reply-To: <20140408130727.GA11363@dft-labs.eu> References: <lhu0jv$r6n$1@ger.gmane.org> <ab57e60fcc1c1438fcca500e3c594d35@mail.feld.me> <20140408130206.e75f3bf6c6df28b6e4839e70@yahoo.es> <20140408121222.GB30326@dft-labs.eu> <20140408123827.GW21331@kib.kiev.ua> <20140408130727.GA11363@dft-labs.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--jOWcLJj2EpBZWei/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Apr 08, 2014 at 03:07:27PM +0200, Mateusz Guzik wrote:
> On Tue, Apr 08, 2014 at 03:38:27PM +0300, Konstantin Belousov wrote:
> > On Tue, Apr 08, 2014 at 02:12:22PM +0200, Mateusz Guzik wrote:
> > > That said, supporting a reserve for this one sounds like a good idea =
and
> > > not that hard to implement - one can either play with atomics and dou=
ble
> > > check or just place a mutex-protected check in pipespace_new (before
> > > vm_map_find).
> > >=20
> > ...
> >=20
> > I think more reasonable behaviour there is to just fall back to the
> > buffered pipe if the direct buffer allocation fails. Look at the
> > pipespace_new() calls in the pipe_create(); probably ignoring the error
> > would do the trick.
>=20
> Yeah, should have checked the caller.
>=20
> Interesting though how the error was made fatal in thiscase.
>=20
> Anyhow, the following hack following your suggestion indeed makes the
> issue go away for me:
>=20
> diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c
> index 6ba52e3..5930cf2 100644
> --- a/sys/kern/sys_pipe.c
> +++ b/sys/kern/sys_pipe.c
> @@ -647,19 +647,21 @@ pipe_create(pipe, backing)
> struct pipe *pipe;
> int backing;
> {
> - int error;
> =20
> if (backing) {
> + /*
> + * Note that these functions can fail, but we ignore
> + * the error as it is not fatal and could be provoked
> + * by users.
> + */
> if (amountpipekva > maxpipekva / 2)
> - error =3D pipespace_new(pipe, SMALL_PIPE_SIZE);
> + (void)pipespace_new(pipe, SMALL_PIPE_SIZE);
> else
> - error =3D pipespace_new(pipe, PIPE_SIZE);
> - } else {
> - /* If we're not backing this pipe, no need to do anything. */
> - error =3D 0;
> + (void)pipespace_new(pipe, PIPE_SIZE);
> }
> +
> pipe->pipe_ino =3D -1;
> - return (error);
> + return (0);
> }
> =20
Yes, this looks right. I think it does not make sense to continue
returning an error from the pipe_create() after the patch. The change
would become bigger, but the code for pipe_create() and pipe_paircreate
collapse. It seems that pipe_paircreate() can be changed to return void
as well, but the benefits would be smaller.
--jOWcLJj2EpBZWei/
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBAgAGBQJTQ/iZAAoJEJDCuSvBvK1BBfQQAI7tkEtMy0vu8RcyAWqnJ8um
s1U+4k3erTlFOVmep1TuxYuqyyyrssoKtBMBXec3Vai+DRu+ahuDZH98wEWMNNag
y0vRvarKdAB6JYSW6N/566Ki/L39aDxlFOY6eRwyDcSOX2p5nUFjGgOpgi8bwZEb
MhoFYjOJkzAU3Gr3LpltirPC5k7r2jDKUU7UE6kUYDTZvpYNmqTC8BEXyOTV8O5F
LDq9+zSzGtFpSc5cHvylDKTknjY4OsfnWcdS3IEOvWThwEc2uFBNW3HQ144W4ZjE
BhNCnZQDSKmckqSgbn6fbqX0d5G3DJC4qy2dyl7yZBLaqqcnyt8jBdmIUPGTwu9a
WVRGRux59PHeKp6f9OhLg7tpgFEsRNyMRVAS8wfsLGOgJm1yefdFkixnSCTCR4Pr
5pF2LmXmtKYaGuMvVpK9ctf8Uaaop+GddG//+0tzX5mgO5pOSr0s0fGtq++8/Vxm
OAq5zuEAdHRWCL0/DgSa8JQyTVcEIy/CjRqrsNopnyVY/FfHkz4rtITrYQIpS2Vk
kFLmJayC2F50Sd7c5DcGdtEWX9NPDSnUGXdzldpTBQd3POUgGW5bT8DNWu/YQwf/
GMxzHgrnHn8+ZoVMaMgtpVygOVRtzwU1PTh6PPbYMpkJToNN1nfbaYh4zGUCb0oc
FGy0n1AfG+JKzVIwqeME
=xrP+
-----END PGP SIGNATURE-----
--jOWcLJj2EpBZWei/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140408132442.GZ21331>