Date: Tue, 8 Apr 2014 16:24:42 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: Mateusz Guzik <mjguzik@gmail.com> Cc: freebsd-hackers@freebsd.org, Eduardo Morras <emorrasg@yahoo.es> Subject: Re: pipe() resource exhaustion Message-ID: <20140408132442.GZ21331@kib.kiev.ua> In-Reply-To: <20140408130727.GA11363@dft-labs.eu> References: <lhu0jv$r6n$1@ger.gmane.org> <ab57e60fcc1c1438fcca500e3c594d35@mail.feld.me> <20140408130206.e75f3bf6c6df28b6e4839e70@yahoo.es> <20140408121222.GB30326@dft-labs.eu> <20140408123827.GW21331@kib.kiev.ua> <20140408130727.GA11363@dft-labs.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
--jOWcLJj2EpBZWei/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 08, 2014 at 03:07:27PM +0200, Mateusz Guzik wrote: > On Tue, Apr 08, 2014 at 03:38:27PM +0300, Konstantin Belousov wrote: > > On Tue, Apr 08, 2014 at 02:12:22PM +0200, Mateusz Guzik wrote: > > > That said, supporting a reserve for this one sounds like a good idea = and > > > not that hard to implement - one can either play with atomics and dou= ble > > > check or just place a mutex-protected check in pipespace_new (before > > > vm_map_find). > > >=20 > > ... > >=20 > > I think more reasonable behaviour there is to just fall back to the > > buffered pipe if the direct buffer allocation fails. Look at the > > pipespace_new() calls in the pipe_create(); probably ignoring the error > > would do the trick. >=20 > Yeah, should have checked the caller. >=20 > Interesting though how the error was made fatal in thiscase. >=20 > Anyhow, the following hack following your suggestion indeed makes the > issue go away for me: >=20 > diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c > index 6ba52e3..5930cf2 100644 > --- a/sys/kern/sys_pipe.c > +++ b/sys/kern/sys_pipe.c > @@ -647,19 +647,21 @@ pipe_create(pipe, backing) > struct pipe *pipe; > int backing; > { > - int error; > =20 > if (backing) { > + /* > + * Note that these functions can fail, but we ignore > + * the error as it is not fatal and could be provoked > + * by users. > + */ > if (amountpipekva > maxpipekva / 2) > - error =3D pipespace_new(pipe, SMALL_PIPE_SIZE); > + (void)pipespace_new(pipe, SMALL_PIPE_SIZE); > else > - error =3D pipespace_new(pipe, PIPE_SIZE); > - } else { > - /* If we're not backing this pipe, no need to do anything. */ > - error =3D 0; > + (void)pipespace_new(pipe, PIPE_SIZE); > } > + > pipe->pipe_ino =3D -1; > - return (error); > + return (0); > } > =20 Yes, this looks right. I think it does not make sense to continue returning an error from the pipe_create() after the patch. The change would become bigger, but the code for pipe_create() and pipe_paircreate collapse. It seems that pipe_paircreate() can be changed to return void as well, but the benefits would be smaller. --jOWcLJj2EpBZWei/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTQ/iZAAoJEJDCuSvBvK1BBfQQAI7tkEtMy0vu8RcyAWqnJ8um s1U+4k3erTlFOVmep1TuxYuqyyyrssoKtBMBXec3Vai+DRu+ahuDZH98wEWMNNag y0vRvarKdAB6JYSW6N/566Ki/L39aDxlFOY6eRwyDcSOX2p5nUFjGgOpgi8bwZEb MhoFYjOJkzAU3Gr3LpltirPC5k7r2jDKUU7UE6kUYDTZvpYNmqTC8BEXyOTV8O5F LDq9+zSzGtFpSc5cHvylDKTknjY4OsfnWcdS3IEOvWThwEc2uFBNW3HQ144W4ZjE BhNCnZQDSKmckqSgbn6fbqX0d5G3DJC4qy2dyl7yZBLaqqcnyt8jBdmIUPGTwu9a WVRGRux59PHeKp6f9OhLg7tpgFEsRNyMRVAS8wfsLGOgJm1yefdFkixnSCTCR4Pr 5pF2LmXmtKYaGuMvVpK9ctf8Uaaop+GddG//+0tzX5mgO5pOSr0s0fGtq++8/Vxm OAq5zuEAdHRWCL0/DgSa8JQyTVcEIy/CjRqrsNopnyVY/FfHkz4rtITrYQIpS2Vk kFLmJayC2F50Sd7c5DcGdtEWX9NPDSnUGXdzldpTBQd3POUgGW5bT8DNWu/YQwf/ GMxzHgrnHn8+ZoVMaMgtpVygOVRtzwU1PTh6PPbYMpkJToNN1nfbaYh4zGUCb0oc FGy0n1AfG+JKzVIwqeME =xrP+ -----END PGP SIGNATURE----- --jOWcLJj2EpBZWei/--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140408132442.GZ21331>