Date: Thu, 6 Sep 2001 20:13:12 -0400 From: Steve Shorter <steve@nomad.lets.net> To: D J Hawkey Jr <hawkeyd@visi.com> Cc: freebsd-security@freebsd.org Subject: Re: when mail full /tmp partition, system cracked Message-ID: <20010906201312.A44397@nomad.lets.net> In-Reply-To: <200109062058.f86KwES05430@fanbuzz.com.>; from hawkeyd@visi.com on Thu, Sep 06, 2001 at 03:58:14PM -0500 References: <20010906104547.C56598_ns1.via-net-works.net.ar@ns.sol.net> <20010906152832.A44174_nomad.lets.net@ns.sol.net> <200109062058.f86KwES05430@fanbuzz.com.>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 06, 2001 at 03:58:14PM -0500, D J Hawkey Jr wrote:
>
> No patch for the RELENG_4_3 tree in store, I take it?
>
> > -steve
Actually, there is. I raised this issue, and got a patch
from matt dillon for 4.3-SECURITY(RELEASE). This is the forwarded
response below.
-steve
:
:I am still interested in making a patch based on diffs from
:4.3-STABLE and 4.3-SECURITY. Would this be easy to do or have there been a
:lot of kernel changes that affect this issue. Is it good enough to look
:at killproc() and vm_pagout.c or is there more to it than that.
:
: thanx - steve
Sure. If you are comfortable building from a mod'd source tree, here
is the relevant log and diff set. It should be very easy to patch in.
-Matt
dillon 2001/06/13 00:26:59 PDT
Modified files: (Branch: RELENG_4)
sys/vm vm_map.c vm_map.h vm_pageout.c
Log:
MFC the two out-of-swap fixes (kill the correct process and start blasting
away at processes a little earlier, before the machine begins to lockup)
Revision Changes Path
1.187.2.9 +36 -1 src/sys/vm/vm_map.c
1.54.2.2 +2 -1 src/sys/vm/vm_map.h
1.151.2.8 +9 -4 src/sys/vm/vm_pageout.c
Index: vm_map.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
retrieving revision 1.187.2.8
retrieving revision 1.187.2.9
diff -u -r1.187.2.8 -r1.187.2.9
--- vm_map.c 2001/03/14 07:05:05 1.187.2.8
+++ vm_map.c 2001/06/13 07:26:58 1.187.2.9
@@ -61,7 +61,7 @@
* any improvements or extensions that they make and grant Carnegie the
* rights to redistribute these changes.
*
- * $FreeBSD: src/sys/vm/vm_map.c,v 1.187.2.8 2001/03/14 07:05:05 dillon Exp $
+ * $FreeBSD: src/sys/vm/vm_map.c,v 1.187.2.9 2001/06/13 07:26:58 dillon Exp $
*/
/*
@@ -218,6 +218,41 @@
zfree(vmspace_zone, vm);
}
}
+
+/*
+ * vmspace_swap_count() - count the approximate swap useage in pages for a
+ * vmspace.
+ *
+ * Swap useage is determined by taking the proportional swap used by
+ * VM objects backing the VM map. To make up for fractional losses,
+ * if the VM object has any swap use at all the associated map entries
+ * count for at least 1 swap page.
+ */
+int
+vmspace_swap_count(struct vmspace *vmspace)
+{
+ vm_map_t map = &vmspace->vm_map;
+ vm_map_entry_t cur;
+ int count = 0;
+
+ for (cur = map->header.next; cur != &map->header; cur = cur->next) {
+ vm_object_t object;
+
+ if ((cur->eflags & MAP_ENTRY_IS_SUB_MAP) == 0 &&
+ (object = cur->object.vm_object) != NULL &&
+ object->type == OBJT_SWAP
+ ) {
+ int n = (cur->end - cur->start) / PAGE_SIZE;
+
+ if (object->un_pager.swp.swp_bcount) {
+ count += object->un_pager.swp.swp_bcount *
+ SWAP_META_PAGES * n / object->size + 1;
+ }
+ }
+ }
+ return(count);
+}
+
/*
* vm_map_create:
Index: vm_map.h
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_map.h,v
retrieving revision 1.54.2.1
retrieving revision 1.54.2.2
diff -u -r1.54.2.1 -r1.54.2.2
--- vm_map.h 2001/03/14 07:05:06 1.54.2.1
+++ vm_map.h 2001/06/13 07:26:58 1.54.2.2
@@ -61,7 +61,7 @@
* any improvements or extensions that they make and grant Carnegie the
* rights to redistribute these changes.
*
- * $FreeBSD: src/sys/vm/vm_map.h,v 1.54.2.1 2001/03/14 07:05:06 dillon Exp $
+ * $FreeBSD: src/sys/vm/vm_map.h,v 1.54.2.2 2001/06/13 07:26:58 dillon Exp $
*/
/*
@@ -375,6 +375,7 @@
void vm_freeze_copyopts __P((vm_object_t, vm_pindex_t, vm_pindex_t));
int vm_map_stack __P((vm_map_t, vm_offset_t, vm_size_t, vm_prot_t, vm_prot_t, int));
int vm_map_growstack __P((struct proc *p, vm_offset_t addr));
+int vmspace_swap_count __P((struct vmspace *vmspace));
#endif
#endif /* _VM_MAP_ */
Index: vm_pageout.c
===================================================================
RCS file: /home/ncvs/src/sys/vm/vm_pageout.c,v
retrieving revision 1.151.2.7
retrieving revision 1.151.2.8
diff -u -r1.151.2.7 -r1.151.2.8
--- vm_pageout.c 2000/12/30 01:51:12 1.151.2.7
+++ vm_pageout.c 2001/06/13 07:26:58 1.151.2.8
@@ -65,7 +65,7 @@
* any improvements or extensions that they make and grant Carnegie the
* rights to redistribute these changes.
*
- * $FreeBSD: src/sys/vm/vm_pageout.c,v 1.151.2.7 2000/12/30 01:51:12 dillon Exp $
+ * $FreeBSD: src/sys/vm/vm_pageout.c,v 1.151.2.8 2001/06/13 07:26:58 dillon Exp $
*/
/*
@@ -1094,10 +1094,14 @@
}
/*
- * make sure that we have swap space -- if we are low on memory and
- * swap -- then kill the biggest process.
+ * If we are out of swap and were not able to reach our paging
+ * target, kill the largest process.
*/
+ if ((vm_swap_size < 64 && vm_page_count_min()) ||
+ (swap_pager_full && vm_paging_target() > 0)) {
+#if 0
if ((vm_swap_size < 64 || swap_pager_full) && vm_page_count_min()) {
+#endif
bigproc = NULL;
bigsize = 0;
for (p = allproc.lh_first; p != 0; p = p->p_list.le_next) {
@@ -1119,7 +1123,8 @@
/*
* get the process size
*/
- size = vmspace_resident_count(p->p_vmspace);
+ size = vmspace_resident_count(p->p_vmspace) +
+ vmspace_swap_count(p->p_vmspace);
/*
* if the this process is bigger than the biggest one
* remember it.
----- End forwarded message -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906201312.A44397>