From owner-freebsd-net Wed Nov 6 9:46:44 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D64E537B401 for ; Wed, 6 Nov 2002 09:46:42 -0800 (PST) Received: from mail.otel.net (gw3.OTEL.net [212.36.8.151]) by mx1.FreeBSD.org (Postfix) with ESMTP id 74E4A43E75 for ; Wed, 6 Nov 2002 09:46:40 -0800 (PST) (envelope-from ikostov@otel.net) Received: from judicator.otel.net ([212.36.9.113]) by mail.otel.net with esmtp (Exim 3.36 #1) id 189UFZ-0005IS-00; Wed, 06 Nov 2002 19:45:57 +0200 Date: Wed, 6 Nov 2002 19:45:57 +0200 (EET) From: Iasen Kostov To: Ian Dowse Cc: Archie Cobbs , Harti Brandt , Subject: Re: NFS functions does *NOT* check if they really have allocated any memory In-Reply-To: <200211061652.aa61159@salmon.maths.tcd.ie> Message-ID: <20021106193326.J80368-100000@shadowhand.OTEL.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 6 Nov 2002, Ian Dowse wrote: > In message <200211061619.gA6GJZ93002593@arch20m.dellroad.org>, Archie Cobbs wri > tes: > >Oops, you're right.. sorry for the misinformation. > > > >Sounds like a bug to me (did Iasen file a PR?) > > kern/38872 already exists, and I'm sure there is a much older PR > that also describes this problem. Basically it is hard to fix because > the errors are detected so deep within functions and macros that > were never designed to correctly handle mbuf allocation failures. > > I think the most feasable solution would be to use libmchain or > something like it, but even that is a huge amount of work. The > workaround is of course just setting nmbclusters/nmbufs so high > that they never run out... I don't think that is a proper way go around such bug. Thus when you are DoS-ed how can you know how much mbuf you will need ?:). My problem apeared at the moment I've tried to scan 192.168.0.0/16 with nbtscan. Mbufs were exhausted for about 2-3 second. At that moment there was NFS activity - So server crashed... Ok I won't do that again - but someone else ? And how many parts of the kernel are afected by this problem. Raising nmbclusters/nmbufs at same scan with nbtscan will give my server about 2-3 second more life. That is no good and if someone DoS-es you (local user for example) no nmbclusters/nmbufs raising will save you. Can MGET really wait for memory when M_WAIT flag is used and not to timeouts (I don't know howlong is this timeout, but system crushes at the moment of first NFS operation , thus it should be < 10ms :) ? > Ian > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message