Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 Aug 2000 06:11:56 +0200
From:      Tor.Egge@fast.no
To:        rwatson@FreeBSD.org
Cc:        ohartman@ipamzlx.physik.uni-mainz.de, freebsd-stable@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: 4.1 STABLE broken since today!
Message-ID:  <200008310411.GAA63367@midten.fast.no>
In-Reply-To: Your message of "Wed, 30 Aug 2000 22:30:20 -0400 (EDT)"
References:  <Pine.NEB.3.96L.1000830222247.18759A-100000@fledge.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> As commented on freebsd-current, this seems to have hit the -CURRENT
> kernel at the same time.  Someone should *not* have MFC'd some change
> immediately.  Not clear who yet.  I'm suspicious of the sbappend() changes
> that have been going in recently.


1.  The value of diff in chgsbsize was always positive
    (unsigned - unsigned results in an unsigned value).
    This causes bogus values in ui_sbsize.

2.  chgsbsize was not called as when the 3-way tcp handshake
    for incoming connection completed (in interrupt context).
    This results in sb_lowat being 0, causing infinite loop in
    kernel when attempting to write.

    sb_lowat should probably be set to 1 when sb_hiwat is 0

The following patch works for me.

Index: sys/kern/kern_proc.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.72
diff -u -r1.72 kern_proc.c
--- sys/kern/kern_proc.c	2000/08/30 04:49:07	1.72
+++ sys/kern/kern_proc.c	2000/08/31 03:56:30
@@ -210,7 +211,7 @@
 	if (uip == NULL)
 		uip = uicreate(uid);
 	s = splnet();
-	diff = to - *hiwat;
+	diff = (rlim_t) to - (rlim_t) *hiwat;
 	/* don't allow them to exceed max, but allow subtraction */
 	if (diff > 0 && uip->ui_sbsize + diff > max) {
 		(void)uifree(uip);
Index: sys/kern/uipc_socket2.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.63
diff -u -r1.63 uipc_socket2.c
--- sys/kern/uipc_socket2.c	2000/08/30 00:09:57	1.63
+++ sys/kern/uipc_socket2.c	2000/08/31 03:54:33
@@ -431,6 +431,14 @@
 		p->p_rlimit[RLIMIT_SBSIZE].rlim_cur)) {
 		return (0);
 	}
+	/* XXX: Incoming tcp setup handshake completes in software interrupt.
+	 *      Normally the hash table has an uidinfo structure for the
+	 *      relevant uid (unless setuid() was called after listen()).
+	 */
+	if (p == NULL && !chgsbsize(so->so_cred->cr_uid, &sb->sb_hiwat, cc,
+				    RLIM_INFINITY)) {
+	  return 0;
+	}
 	sb->sb_mbmax = min(cc * sb_efficiency, sb_max);
 	if (sb->sb_lowat > sb->sb_hiwat)
 		sb->sb_lowat = sb->sb_hiwat;


- Tor Egge


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008310411.GAA63367>