Date: Thu, 31 Aug 2000 06:11:56 +0200 From: Tor.Egge@fast.no To: rwatson@FreeBSD.org Cc: ohartman@ipamzlx.physik.uni-mainz.de, freebsd-stable@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: 4.1 STABLE broken since today! Message-ID: <200008310411.GAA63367@midten.fast.no> In-Reply-To: Your message of "Wed, 30 Aug 2000 22:30:20 -0400 (EDT)" References: <Pine.NEB.3.96L.1000830222247.18759A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > As commented on freebsd-current, this seems to have hit the -CURRENT > kernel at the same time. Someone should *not* have MFC'd some change > immediately. Not clear who yet. I'm suspicious of the sbappend() changes > that have been going in recently. 1. The value of diff in chgsbsize was always positive (unsigned - unsigned results in an unsigned value). This causes bogus values in ui_sbsize. 2. chgsbsize was not called as when the 3-way tcp handshake for incoming connection completed (in interrupt context). This results in sb_lowat being 0, causing infinite loop in kernel when attempting to write. sb_lowat should probably be set to 1 when sb_hiwat is 0 The following patch works for me. Index: sys/kern/kern_proc.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v retrieving revision 1.72 diff -u -r1.72 kern_proc.c --- sys/kern/kern_proc.c 2000/08/30 04:49:07 1.72 +++ sys/kern/kern_proc.c 2000/08/31 03:56:30 @@ -210,7 +211,7 @@ if (uip == NULL) uip = uicreate(uid); s = splnet(); - diff = to - *hiwat; + diff = (rlim_t) to - (rlim_t) *hiwat; /* don't allow them to exceed max, but allow subtraction */ if (diff > 0 && uip->ui_sbsize + diff > max) { (void)uifree(uip); Index: sys/kern/uipc_socket2.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.63 diff -u -r1.63 uipc_socket2.c --- sys/kern/uipc_socket2.c 2000/08/30 00:09:57 1.63 +++ sys/kern/uipc_socket2.c 2000/08/31 03:54:33 @@ -431,6 +431,14 @@ p->p_rlimit[RLIMIT_SBSIZE].rlim_cur)) { return (0); } + /* XXX: Incoming tcp setup handshake completes in software interrupt. + * Normally the hash table has an uidinfo structure for the + * relevant uid (unless setuid() was called after listen()). + */ + if (p == NULL && !chgsbsize(so->so_cred->cr_uid, &sb->sb_hiwat, cc, + RLIM_INFINITY)) { + return 0; + } sb->sb_mbmax = min(cc * sb_efficiency, sb_max); if (sb->sb_lowat > sb->sb_hiwat) sb->sb_lowat = sb->sb_hiwat; - Tor Egge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008310411.GAA63367>