From owner-freebsd-stable Wed Aug 30 23:12:20 2000 Delivered-To: freebsd-stable@freebsd.org Received: from midten.fast.no (midten.fast.no [213.188.8.11]) by hub.freebsd.org (Postfix) with ESMTP id B951637B424; Wed, 30 Aug 2000 23:12:08 -0700 (PDT) Received: from fast.no (IDENT:tegge@midten.fast.no [213.188.8.11]) by midten.fast.no (8.9.3/8.9.3) with ESMTP id GAA63367; Thu, 31 Aug 2000 06:11:56 +0200 (CEST) Message-Id: <200008310411.GAA63367@midten.fast.no> To: rwatson@FreeBSD.org Cc: ohartman@ipamzlx.physik.uni-mainz.de, freebsd-stable@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: 4.1 STABLE broken since today! From: Tor.Egge@fast.no In-Reply-To: Your message of "Wed, 30 Aug 2000 22:30:20 -0400 (EDT)" References: X-Mailer: Mew version 1.70 on Emacs 19.34.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 31 Aug 2000 06:11:56 +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > As commented on freebsd-current, this seems to have hit the -CURRENT > kernel at the same time. Someone should *not* have MFC'd some change > immediately. Not clear who yet. I'm suspicious of the sbappend() changes > that have been going in recently. 1. The value of diff in chgsbsize was always positive (unsigned - unsigned results in an unsigned value). This causes bogus values in ui_sbsize. 2. chgsbsize was not called as when the 3-way tcp handshake for incoming connection completed (in interrupt context). This results in sb_lowat being 0, causing infinite loop in kernel when attempting to write. sb_lowat should probably be set to 1 when sb_hiwat is 0 The following patch works for me. Index: sys/kern/kern_proc.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v retrieving revision 1.72 diff -u -r1.72 kern_proc.c --- sys/kern/kern_proc.c 2000/08/30 04:49:07 1.72 +++ sys/kern/kern_proc.c 2000/08/31 03:56:30 @@ -210,7 +211,7 @@ if (uip == NULL) uip = uicreate(uid); s = splnet(); - diff = to - *hiwat; + diff = (rlim_t) to - (rlim_t) *hiwat; /* don't allow them to exceed max, but allow subtraction */ if (diff > 0 && uip->ui_sbsize + diff > max) { (void)uifree(uip); Index: sys/kern/uipc_socket2.c =================================================================== RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.63 diff -u -r1.63 uipc_socket2.c --- sys/kern/uipc_socket2.c 2000/08/30 00:09:57 1.63 +++ sys/kern/uipc_socket2.c 2000/08/31 03:54:33 @@ -431,6 +431,14 @@ p->p_rlimit[RLIMIT_SBSIZE].rlim_cur)) { return (0); } + /* XXX: Incoming tcp setup handshake completes in software interrupt. + * Normally the hash table has an uidinfo structure for the + * relevant uid (unless setuid() was called after listen()). + */ + if (p == NULL && !chgsbsize(so->so_cred->cr_uid, &sb->sb_hiwat, cc, + RLIM_INFINITY)) { + return 0; + } sb->sb_mbmax = min(cc * sb_efficiency, sb_max); if (sb->sb_lowat > sb->sb_hiwat) sb->sb_lowat = sb->sb_hiwat; - Tor Egge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message