From owner-freebsd-stable Thu Aug 31 6:21:42 2000 Delivered-To: freebsd-stable@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id B8B7637B422; Thu, 31 Aug 2000 06:21:33 -0700 (PDT) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id GAA11152; Thu, 31 Aug 2000 06:21:28 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id GAA88739; Thu, 31 Aug 2000 06:21:28 -0700 (PDT) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id GAA09415; Thu, 31 Aug 2000 06:21:23 -0700 (PDT) From: Don Lewis Message-Id: <200008311321.GAA09415@salsa.gv.tsc.tdk.com> Date: Thu, 31 Aug 2000 06:21:23 -0700 In-Reply-To: <200008310411.GAA63367@midten.fast.no> References: <200008310411.GAA63367@midten.fast.no> X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Tor.Egge@fast.no, rwatson@FreeBSD.ORG Subject: Re: 4.1 STABLE broken since today! Cc: ohartman@ipamzlx.physik.uni-mainz.de, freebsd-stable@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Aug 31, 6:11am, Tor.Egge@fast.no wrote: } Subject: Re: 4.1 STABLE broken since today! } > } > As commented on freebsd-current, this seems to have hit the -CURRENT } > kernel at the same time. Someone should *not* have MFC'd some change } > immediately. Not clear who yet. I'm suspicious of the sbappend() changes } > that have been going in recently. } } } 1. The value of diff in chgsbsize was always positive } (unsigned - unsigned results in an unsigned value). } This causes bogus values in ui_sbsize. [ snip ] } The following patch works for me. } } Index: sys/kern/kern_proc.c } =================================================================== } RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v } retrieving revision 1.72 } diff -u -r1.72 kern_proc.c } --- sys/kern/kern_proc.c 2000/08/30 04:49:07 1.72 } +++ sys/kern/kern_proc.c 2000/08/31 03:56:30 } @@ -210,7 +211,7 @@ } if (uip == NULL) } uip = uicreate(uid); } s = splnet(); } - diff = to - *hiwat; } + diff = (rlim_t) to - (rlim_t) *hiwat; } /* don't allow them to exceed max, but allow subtraction */ } if (diff > 0 && uip->ui_sbsize + diff > max) { } (void)uifree(uip); This depends on rlim_t being a signed type (which is happens to be). Also, if "to" is the same width as rlim_t, then this code could break if the difference was greater than the maximum positive value of rlim_t (not likely in this particular case). Changing the test from diff > 0 to to > *hiwat is much safer. I prefer the following patch to kern_proc.c, which also pulls uifree() out of splnet(), and eliminates some duplicate code. I'm not yet running 4-stable, so I can't test this patch other than to see if it compiles without error. --- kern_proc.c- Wed Aug 30 05:29:52 2000 +++ kern_proc.c Thu Aug 31 05:57:11 2000 @@ -201,7 +201,8 @@ rlim_t max; { struct uidinfo *uip; - rlim_t diff; + rlim_t new; + int ok = 0; int s; uip = uifind(uid); @@ -210,18 +211,16 @@ if (uip == NULL) uip = uicreate(uid); s = splnet(); - diff = to - *hiwat; + new = uip->ui_sbsize + to - *hiwat; /* don't allow them to exceed max, but allow subtraction */ - if (diff > 0 && uip->ui_sbsize + diff > max) { - (void)uifree(uip); - splx(s); - return (0); + if (to <= *hiwat || new <= max) { + uip->ui_sbsize = new; + *hiwat = to; + ok = 1; } - uip->ui_sbsize += diff; - *hiwat = to; - (void)uifree(uip); splx(s); - return (1); + (void)uifree(uip); + return (ok); } /* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message