From owner-freebsd-current  Wed Aug 23 14:52:51 2000
Delivered-To: freebsd-current@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id AA02F37B423; Wed, 23 Aug 2000 14:52:47 -0700 (PDT)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id e7NLqjf19186;
	Wed, 23 Aug 2000 14:52:45 -0700 (PDT)
Date: Wed, 23 Aug 2000 14:52:45 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: John Polstra <jdp@polstra.com>
Cc: current@FreeBSD.ORG, green@FreeBSD.ORG
Subject: Re: panic: reducing sbsize: lost count, uid = 1001
Message-ID: <20000823145244.J4854@fw.wintelcom.net>
References: <XFMail.000823134617.jdp@polstra.com> <20000823142754.H4854@fw.wintelcom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <20000823142754.H4854@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Aug 23, 2000 at 02:27:54PM -0700
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Alfred Perlstein <bright@wintelcom.net> [000823 14:29] wrote:
> 
> I have a feeling that this is related to missing spl protection around
> the chgsbsize subsystem, this was probably an issue before I touched it
> but since I touched it last I'll have a look-see.
> 
> Brian, does that makes sense?

So far, here's functions that look like they call chgsbsize without
splnet:

socreate (called from socket() and socketpair(), on error calls
sofree() which then calls sodealloc() without splnet)

sonewconn3 (called from sonewconn which i'm unsure of the spl at
this point)

I'm sure there's more.

Does it make sense to wrap chgsbsize with spl so callers don't have
to worry about it?

John can you try this patch and let us know if you still experiance
crashes?

Index: kern_proc.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.69
diff -u -u -r1.69 kern_proc.c
--- kern_proc.c	2000/07/04 11:25:22	1.69
+++ kern_proc.c	2000/08/23 21:49:49
@@ -196,6 +196,7 @@
 	rlim_t	max;
 {
 	struct uidinfo *uip;
+	int	s = splnet();
 
 	uip = uifind(uid);
 	if (diff < 0)
@@ -205,10 +206,12 @@
 	/* don't allow them to exceed max, but allow subtraction */
 	if (diff > 0 && uip->ui_sbsize + diff > max) {
 		(void)uifree(uip);
+		splx(s);
 		return (0);
 	}
 	uip->ui_sbsize += diff;
 	(void)uifree(uip);
+	splx(s);
 	return (1);
 }


If this doesn't work then it may be nessesary to spl around examining
the socketbuffer's size.
 
thanks,
-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message