From owner-svn-src-head@FreeBSD.ORG Sat Jan 3 13:24:09 2009 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 940AC1065673; Sat, 3 Jan 2009 13:24:09 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 82F678FC14; Sat, 3 Jan 2009 13:24:09 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n03DO9C9028835; Sat, 3 Jan 2009 13:24:09 GMT (envelope-from kib@svn.freebsd.org) Received: (from kib@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n03DO921028832; Sat, 3 Jan 2009 13:24:09 GMT (envelope-from kib@svn.freebsd.org) Message-Id: <200901031324.n03DO921028832@svn.freebsd.org> From: Konstantin Belousov Date: Sat, 3 Jan 2009 13:24:09 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r186719 - in head/sys: kern vm X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jan 2009 13:24:10 -0000 Author: kib Date: Sat Jan 3 13:24:08 2009 New Revision: 186719 URL: http://svn.freebsd.org/changeset/base/186719 Log: Extend the struct vm_page wire_count to u_int to avoid the overflow of the counter, that may happen when too many sendfile(2) calls are being executed with this vnode [1]. To keep the size of the struct vm_page and offsets of the fields accessed by out-of-tree modules, swap the types and locations of the wire_count and cow fields. Add safety checks to detect cow overflow and force fallback to the normal copy code for zero-copy sockets. [2] Reported by: Anton Yuzhaninov [1] Suggested by: alc [2] Reviewed by: alc MFC after: 2 weeks Modified: head/sys/kern/uipc_cow.c head/sys/vm/vm_page.c head/sys/vm/vm_page.h Modified: head/sys/kern/uipc_cow.c ============================================================================== --- head/sys/kern/uipc_cow.c Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/kern/uipc_cow.c Sat Jan 3 13:24:08 2009 (r186719) @@ -129,7 +129,11 @@ socow_setup(struct mbuf *m0, struct uio * set up COW */ vm_page_lock_queues(); - vm_page_cowsetup(pp); + if (vm_page_cowsetup(pp) != 0) { + vm_page_unhold(pp); + vm_page_unlock_queues(); + return (0); + } /* * wire the page for I/O Modified: head/sys/vm/vm_page.c ============================================================================== --- head/sys/vm/vm_page.c Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/vm/vm_page.c Sat Jan 3 13:24:08 2009 (r186719) @@ -106,6 +106,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -2112,13 +2113,16 @@ vm_page_cowclear(vm_page_t m) */ } -void +int vm_page_cowsetup(vm_page_t m) { mtx_assert(&vm_page_queue_mtx, MA_OWNED); + if (m->cow == USHRT_MAX - 1) + return (EBUSY); m->cow++; pmap_remove_write(m); + return (0); } #include "opt_ddb.h" Modified: head/sys/vm/vm_page.h ============================================================================== --- head/sys/vm/vm_page.h Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/vm/vm_page.h Sat Jan 3 13:24:08 2009 (r186719) @@ -111,12 +111,12 @@ struct vm_page { vm_paddr_t phys_addr; /* physical address of page */ struct md_page md; /* machine dependant stuff */ uint8_t queue; /* page queue index */ - int8_t segind; + int8_t segind; u_short flags; /* see below */ uint8_t order; /* index of the buddy queue */ uint8_t pool; - u_short wire_count; /* wired down maps refs (P) */ - u_int cow; /* page cow mapping count */ + u_short cow; /* page cow mapping count */ + u_int wire_count; /* wired down maps refs (P) */ short hold_count; /* page hold count */ u_short oflags; /* page flags (O) */ u_char act_count; /* page usage count */ @@ -336,7 +336,7 @@ void vm_page_zero_invalid(vm_page_t m, b void vm_page_free_toq(vm_page_t m); void vm_page_zero_idle_wakeup(void); void vm_page_cowfault (vm_page_t); -void vm_page_cowsetup (vm_page_t); +int vm_page_cowsetup(vm_page_t); void vm_page_cowclear (vm_page_t); /*