From owner-freebsd-arch  Tue Sep  5  0:32:20 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16])
	by hub.freebsd.org (Postfix) with ESMTP
	id 3F20937B422; Tue,  5 Sep 2000 00:32:16 -0700 (PDT)
Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102])
	by mailman.zeta.org.au (8.8.7/8.8.7) with ESMTP id SAA22814;
	Tue, 5 Sep 2000 18:32:04 +1100
Date: Tue, 5 Sep 2000 18:32:01 +1100 (EST)
From: Bruce Evans <bde@zeta.org.au>
X-Sender: bde@besplex.bde.org
To: Don Lewis <Don.Lewis@tsc.tdk.com>
Cc: Robert Watson <rwatson@FreeBSD.ORG>, freebsd-arch@FreeBSD.ORG
Subject: Re: Request for review: restructuring of per-uid resource limits
In-Reply-To: <200009041718.KAA21836@salsa.gv.tsc.tdk.com>
Message-ID: <Pine.BSF.4.21.0009051756180.23890-100000@besplex.bde.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 4 Sep 2000, Don Lewis wrote:

> I'd like to get my patch tested and into the tree sooner rather than
> later, since I'm concerned about bugs in the existing implementation.
> I also want something that can be MFC'ed to 4-stable.

The sbsize limit should be backed out of 4-stable until it is correctly
implemented.  Recent changes probably increased the chance of a panic
by calling chgsbsize() in interrupt context.  I think the previous
version was more likely to cause an effective limit of nearly
RLIM_INFINITY (even when the apparent limit is much lower) and a
resource leak than a panic, since the result of incrementing sb_hiwat
in interrupt context without incrementing ui_sbsize was to tend to
make ui_sbsize go negative when the socket is deallocated.  There was
only a panic when ui_sbsize hit precisely 0 earlier than it should have
(and ui_proccnt was also 0).

The bugs in chgsbsize() would probably have been detected earlier if
the sanity checks were unconditional and complete like they were for
ui_proccnt in rev.1.65 of kern_proc.c.  The check for ui_proccnt going
negative was removed and the check for ui_proccnt going to precisely 0
too early was made conditional (turned into a KASSERT()).  The check
for ui_sbsize going negative never existed and the check for ui_sbsize
going to precisely 0 too early was always a KASSERT().

Bruce



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message