Date: Tue, 7 Mar 2017 00:20:02 +0000 (UTC) From: Hiren Panchasara <hiren@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r314813 - head/sys/kern Message-ID: <201703070020.v270K2vA039655@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hiren Date: Tue Mar 7 00:20:01 2017 New Revision: 314813 URL: https://svnweb.freebsd.org/changeset/base/314813 Log: We've found a recurring problem where some userland process would be stuck spinning at 100% cpu around sbcut_internal(). Inside sbflush_internal(), sb_ccc reached to about 4GB and before passing it to sbcut_internal(), we type-cast it from uint to int making it -ve. The root cause of sockbuf growing this large is unknown. Correct fix is also not clear but based on mailing list discussions, adding KASSERTs to panic instead of looping endlessly. Reviewed by: glebius Sponsored by: Limelight Networks Modified: head/sys/kern/uipc_sockbuf.c Modified: head/sys/kern/uipc_sockbuf.c ============================================================================== --- head/sys/kern/uipc_sockbuf.c Tue Mar 7 00:13:53 2017 (r314812) +++ head/sys/kern/uipc_sockbuf.c Tue Mar 7 00:20:01 2017 (r314813) @@ -1043,6 +1043,11 @@ sbcut_internal(struct sockbuf *sb, int l { struct mbuf *m, *next, *mfree; + KASSERT(len > 0, ("%s: len is %d but it is supposed to be +ve", + __func__, len)); + KASSERT(len <= sb->sb_ccc, ("%s: len: %d is > ccc: %u", + __func__, len, sb->sb_ccc)); + next = (m = sb->sb_mb) ? m->m_nextpkt : 0; mfree = NULL;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703070020.v270K2vA039655>