From owner-freebsd-hackers@FreeBSD.ORG Tue Apr 8 13:24:51 2014 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 870C8E6A for ; Tue, 8 Apr 2014 13:24:51 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 03835114F for ; Tue, 8 Apr 2014 13:24:50 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.8/8.14.8) with ESMTP id s38DOgVB073878; Tue, 8 Apr 2014 16:24:42 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua s38DOgVB073878 Received: (from kostik@localhost) by tom.home (8.14.8/8.14.8/Submit) id s38DOgtR073877; Tue, 8 Apr 2014 16:24:42 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Tue, 8 Apr 2014 16:24:42 +0300 From: Konstantin Belousov To: Mateusz Guzik Subject: Re: pipe() resource exhaustion Message-ID: <20140408132442.GZ21331@kib.kiev.ua> References: <20140408130206.e75f3bf6c6df28b6e4839e70@yahoo.es> <20140408121222.GB30326@dft-labs.eu> <20140408123827.GW21331@kib.kiev.ua> <20140408130727.GA11363@dft-labs.eu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jOWcLJj2EpBZWei/" Content-Disposition: inline In-Reply-To: <20140408130727.GA11363@dft-labs.eu> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home Cc: freebsd-hackers@freebsd.org, Eduardo Morras X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 13:24:51 -0000 --jOWcLJj2EpBZWei/ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 08, 2014 at 03:07:27PM +0200, Mateusz Guzik wrote: > On Tue, Apr 08, 2014 at 03:38:27PM +0300, Konstantin Belousov wrote: > > On Tue, Apr 08, 2014 at 02:12:22PM +0200, Mateusz Guzik wrote: > > > That said, supporting a reserve for this one sounds like a good idea = and > > > not that hard to implement - one can either play with atomics and dou= ble > > > check or just place a mutex-protected check in pipespace_new (before > > > vm_map_find). > > >=20 > > ... > >=20 > > I think more reasonable behaviour there is to just fall back to the > > buffered pipe if the direct buffer allocation fails. Look at the > > pipespace_new() calls in the pipe_create(); probably ignoring the error > > would do the trick. >=20 > Yeah, should have checked the caller. >=20 > Interesting though how the error was made fatal in thiscase. >=20 > Anyhow, the following hack following your suggestion indeed makes the > issue go away for me: >=20 > diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c > index 6ba52e3..5930cf2 100644 > --- a/sys/kern/sys_pipe.c > +++ b/sys/kern/sys_pipe.c > @@ -647,19 +647,21 @@ pipe_create(pipe, backing) > struct pipe *pipe; > int backing; > { > - int error; > =20 > if (backing) { > + /* > + * Note that these functions can fail, but we ignore > + * the error as it is not fatal and could be provoked > + * by users. > + */ > if (amountpipekva > maxpipekva / 2) > - error =3D pipespace_new(pipe, SMALL_PIPE_SIZE); > + (void)pipespace_new(pipe, SMALL_PIPE_SIZE); > else > - error =3D pipespace_new(pipe, PIPE_SIZE); > - } else { > - /* If we're not backing this pipe, no need to do anything. */ > - error =3D 0; > + (void)pipespace_new(pipe, PIPE_SIZE); > } > + > pipe->pipe_ino =3D -1; > - return (error); > + return (0); > } > =20 Yes, this looks right. I think it does not make sense to continue returning an error from the pipe_create() after the patch. The change would become bigger, but the code for pipe_create() and pipe_paircreate collapse. It seems that pipe_paircreate() can be changed to return void as well, but the benefits would be smaller. --jOWcLJj2EpBZWei/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTQ/iZAAoJEJDCuSvBvK1BBfQQAI7tkEtMy0vu8RcyAWqnJ8um s1U+4k3erTlFOVmep1TuxYuqyyyrssoKtBMBXec3Vai+DRu+ahuDZH98wEWMNNag y0vRvarKdAB6JYSW6N/566Ki/L39aDxlFOY6eRwyDcSOX2p5nUFjGgOpgi8bwZEb MhoFYjOJkzAU3Gr3LpltirPC5k7r2jDKUU7UE6kUYDTZvpYNmqTC8BEXyOTV8O5F LDq9+zSzGtFpSc5cHvylDKTknjY4OsfnWcdS3IEOvWThwEc2uFBNW3HQ144W4ZjE BhNCnZQDSKmckqSgbn6fbqX0d5G3DJC4qy2dyl7yZBLaqqcnyt8jBdmIUPGTwu9a WVRGRux59PHeKp6f9OhLg7tpgFEsRNyMRVAS8wfsLGOgJm1yefdFkixnSCTCR4Pr 5pF2LmXmtKYaGuMvVpK9ctf8Uaaop+GddG//+0tzX5mgO5pOSr0s0fGtq++8/Vxm OAq5zuEAdHRWCL0/DgSa8JQyTVcEIy/CjRqrsNopnyVY/FfHkz4rtITrYQIpS2Vk kFLmJayC2F50Sd7c5DcGdtEWX9NPDSnUGXdzldpTBQd3POUgGW5bT8DNWu/YQwf/ GMxzHgrnHn8+ZoVMaMgtpVygOVRtzwU1PTh6PPbYMpkJToNN1nfbaYh4zGUCb0oc FGy0n1AfG+JKzVIwqeME =xrP+ -----END PGP SIGNATURE----- --jOWcLJj2EpBZWei/--