Date: Thu, 31 Aug 2000 06:11:56 +0200 From: Tor.Egge@fast.no To: rwatson@FreeBSD.org Cc: ohartman@ipamzlx.physik.uni-mainz.de, freebsd-stable@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: 4.1 STABLE broken since today! Message-ID: <200008310411.GAA63367@midten.fast.no> In-Reply-To: Your message of "Wed, 30 Aug 2000 22:30:20 -0400 (EDT)" References: <Pine.NEB.3.96L.1000830222247.18759A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> As commented on freebsd-current, this seems to have hit the -CURRENT
> kernel at the same time. Someone should *not* have MFC'd some change
> immediately. Not clear who yet. I'm suspicious of the sbappend() changes
> that have been going in recently.
1. The value of diff in chgsbsize was always positive
(unsigned - unsigned results in an unsigned value).
This causes bogus values in ui_sbsize.
2. chgsbsize was not called as when the 3-way tcp handshake
for incoming connection completed (in interrupt context).
This results in sb_lowat being 0, causing infinite loop in
kernel when attempting to write.
sb_lowat should probably be set to 1 when sb_hiwat is 0
The following patch works for me.
Index: sys/kern/kern_proc.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v
retrieving revision 1.72
diff -u -r1.72 kern_proc.c
--- sys/kern/kern_proc.c 2000/08/30 04:49:07 1.72
+++ sys/kern/kern_proc.c 2000/08/31 03:56:30
@@ -210,7 +211,7 @@
if (uip == NULL)
uip = uicreate(uid);
s = splnet();
- diff = to - *hiwat;
+ diff = (rlim_t) to - (rlim_t) *hiwat;
/* don't allow them to exceed max, but allow subtraction */
if (diff > 0 && uip->ui_sbsize + diff > max) {
(void)uifree(uip);
Index: sys/kern/uipc_socket2.c
===================================================================
RCS file: /home/ncvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.63
diff -u -r1.63 uipc_socket2.c
--- sys/kern/uipc_socket2.c 2000/08/30 00:09:57 1.63
+++ sys/kern/uipc_socket2.c 2000/08/31 03:54:33
@@ -431,6 +431,14 @@
p->p_rlimit[RLIMIT_SBSIZE].rlim_cur)) {
return (0);
}
+ /* XXX: Incoming tcp setup handshake completes in software interrupt.
+ * Normally the hash table has an uidinfo structure for the
+ * relevant uid (unless setuid() was called after listen()).
+ */
+ if (p == NULL && !chgsbsize(so->so_cred->cr_uid, &sb->sb_hiwat, cc,
+ RLIM_INFINITY)) {
+ return 0;
+ }
sb->sb_mbmax = min(cc * sb_efficiency, sb_max);
if (sb->sb_lowat > sb->sb_hiwat)
sb->sb_lowat = sb->sb_hiwat;
- Tor Egge
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008310411.GAA63367>