Date: Sat, 3 Jan 2009 13:24:09 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r186719 - in head/sys: kern vm Message-ID: <200901031324.n03DO921028832@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Sat Jan 3 13:24:08 2009 New Revision: 186719 URL: http://svn.freebsd.org/changeset/base/186719 Log: Extend the struct vm_page wire_count to u_int to avoid the overflow of the counter, that may happen when too many sendfile(2) calls are being executed with this vnode [1]. To keep the size of the struct vm_page and offsets of the fields accessed by out-of-tree modules, swap the types and locations of the wire_count and cow fields. Add safety checks to detect cow overflow and force fallback to the normal copy code for zero-copy sockets. [2] Reported by: Anton Yuzhaninov <citrin citrin ru> [1] Suggested by: alc [2] Reviewed by: alc MFC after: 2 weeks Modified: head/sys/kern/uipc_cow.c head/sys/vm/vm_page.c head/sys/vm/vm_page.h Modified: head/sys/kern/uipc_cow.c ============================================================================== --- head/sys/kern/uipc_cow.c Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/kern/uipc_cow.c Sat Jan 3 13:24:08 2009 (r186719) @@ -129,7 +129,11 @@ socow_setup(struct mbuf *m0, struct uio * set up COW */ vm_page_lock_queues(); - vm_page_cowsetup(pp); + if (vm_page_cowsetup(pp) != 0) { + vm_page_unhold(pp); + vm_page_unlock_queues(); + return (0); + } /* * wire the page for I/O Modified: head/sys/vm/vm_page.c ============================================================================== --- head/sys/vm/vm_page.c Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/vm/vm_page.c Sat Jan 3 13:24:08 2009 (r186719) @@ -106,6 +106,7 @@ __FBSDID("$FreeBSD$"); #include <sys/systm.h> #include <sys/lock.h> #include <sys/kernel.h> +#include <sys/limits.h> #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/proc.h> @@ -2112,13 +2113,16 @@ vm_page_cowclear(vm_page_t m) */ } -void +int vm_page_cowsetup(vm_page_t m) { mtx_assert(&vm_page_queue_mtx, MA_OWNED); + if (m->cow == USHRT_MAX - 1) + return (EBUSY); m->cow++; pmap_remove_write(m); + return (0); } #include "opt_ddb.h" Modified: head/sys/vm/vm_page.h ============================================================================== --- head/sys/vm/vm_page.h Sat Jan 3 12:09:18 2009 (r186718) +++ head/sys/vm/vm_page.h Sat Jan 3 13:24:08 2009 (r186719) @@ -111,12 +111,12 @@ struct vm_page { vm_paddr_t phys_addr; /* physical address of page */ struct md_page md; /* machine dependant stuff */ uint8_t queue; /* page queue index */ - int8_t segind; + int8_t segind; u_short flags; /* see below */ uint8_t order; /* index of the buddy queue */ uint8_t pool; - u_short wire_count; /* wired down maps refs (P) */ - u_int cow; /* page cow mapping count */ + u_short cow; /* page cow mapping count */ + u_int wire_count; /* wired down maps refs (P) */ short hold_count; /* page hold count */ u_short oflags; /* page flags (O) */ u_char act_count; /* page usage count */ @@ -336,7 +336,7 @@ void vm_page_zero_invalid(vm_page_t m, b void vm_page_free_toq(vm_page_t m); void vm_page_zero_idle_wakeup(void); void vm_page_cowfault (vm_page_t); -void vm_page_cowsetup (vm_page_t); +int vm_page_cowsetup(vm_page_t); void vm_page_cowclear (vm_page_t); /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901031324.n03DO921028832>