Extend the struct vm_page wire_count to u_int to avoid the overflow
of the counter, that may happen when too many sendfile(2) calls are being executed with this vnode [1]. To keep the size of the struct vm_page and offsets of the fields accessed by out-of-tree modules, swap the types and locations of the wire_count and cow fields. Add safety checks to detect cow overflow and force fallback to the normal copy code for zero-copy sockets. [2] Reported by: Anton Yuzhaninov <citrin citrin ru> [1] Suggested by: alc [2] Reviewed by: alc MFC after: 2 weeks
This commit is contained in:
parent
b56f7e98e0
commit
ac1b596fda
@ -129,7 +129,11 @@ socow_setup(struct mbuf *m0, struct uio *uio)
|
||||
* set up COW
|
||||
*/
|
||||
vm_page_lock_queues();
|
||||
vm_page_cowsetup(pp);
|
||||
if (vm_page_cowsetup(pp) != 0) {
|
||||
vm_page_unhold(pp);
|
||||
vm_page_unlock_queues();
|
||||
return (0);
|
||||
}
|
||||
|
||||
/*
|
||||
* wire the page for I/O
|
||||
|
@ -106,6 +106,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <sys/systm.h>
|
||||
#include <sys/lock.h>
|
||||
#include <sys/kernel.h>
|
||||
#include <sys/limits.h>
|
||||
#include <sys/malloc.h>
|
||||
#include <sys/mutex.h>
|
||||
#include <sys/proc.h>
|
||||
@ -2112,13 +2113,16 @@ vm_page_cowclear(vm_page_t m)
|
||||
*/
|
||||
}
|
||||
|
||||
void
|
||||
int
|
||||
vm_page_cowsetup(vm_page_t m)
|
||||
{
|
||||
|
||||
mtx_assert(&vm_page_queue_mtx, MA_OWNED);
|
||||
if (m->cow == USHRT_MAX - 1)
|
||||
return (EBUSY);
|
||||
m->cow++;
|
||||
pmap_remove_write(m);
|
||||
return (0);
|
||||
}
|
||||
|
||||
#include "opt_ddb.h"
|
||||
|
@ -111,12 +111,12 @@ struct vm_page {
|
||||
vm_paddr_t phys_addr; /* physical address of page */
|
||||
struct md_page md; /* machine dependant stuff */
|
||||
uint8_t queue; /* page queue index */
|
||||
int8_t segind;
|
||||
int8_t segind;
|
||||
u_short flags; /* see below */
|
||||
uint8_t order; /* index of the buddy queue */
|
||||
uint8_t pool;
|
||||
u_short wire_count; /* wired down maps refs (P) */
|
||||
u_int cow; /* page cow mapping count */
|
||||
u_short cow; /* page cow mapping count */
|
||||
u_int wire_count; /* wired down maps refs (P) */
|
||||
short hold_count; /* page hold count */
|
||||
u_short oflags; /* page flags (O) */
|
||||
u_char act_count; /* page usage count */
|
||||
@ -336,7 +336,7 @@ void vm_page_zero_invalid(vm_page_t m, boolean_t setvalid);
|
||||
void vm_page_free_toq(vm_page_t m);
|
||||
void vm_page_zero_idle_wakeup(void);
|
||||
void vm_page_cowfault (vm_page_t);
|
||||
void vm_page_cowsetup (vm_page_t);
|
||||
int vm_page_cowsetup(vm_page_t);
|
||||
void vm_page_cowclear (vm_page_t);
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user