cvs commit: src/sys/vm uma_core.c uma_dbg.c
Brian Feldman
green at FreeBSD.org
Fri Oct 8 13:19:30 PDT 2004
green 2004-10-08 20:19:29 UTC
FreeBSD src repository
Modified files:
sys/vm uma_core.c uma_dbg.c
Log:
Fix critical stability problems that can cause UMA mbuf cluster
state management corruption, mbuf leaks, general mbuf corruption,
and at least on i386 a first level splash damage radius that
encompasses up to about half a megabyte of the memory after
an mbuf cluster's allocation slab. In short, this has caused
instability nightmares anywhere the right kind of network traffic
is present.
When the polymorphic refcount slabs were added to UMA, the new types
were not used pervasively. In particular, the slab management
structure was turned into one for refcounts, and one for non-refcounts
(supposed to be mostly like the old slab management structure),
but the latter was almost always used through out. In general, every
access to zones with UMA_ZONE_REFCNT turned on corrupted the
"next free" slab offset offset and the refcount with each other and
with other allocations (on i386, 2 mbuf clusters per 4096 byte slab).
Fix things so that the right type is used to access refcounted zones
where it was not before. There are additional errors in gross
overestimation of padding, it seems, that would cause a large kegs
(nee zones) to be allocated when small ones would do. Unless I have
analyzed this incorrectly, it is not directly harmful.
Revision Changes Path
1.106 +27 -11 src/sys/vm/uma_core.c
1.16 +37 -13 src/sys/vm/uma_dbg.c
More information about the cvs-src
mailing list