svn commit: r314813 - head/sys/kern

[Hiren Panchasara]

Author: hiren
Date: Tue Mar  7 00:20:01 2017
New Revision: 314813
URL: https://svnweb.freebsd.org/changeset/base/314813

Log:
  We've found a recurring problem where some userland process would be
  stuck spinning at 100% cpu around sbcut_internal(). Inside
  sbflush_internal(), sb_ccc reached to about 4GB and before passing it
  to sbcut_internal(), we type-cast it from uint to int making it -ve.
  
  The root cause of sockbuf growing this large is unknown. Correct fix
  is also not clear but based on mailing list discussions, adding
  KASSERTs to panic instead of looping endlessly.
  
  Reviewed by:		glebius
  Sponsored by:		Limelight Networks

Modified:
  head/sys/kern/uipc_sockbuf.c

Modified: head/sys/kern/uipc_sockbuf.c
==============================================================================
--- head/sys/kern/uipc_sockbuf.c	Tue Mar  7 00:13:53 2017	(r314812)
+++ head/sys/kern/uipc_sockbuf.c	Tue Mar  7 00:20:01 2017	(r314813)
@@ -1043,6 +1043,11 @@ sbcut_internal(struct sockbuf *sb, int l
 {
 	struct mbuf *m, *next, *mfree;
 
+	KASSERT(len > 0, ("%s: len is %d but it is supposed to be +ve",
+	    __func__, len));
+	KASSERT(len <= sb->sb_ccc, ("%s: len: %d is > ccc: %u",
+	    __func__, len, sb->sb_ccc));
+
 	next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
 	mfree = NULL;