svn commit: r314813 - head/sys/kern

[Ngie Cooper (yaneurabeya)]

> On Mar 6, 2017, at 16:20, Hiren Panchasara <hiren at FreeBSD.org> wrote:
> 
> Author: hiren
> Date: Tue Mar  7 00:20:01 2017
> New Revision: 314813
> URL: https://svnweb.freebsd.org/changeset/base/314813
> 
> Log:
>  We've found a recurring problem where some userland process would be
>  stuck spinning at 100% cpu around sbcut_internal(). Inside
>  sbflush_internal(), sb_ccc reached to about 4GB and before passing it
>  to sbcut_internal(), we type-cast it from uint to int making it -ve.
> 
>  The root cause of sockbuf growing this large is unknown. Correct fix
>  is also not clear but based on mailing list discussions, adding
>  KASSERTs to panic instead of looping endlessly.
> 
>  Reviewed by:		glebius
>  Sponsored by:		Limelight Networks
> 
> Modified:
>  head/sys/kern/uipc_sockbuf.c
> 
> Modified: head/sys/kern/uipc_sockbuf.c
> ==============================================================================
> --- head/sys/kern/uipc_sockbuf.c	Tue Mar  7 00:13:53 2017	(r314812)
> +++ head/sys/kern/uipc_sockbuf.c	Tue Mar  7 00:20:01 2017	(r314813)
> @@ -1043,6 +1043,11 @@ sbcut_internal(struct sockbuf *sb, int l
> {
> 	struct mbuf *m, *next, *mfree;
> 
> +	KASSERT(len > 0, ("%s: len is %d but it is supposed to be +ve",
> +	    __func__, len));
> +	KASSERT(len <= sb->sb_ccc, ("%s: len: %d is > ccc: %u",
> +	    __func__, len, sb->sb_ccc));
> +
> 	next = (m = sb->sb_mb) ? m->m_nextpkt : 0;
> 	mfree = NULL;

The KASSERT is bad — please fix it. From https://ci.freebsd.org/job/FreeBSD-head-amd64-test/1994/console :

add host 127.0.0.1panic: sbcut_internal: len is 0 but it is supposed to be +ve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20170306/a9df6826/attachment.sig>