diff options
| author | peter <peter@FreeBSD.org> | 1999-06-04 02:27:06 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 1999-06-04 02:27:06 +0000 |
| commit | 8d081cadd7d0bba2f3f4723a0b0dd0f21b78b02f (patch) | |
| tree | c765958907d4337bbb02c3678e0c0b3759143b97 /sys/kern/uipc_socket.c | |
| parent | c398b85a52e06ae03b4fd109db60ea7864ae782f (diff) | |
| download | FreeBSD-src-8d081cadd7d0bba2f3f4723a0b0dd0f21b78b02f.zip FreeBSD-src-8d081cadd7d0bba2f3f4723a0b0dd0f21b78b02f.tar.gz | |
Plug a mbuf leak in tcp_usr_send(). pru_send() routines are expected
to either enqueue or free their mbuf chains, but tcp_usr_send() was
dropping them on the floor if the tcpcb/inpcb has been torn down in the
middle of a send/write attempt. This has been responsible for a wide
variety of mbuf leak patterns, ranging from slow gradual leakage to rather
rapid exhaustion. This has been a problem since before 2.2 was branched
and appears to have been fixed in rev 1.16 and lost in 1.23/1.28.
Thanks to Jayanth Vijayaraghavan <jayanth@yahoo-inc.com> for checking
(extensively) into this on a live production 2.2.x system and that it
was the actual cause of the leak and looks like it fixes it. The machine
in question was loosing (from memory) about 150 mbufs per hour under
load and a change similar to this stopped it. (Don't blame Jayanth
for this patch though)
An alternative approach to this would be to recheck SS_CANTSENDMORE etc
inside the splnet() right before calling pru_send() after all the potential
sleeps, interrupts and delays have happened. However, this would mean
exposing knowledge of the tcp stack's reset handling and removal of the
pcb to the generic code. There are other things that call pru_send()
directly though.
Problem originally noted by: John Plevyak <jplevyak@inktomi.com>
Diffstat (limited to 'sys/kern/uipc_socket.c')
| -rw-r--r-- | sys/kern/uipc_socket.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index 4f2c486..8e911b6 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)uipc_socket.c 8.3 (Berkeley) 4/15/94 - * $Id: uipc_socket.c,v 1.57 1999/05/03 23:57:23 billf Exp $ + * $Id: uipc_socket.c,v 1.58 1999/05/21 15:54:40 ache Exp $ */ #include <sys/param.h> @@ -538,6 +538,15 @@ nopages: if (dontroute) so->so_options |= SO_DONTROUTE; s = splnet(); /* XXX */ + /* + * XXX all the SS_CANTSENDMORE checks previously + * done could be out of date. We could have recieved + * a reset packet in an interrupt or maybe we slept + * while doing page faults in uiomove() etc. We could + * probably recheck again inside the splnet() protection + * here, but there are probably other places that this + * also happens. We must rethink this. + */ error = (*so->so_proto->pr_usrreqs->pru_send)(so, (flags & MSG_OOB) ? PRUS_OOB : /* |
