diff options
| author | kib <kib@FreeBSD.org> | 2009-01-03 13:24:08 +0000 |
|---|---|---|
| committer | kib <kib@FreeBSD.org> | 2009-01-03 13:24:08 +0000 |
| commit | ac1b596fda316feecb2bc8a1cb16497b97cf347d (patch) | |
| tree | f93d7d74242b43d90f0d5ae66178f38c2a8dd273 /sys/vm | |
| parent | b56f7e98e0bd71a121a4fecc03a2679f6602fefa (diff) | |
| download | FreeBSD-src-ac1b596fda316feecb2bc8a1cb16497b97cf347d.zip FreeBSD-src-ac1b596fda316feecb2bc8a1cb16497b97cf347d.tar.gz | |
Extend the struct vm_page wire_count to u_int to avoid the overflow
of the counter, that may happen when too many sendfile(2) calls are
being executed with this vnode [1].
To keep the size of the struct vm_page and offsets of the fields
accessed by out-of-tree modules, swap the types and locations
of the wire_count and cow fields. Add safety checks to detect cow
overflow and force fallback to the normal copy code for zero-copy
sockets. [2]
Reported by: Anton Yuzhaninov <citrin citrin ru> [1]
Suggested by: alc [2]
Reviewed by: alc
MFC after: 2 weeks
Diffstat (limited to 'sys/vm')
| -rw-r--r-- | sys/vm/vm_page.c | 6 | ||||
| -rw-r--r-- | sys/vm/vm_page.h | 8 |
2 files changed, 9 insertions, 5 deletions
diff --git a/sys/vm/vm_page.c b/sys/vm/vm_page.c index a4ac79b..8befdd5 100644 --- a/sys/vm/vm_page.c +++ b/sys/vm/vm_page.c @@ -106,6 +106,7 @@ __FBSDID("$FreeBSD$"); #include <sys/systm.h> #include <sys/lock.h> #include <sys/kernel.h> +#include <sys/limits.h> #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/proc.h> @@ -2112,13 +2113,16 @@ vm_page_cowclear(vm_page_t m) */ } -void +int vm_page_cowsetup(vm_page_t m) { mtx_assert(&vm_page_queue_mtx, MA_OWNED); + if (m->cow == USHRT_MAX - 1) + return (EBUSY); m->cow++; pmap_remove_write(m); + return (0); } #include "opt_ddb.h" diff --git a/sys/vm/vm_page.h b/sys/vm/vm_page.h index f609a21..7f996ea 100644 --- a/sys/vm/vm_page.h +++ b/sys/vm/vm_page.h @@ -111,12 +111,12 @@ struct vm_page { vm_paddr_t phys_addr; /* physical address of page */ struct md_page md; /* machine dependant stuff */ uint8_t queue; /* page queue index */ - int8_t segind; + int8_t segind; u_short flags; /* see below */ uint8_t order; /* index of the buddy queue */ uint8_t pool; - u_short wire_count; /* wired down maps refs (P) */ - u_int cow; /* page cow mapping count */ + u_short cow; /* page cow mapping count */ + u_int wire_count; /* wired down maps refs (P) */ short hold_count; /* page hold count */ u_short oflags; /* page flags (O) */ u_char act_count; /* page usage count */ @@ -336,7 +336,7 @@ void vm_page_zero_invalid(vm_page_t m, boolean_t setvalid); void vm_page_free_toq(vm_page_t m); void vm_page_zero_idle_wakeup(void); void vm_page_cowfault (vm_page_t); -void vm_page_cowsetup (vm_page_t); +int vm_page_cowsetup(vm_page_t); void vm_page_cowclear (vm_page_t); /* |
