New mirror

Matthew Dillon dillon at apollo.backplane.com
Fri Nov 19 18:57:53 PST 2004 

:> I believe this was due to sendfile.  I disabled it in apache, and things
:> seem to be pretty snappy.  I'd appreciate hearing about more reports if
:> this isn't the case.
:> 
:> Peter
:
:Actually, now that I think about it, this was probably related to the SACK
:bug, since you mentioned that it could corrupt data even though it was
:disabled.  I'm doing some testing right now to verify this.
:
:Peter

    There's something else going on with sendfile().  Jedi's Apache2 panics
    are due to sendfile() too but the bug I found is right smack in the 
    middle of sendfile() and should crash it instantly.

    Ah, wait... I'll bet you didn't have INVARIANTS set in your kernel.
    If INVARIANTS is not set then the sendfile() bug could lead to VM page
    starvation rather then an instant crash.

    In anycase, I am having Jedi test a bug fix (included below), but I
    recommend that you leave sendfile turned off since you are running a
    production server.  If Jedi confirms that the bug is fixed then I'll
    ask you to update and then try turning sendfile back on to see if that
    solves the problem.  But don't do it yet.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

Index: uipc_syscalls.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.44
diff -u -r1.44 uipc_syscalls.c
--- uipc_syscalls.c	12 Nov 2004 00:09:24 -0000	1.44
+++ uipc_syscalls.c	20 Nov 2004 02:49:05 -0000
@@ -1303,7 +1303,7 @@
 		crit_enter();
 		vm_page_unwire(m, 0);
 		if (m->wire_count == 0 && m->object == NULL)
-			vm_page_free(m);
+			vm_page_try_to_free(m);
 		crit_exit();
 		free(sfm, M_SENDFILE);
 	}
@@ -1572,17 +1572,10 @@
 			vm_page_flag_clear(pg, PG_ZERO);
 			vm_page_io_finish(pg);
 			if (error) {
+				crit_enter();
 				vm_page_unwire(pg, 0);
-				/*
-				 * See if anyone else might know about this page.
-				 * If not and it is not valid, then free it.
-				 */
-				if (pg->wire_count == 0 && pg->valid == 0 &&
-				    pg->busy == 0 && !(pg->flags & PG_BUSY) &&
-				    pg->hold_count == 0) {
-					vm_page_busy(pg);
-					vm_page_free(pg);
-				}
+				vm_page_try_to_free(pg);
+				crit_exit();
 				sbunlock(&so->so_snd);
 				goto done;
 			}
@@ -1596,8 +1589,7 @@
 		if ((sf = sf_buf_alloc(pg, SFBA_PCATCH)) == NULL) {
 			crit_enter();
 			vm_page_unwire(pg, 0);
-			if (pg->wire_count == 0 && pg->object == NULL)
-				vm_page_free(pg);
+			vm_page_try_to_free(pg);
 			crit_exit();
 			sbunlock(&so->so_snd);
 			error = EINTR;

More information about the Submit mailing list