Unix Domain Datagram Bug.
Stephen Hemminger
steveh at hammer.UUCP
Thu Nov 22 03:40:16 AEST 1984
Description:
If a two programs communicate via Unix domain datagrams, and the
receiver can't keep up with the sender, then mbuf's are not
freed which will eventually bring system to its knees.
Repeat-By:
Make a program which sends datagrams to another program.
Have receiver sleep between recvs.
Fix:
Their is a misunderstanding in uipc_usrreq.c:
sbappendaddr() returns
0 if an error (no space, no mbufs etc).
1 data sent.
The source mbuf chain is freed by sbappendaddr when it returns 1,
BUT they are not freed if it returns 0!
Change to uipc_usrreq.c fixes the problem.
Editted diffs of uipc_usrreq.c (line #'s are different from
distribution sorry).
***************
*** 168,183
if (error)
break;
}
! /*
! * Put data address and rights on receiver's queue.
! * There's no record of source socket's
! * name, so send null name for the moment.
! *
! * If no space (returns 0), then m will be
! * freed later.
! */
! if (sbappendaddr(&so2->so_rcv, &sun_noname,
! m, rights) != 0) {
sbwakeup(&so2->so_rcv);
m = 0;
}
--- 164,176 -----
if (error)
break;
}
! if (sbspace(&so2->so_rcv) > 0) {
! /*
! * There's no record of source socket's
! * name, so send null name for the moment.
! */
! (void) sbappendaddr(&so2->so_rcv,
! &sun_noname, m, rights);
sbwakeup(&so2->so_rcv);
m = 0;
}
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list