NetBSD Problem Report #48048
From arm7tdmi@ric.hi-ho.ne.jp Fri Jul 12 06:15:57 2013
Return-Path: <arm7tdmi@ric.hi-ho.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 0ABDE71A07
for <gnats-bugs@gnats.NetBSD.org>; Fri, 12 Jul 2013 06:15:57 +0000 (UTC)
Message-Id: <20130712051325.8818B3179C27@moveq.nerv.org>
Date: Fri, 12 Jul 2013 14:13:25 +0900 (JST)
From: ryo@nerv.org
Reply-To: ryo@nerv.org
To: gnats-bugs@NetBSD.org
Subject: lack of unlock in procfs_map
X-Send-Pr-Version: 3.95
>Number: 48048
>Category: kern
>Synopsis: lack of unlock in procfs_map
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jul 12 06:20:00 +0000 2013
>Closed-Date: Fri Aug 02 13:56:10 +0000 2013
>Last-Modified: Fri Aug 02 13:56:10 +0000 2013
>Originator: Ryo Shimizu
>Release: current
>Organization:
>Environment:
NetBSD netbsd 6.99.23 NetBSD 6.99.23 (XEN3_DOMU) #2: Thu Jul 11 20:20:35 JST 2013 ryo@itaru:/disk/src/cvs/NetBSD/sys/arch/amd64/compile/XEN3_DOMU amd64
>Description:
in procfs_domap(), lack of vm_map_unlock_read() and uvmspace_free() in case of ENOMEM.
>How-To-Repeat:
pts/0# cat mmaptest.c
#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>
#include <machine/vmparam.h>
int
main(int argc, char *argv[])
{
void *p;
int i;
/* this creates large /proc/$$/maps */
for (i = 0; i < 10000; i++) {
p = mmap(NULL, PAGE_SIZE * 2, PROT_READ, MAP_ANON, -1, 0);
munmap((char *)p + PAGE_SIZE, PAGE_SIZE);
}
printf("pid=%d\n", getpid());
fflush(stdout);
pause();
return 0;
}
pts/0# cc -Wall mmaptest.c
pts/0# ./a.out
pid=4222
pts/1# cat /proc/4222/maps
cat: maps: Cannot allocate memory
pts/1# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT STARTED TIME COMMAND
root 0 0.0 0.9 0 4948 ? OKl 6:57PM 25:23.28 [system]
root 1 0.0 0.3 12876 1364 ? Is 6:57PM 0:01.65 init
root 142 0.0 0.4 23836 1932 ? Is 6:57PM 0:00.01 /usr/sbin/syslogd
root 153 0.0 0.2 12888 1268 ? Ss 6:58PM 0:00.00 /usr/sbin/rpcbind -l
root 198 0.0 0.3 34404 1508 ? Isl 6:58PM 0:00.00 /usr/sbin/nfsd -6tun 4
root 216 0.0 0.3 12932 1448 ? Ss 6:58PM 0:00.00 /usr/sbin/rpc.statd
root 221 0.0 0.3 12956 1372 ? Ss 6:58PM 0:00.00 /usr/sbin/rpc.lockd
root 319 0.0 0.2 12892 1036 ? Is 6:58PM 0:00.00 /usr/sbin/powerd
root 338 0.0 0.6 57308 2956 ? Is 6:58PM 0:00.00 /usr/sbin/sshd
ryo 435 0.0 0.8 76384 3952 ? S 6:59PM 0:00.05 sshd: ryo@pts/0 (sshd)
root 527 0.0 1.1 76384 5700 ? Is 6:59PM 0:00.02 sshd: ryo [priv]
root 565 0.0 0.3 10840 1316 ? Ss 6:58PM 0:00.00 /usr/sbin/cron
root 580 0.0 0.2 14992 1116 ? Is 6:58PM 0:00.00 /usr/sbin/inetd -l
root 581 0.0 0.8 49092 4048 ? Ss 6:58PM 0:00.01 /usr/libexec/postfix/master
postfix 596 0.0 0.8 49212 4024 ? I 6:58PM 0:00.01 qmgr -l -t unix -u
postfix 611 0.0 0.8 49152 3968 ? S 6:58PM 0:00.01 pickup -l -t fifo -u
root 794 0.0 1.1 76384 5756 ? Is 7:03PM 0:00.02 sshd: ryo [priv]
ryo 855 0.0 0.8 76384 3952 ? S 7:03PM 0:00.06 sshd: ryo@pts/1 (sshd)
ryo 615 0.0 0.3 1664 1384 ttyp0 Ss 6:59PM 0:00.03 -tcsh
^C^C^C^C^C^C
load: 0.01 cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
load: 0.01 cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
load: 0.01 cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
^C^C^Z^Z^Z
and cannot kill -9 4222 too.
>Fix:
Index: sys/miscfs/procfs/procfs_map.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/procfs/procfs_map.c,v
retrieving revision 1.42
diff -a -u -r1.42 procfs_map.c
--- procfs_map.c 6 May 2012 03:13:11 -0000 1.42
+++ procfs_map.c 11 Jul 2013 11:23:24 -0000
@@ -208,6 +208,8 @@
bufsize <<= 1;
if (bufsize > MAXBUFFERSIZE) {
error = ENOMEM;
+ vm_map_unlock_read(map);
+ uvmspace_free(vm);
goto out;
}
free(buffer, M_TEMP);
>Release-Note:
>Audit-Trail:
From: "Ryo Shimizu" <ryo@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48048 CVS commit: src/sys/miscfs/procfs
Date: Thu, 18 Jul 2013 07:59:45 +0000
Module Name: src
Committed By: ryo
Date: Thu Jul 18 07:59:44 UTC 2013
Modified Files:
src/sys/miscfs/procfs: procfs_map.c
Log Message:
PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM error case in procfs_domap()d
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/sys/miscfs/procfs/procfs_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: ryo@NetBSD.org
State-Changed-When: Thu, 18 Jul 2013 08:02:10 +0000
State-Changed-Why:
fixed in current
State-Changed-From-To: closed->pending-pullups
State-Changed-By: ryo@NetBSD.org
State-Changed-When: Thu, 18 Jul 2013 11:50:59 +0000
State-Changed-Why:
pullup-6 #971
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48048 CVS commit: [netbsd-6] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:17:55 +0000
Module Name: src
Committed By: msaitoh
Date: Mon Jul 29 08:17:55 UTC 2013
Modified Files:
src/sys/miscfs/procfs [netbsd-6]: procfs_map.c
Log Message:
Pull up following revision(s) (requested by ryo in ticket #917):
sys/miscfs/procfs/procfs_map.c: revision 1.43
PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM error case in procfs_domap()d
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.41.8.1 src/sys/miscfs/procfs/procfs_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48048 CVS commit: [netbsd-6-1] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:23:16 +0000
Module Name: src
Committed By: msaitoh
Date: Mon Jul 29 08:23:16 UTC 2013
Modified Files:
src/sys/miscfs/procfs [netbsd-6-1]: procfs_map.c
Log Message:
Pull up following revision(s) (requested by ryo in ticket #917):
sys/miscfs/procfs/procfs_map.c: revision 1.43
PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM
error case in procfs_domap()d
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.41.14.1 src/sys/miscfs/procfs/procfs_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48048 CVS commit: [netbsd-6-0] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:24:10 +0000
Module Name: src
Committed By: msaitoh
Date: Mon Jul 29 08:24:09 UTC 2013
Modified Files:
src/sys/miscfs/procfs [netbsd-6-0]: procfs_map.c
Log Message:
Pull up following revision(s) (requested by ryo in ticket #917):
sys/miscfs/procfs/procfs_map.c: revision 1.43
PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM
error case in procfs_domap()d
To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.41.12.1 src/sys/miscfs/procfs/procfs_map.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 02 Aug 2013 13:56:10 +0000
State-Changed-Why:
Pullups done.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.