NetBSD Problem Report #48048

From arm7tdmi@ric.hi-ho.ne.jp  Fri Jul 12 06:15:57 2013
Return-Path: <arm7tdmi@ric.hi-ho.ne.jp>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0ABDE71A07
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 12 Jul 2013 06:15:57 +0000 (UTC)
Message-Id: <20130712051325.8818B3179C27@moveq.nerv.org>
Date: Fri, 12 Jul 2013 14:13:25 +0900 (JST)
From: ryo@nerv.org
Reply-To: ryo@nerv.org
To: gnats-bugs@NetBSD.org
Subject: lack of unlock in procfs_map
X-Send-Pr-Version: 3.95

>Number:         48048
>Category:       kern
>Synopsis:       lack of unlock in procfs_map
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Jul 12 06:20:00 +0000 2013
>Closed-Date:    Fri Aug 02 13:56:10 +0000 2013
>Last-Modified:  Fri Aug 02 13:56:10 +0000 2013
>Originator:     Ryo Shimizu
>Release:        current
>Organization:
>Environment:
NetBSD netbsd 6.99.23 NetBSD 6.99.23 (XEN3_DOMU) #2: Thu Jul 11 20:20:35 JST 2013  ryo@itaru:/disk/src/cvs/NetBSD/sys/arch/amd64/compile/XEN3_DOMU amd64
>Description:
in procfs_domap(), lack of vm_map_unlock_read() and uvmspace_free() in case of ENOMEM.

>How-To-Repeat:
pts/0# cat mmaptest.c
#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>
#include <machine/vmparam.h>

int
main(int argc, char *argv[])
{
	void *p;
	int i;

	/* this creates large /proc/$$/maps */
	for (i = 0; i < 10000; i++) {
		p = mmap(NULL, PAGE_SIZE * 2, PROT_READ, MAP_ANON, -1, 0);
		munmap((char *)p + PAGE_SIZE, PAGE_SIZE);
	}

	printf("pid=%d\n", getpid());
	fflush(stdout);

	pause();

	return 0;
}
pts/0# cc -Wall mmaptest.c
pts/0# ./a.out
pid=4222


pts/1# cat /proc/4222/maps
cat: maps: Cannot allocate memory
pts/1# ps aux
USER     PID %CPU %MEM   VSZ  RSS TTY     STAT STARTED     TIME COMMAND
root       0  0.0  0.9     0 4948 ?       OKl   6:57PM 25:23.28 [system]
root       1  0.0  0.3 12876 1364 ?       Is    6:57PM  0:01.65 init 
root     142  0.0  0.4 23836 1932 ?       Is    6:57PM  0:00.01 /usr/sbin/syslogd 
root     153  0.0  0.2 12888 1268 ?       Ss    6:58PM  0:00.00 /usr/sbin/rpcbind -l 
root     198  0.0  0.3 34404 1508 ?       Isl   6:58PM  0:00.00 /usr/sbin/nfsd -6tun 4 
root     216  0.0  0.3 12932 1448 ?       Ss    6:58PM  0:00.00 /usr/sbin/rpc.statd 
root     221  0.0  0.3 12956 1372 ?       Ss    6:58PM  0:00.00 /usr/sbin/rpc.lockd 
root     319  0.0  0.2 12892 1036 ?       Is    6:58PM  0:00.00 /usr/sbin/powerd 
root     338  0.0  0.6 57308 2956 ?       Is    6:58PM  0:00.00 /usr/sbin/sshd 
ryo      435  0.0  0.8 76384 3952 ?       S     6:59PM  0:00.05 sshd: ryo@pts/0 (sshd)
root     527  0.0  1.1 76384 5700 ?       Is    6:59PM  0:00.02 sshd: ryo [priv] 
root     565  0.0  0.3 10840 1316 ?       Ss    6:58PM  0:00.00 /usr/sbin/cron 
root     580  0.0  0.2 14992 1116 ?       Is    6:58PM  0:00.00 /usr/sbin/inetd -l 
root     581  0.0  0.8 49092 4048 ?       Ss    6:58PM  0:00.01 /usr/libexec/postfix/master 
postfix  596  0.0  0.8 49212 4024 ?       I     6:58PM  0:00.01 qmgr -l -t unix -u 
postfix  611  0.0  0.8 49152 3968 ?       S     6:58PM  0:00.01 pickup -l -t fifo -u 
root     794  0.0  1.1 76384 5756 ?       Is    7:03PM  0:00.02 sshd: ryo [priv] 
ryo      855  0.0  0.8 76384 3952 ?       S     7:03PM  0:00.06 sshd: ryo@pts/1 (sshd)
ryo      615  0.0  0.3  1664 1384 ttyp0   Ss    6:59PM  0:00.03 -tcsh 
^C^C^C^C^C^C
load: 0.01  cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
load: 0.01  cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
load: 0.01  cmd: ps 3739 [tstile] 0.00u 0.00s 0% 1704k
^C^C^Z^Z^Z

and cannot kill -9 4222 too.

>Fix:
Index: sys/miscfs/procfs/procfs_map.c
===================================================================
RCS file: /cvsroot/src/sys/miscfs/procfs/procfs_map.c,v
retrieving revision 1.42
diff -a -u -r1.42 procfs_map.c
--- procfs_map.c	6 May 2012 03:13:11 -0000	1.42
+++ procfs_map.c	11 Jul 2013 11:23:24 -0000
@@ -208,6 +208,8 @@
 			bufsize <<= 1;
 			if (bufsize > MAXBUFFERSIZE) {
 				error = ENOMEM;
+				vm_map_unlock_read(map);
+				uvmspace_free(vm);
 				goto out;
 			}
 			free(buffer, M_TEMP);

>Release-Note:

>Audit-Trail:
From: "Ryo Shimizu" <ryo@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/48048 CVS commit: src/sys/miscfs/procfs
Date: Thu, 18 Jul 2013 07:59:45 +0000

 Module Name:	src
 Committed By:	ryo
 Date:		Thu Jul 18 07:59:44 UTC 2013

 Modified Files:
 	src/sys/miscfs/procfs: procfs_map.c

 Log Message:
 PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM error case in procfs_domap()d


 To generate a diff of this commit:
 cvs rdiff -u -r1.42 -r1.43 src/sys/miscfs/procfs/procfs_map.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: ryo@NetBSD.org
State-Changed-When: Thu, 18 Jul 2013 08:02:10 +0000
State-Changed-Why:
fixed in current


State-Changed-From-To: closed->pending-pullups
State-Changed-By: ryo@NetBSD.org
State-Changed-When: Thu, 18 Jul 2013 11:50:59 +0000
State-Changed-Why:
pullup-6 #971


From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/48048 CVS commit: [netbsd-6] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:17:55 +0000

 Module Name:	src
 Committed By:	msaitoh
 Date:		Mon Jul 29 08:17:55 UTC 2013

 Modified Files:
 	src/sys/miscfs/procfs [netbsd-6]: procfs_map.c

 Log Message:
 Pull up following revision(s) (requested by ryo in ticket #917):
 	sys/miscfs/procfs/procfs_map.c: revision 1.43
 PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM error case in procfs_domap()d


 To generate a diff of this commit:
 cvs rdiff -u -r1.41 -r1.41.8.1 src/sys/miscfs/procfs/procfs_map.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/48048 CVS commit: [netbsd-6-1] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:23:16 +0000

 Module Name:	src
 Committed By:	msaitoh
 Date:		Mon Jul 29 08:23:16 UTC 2013

 Modified Files:
 	src/sys/miscfs/procfs [netbsd-6-1]: procfs_map.c

 Log Message:
 Pull up following revision(s) (requested by ryo in ticket #917):
 	sys/miscfs/procfs/procfs_map.c: revision 1.43
 PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM
 error case in procfs_domap()d


 To generate a diff of this commit:
 cvs rdiff -u -r1.41 -r1.41.14.1 src/sys/miscfs/procfs/procfs_map.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "SAITOH Masanobu" <msaitoh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/48048 CVS commit: [netbsd-6-0] src/sys/miscfs/procfs
Date: Mon, 29 Jul 2013 08:24:10 +0000

 Module Name:	src
 Committed By:	msaitoh
 Date:		Mon Jul 29 08:24:09 UTC 2013

 Modified Files:
 	src/sys/miscfs/procfs [netbsd-6-0]: procfs_map.c

 Log Message:
 Pull up following revision(s) (requested by ryo in ticket #917):
 	sys/miscfs/procfs/procfs_map.c: revision 1.43
 PR/48048: Add a missing vm_map_unlock_read() and uvmspace_free() to the ENOMEM
 error case in procfs_domap()d


 To generate a diff of this commit:
 cvs rdiff -u -r1.41 -r1.41.12.1 src/sys/miscfs/procfs/procfs_map.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Fri, 02 Aug 2013 13:56:10 +0000
State-Changed-Why:
Pullups done.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.