Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jun 2002 13:15:03 +1000
From:      Peter Jeremy <peter.jeremy@alcatel.com.au>
To:        freebsd-current@freebsd.org
Subject:   proc-args (M_PARGS) leakage
Message-ID:  <20020617131502.O680@gsmx07.alcatel.com.au>
next in thread | raw e-mail | index | archive | help 
This is -CURRENT from 7th May so it's possible the bug has been
fixed, though there's nothing obvious in either the CVS commit
logs or by diffing the relevant files.

Having noticed that my system is paging far more than I would have
expected, I went looking and found that the 'proc-args' pool was
far larger than I expected.  And is growing over time:

gsmx07# vmstat -m|grep proc-args
    proc-args701802 70634K  70634K  1589264  16,32,64,128,256
[about 10 minutes delay]
gsmx07# vmstat -m|grep proc-args;vmstat -m|grep proc-args 
    proc-args702048 70652K  70652K  1589557  16,32,64,128,256
    proc-args702047 70652K  70652K  1589558  16,32,64,128,256
gsmx07# 

Unfortunately, M_PARGS is not the easiest pool to track allocations
and de-allocations.  Having gone through the references to pargs_*()
and p_args, I can't see any obvious cause of this.

Whilst I'm fairly certain it's not my problem, sysctl_kern_proc_args()
(1.136) looks dubious:
...
        PROC_LOCK(p);
        pa = p->p_args;
        pargs_hold(pa);
        PROC_UNLOCK(p);
        if (req->oldptr && pa != NULL) {
                error = SYSCTL_OUT(req, pa->ar_args, pa->ar_length);
        }
        if (req->newptr == NULL) {
                pargs_drop(pa);
                return (error);
        }
To this point, it all looks correct: An additional reference has been
added to p_args to allow the SYSCTL_OUT() to copy the arguments without
them being freed.  The relevant pargs entry will have a ref count of at
least 2 (the original reference from 'p' and a new reference via
pargs_hold()).

        PROC_LOCK(p);
        pa = p->p_args;
        p->p_args = NULL;
        PROC_UNLOCK(p);
        pargs_drop(pa);

(And later code shows pa dead at this point).  I don't follow this.
pargs_drop(pa) deletes a single reference count - which matches the
line "p->p_args = NULL;" - but I don't see anything to match the
pargs_hold(pa) above.

Additionally, whilst I'm certain it's not my problem,
fill_kinfo_proc() copys a reference to pargs, but doesn't increment
the reference counter (using pargs_hold()).

Has anyone else bumped into this?

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020617131502.O680>