From owner-freebsd-current@FreeBSD.ORG  Mon Jun 19 14:04:39 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C213116A474;
	Mon, 19 Jun 2006 14:04:39 +0000 (UTC) (envelope-from will@exomi.com)
Received: from will.iki.fi (will.iki.fi [217.169.64.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3CA0643D53;
	Mon, 19 Jun 2006 14:04:38 +0000 (GMT) (envelope-from will@exomi.com)
Received: from [10.0.20.129] (fa-3-0-0.fw.exomi.com [217.169.64.99])
	by will.iki.fi (Postfix) with ESMTP id 998BC9D;
	Mon, 19 Jun 2006 17:04:37 +0300 (EEST)
In-Reply-To: <449048C7.6090109@FreeBSD.org>
References: <448FC3AF.9060606@bulinfo.net> <200606141023.51185.jhb@freebsd.org>
	<449048C7.6090109@FreeBSD.org>
Mime-Version: 1.0 (Apple Message framework v750)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <0D175ABD-B494-48BD-9DBD-349DE3712913@exomi.com>
Content-Transfer-Encoding: 7bit
From: Ville-Pertti Keinonen <will@exomi.com>
Date: Mon, 19 Jun 2006 17:04:35 +0300
To: Jason Evans <jasone@FreeBSD.org>
X-Mailer: Apple Mail (2.750)
X-Mailman-Approved-At: Mon, 19 Jun 2006 14:17:44 +0000
Cc: freebsd-current@freebsd.org, Krassimir Slavchev <krassi@bulinfo.net>
Subject: Re: memory leak in free()
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Jun 2006 14:04:40 -0000


On Jun 14, 2006, at 8:35 PM, Jason Evans wrote:

> Incidentally, this isn't an issue on 64-bit systems, since only mmap 
> () is used to request memory from the kernel.

The test does seem to leak memory on 64-bit systems, though; not the  
actual allocated bits, but support structures, namely nodes that  
chunk_dealloc tries to insert into old_chunks but fails because a  
node holding that address is already there.

It should be possible to fix this either by removing any nodes within  
range from old_chunks when allocating "new" memory, or by checking  
the return value of RB_INSERT in chunk_dealloc, and deallocating the  
new node if it returns non-NULL.

A patch implementing the latter that seems to work:

--- malloc.c    10 May 2006 00:07:45 -0000      1.126
+++ malloc.c    19 Jun 2006 13:58:57 -0000
@@ -1370,7 +1370,8 @@
                 node->chunk = (void *)((uintptr_t)chunk + (uintptr_t) 
offset);
                 node->size = chunk_size;
-               RB_INSERT(chunk_tree_s, &old_chunks, node);
+               if (RB_INSERT(chunk_tree_s, &old_chunks, node) != NULL)
+                       base_chunk_node_dealloc(node);
         }
#ifdef USE_BRK