From: ebiederm@xmission.com (Eric W. Biederman)
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Oleg Nesterov <oleg@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org,
Sukadev Bhattiprolu <sukadev@us.ibm.com>,
"Serge E. Hallyn" <serue@us.ibm.com>
Subject: Re: Possible memory leak via alloc_pid()
Date: Mon, 10 Aug 2009 12:21:44 -0700 [thread overview]
Message-ID: <m1bpmncw53.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <1249923358.10848.75.camel@pc1117.cambridge.arm.com> (Catalin Marinas's message of "Mon\, 10 Aug 2009 17\:55\:58 +0100")
Catalin Marinas <catalin.marinas@arm.com> writes:
> On Sun, 2009-08-02 at 18:44 -0700, Eric W. Biederman wrote:
>> Hmm. I'm starting to wonder if kmemleak is right. I don't know how
>> it works but something about the way pids are used might be confusing it.
>
> It could as well be a false positive but I can't find its source.
>
> Basically, the pid structure for the dead Xorg is still allocated
> minutes after Xorg died with a pid->count of 2. Kmemleak scans the data
> and bss sections, task stacks and most of the allocated objects (which
> are not reported as leaks) but cannot find a pointer to this pid
> structure (or anywhere inside it like pid->number.pid_chain).
>
> The supposedly leaked pid structure also have pid_chain.pprev ==
> LIST_POISON2 which means that it was already removed from the pid_hash
> (this block of memory is scanned by kmemleak anyway).
>
> The free_pid() function was also called on this object according to the
> pid->rcu values but put_pid() couldn't free it because of pid->count.
>
> If this structure in not on pid_hash, is there any other place where its
> pointer may be stored for a long time? Otherwise it looks like a real
> leak (though not a big one).
It depends on how it is used. Pids not on the pid_hash are perfectly
fine. We use these kinds of long standing pid references to prevent
any chance that pid rollover would be a problem. There are corner
cases in the SIGIO path and a few other places where we have
these kind of long standing pid references.
Perhaps it comes from the tty switching code?
> I'll do more tests in the next few days as suggested by Oleg.
Thanks, and thanks for spotting into and looking into this.
Eric
next prev parent reply other threads:[~2009-08-10 19:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-08 21:33 Possible memory leak via alloc_pid() Catalin Marinas
2009-07-30 0:03 ` Andrew Morton
2009-07-30 0:36 ` Serge E. Hallyn
2009-07-30 9:16 ` Catalin Marinas
2009-07-30 21:29 ` Oleg Nesterov
2009-07-31 10:16 ` Catalin Marinas
2009-08-02 21:35 ` Oleg Nesterov
2009-08-03 1:44 ` Eric W. Biederman
2009-08-10 16:55 ` Catalin Marinas
2009-08-10 19:21 ` Eric W. Biederman [this message]
2009-09-11 11:35 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1bpmncw53.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=catalin.marinas@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=serue@us.ibm.com \
--cc=sukadev@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.