From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756323AbZJFITd (ORCPT ); Tue, 6 Oct 2009 04:19:33 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1755696AbZJFITc (ORCPT ); Tue, 6 Oct 2009 04:19:32 -0400 Received: from mtagate5.de.ibm.com ([195.212.17.165]:59217 "EHLO mtagate5.de.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756246AbZJFITa (ORCPT ); Tue, 6 Oct 2009 04:19:30 -0400 Message-ID: <4ACAFD6A.3060008@fr.ibm.com> Date: Tue, 06 Oct 2009 10:18:50 +0200 From: Daniel Lezcano User-Agent: Thunderbird 2.0.0.21 (X11/20090320) MIME-Version: 1.0 To: Sukadev Bhattiprolu CC: Pavel Emelianov , Sukadev Bhattiprolu , Linux Containers , Linux Kernel Mailing List Subject: Re: pidns memory leak References: <4AC5F198.2070407@fr.ibm.com> <20091006040526.GA22923@us.ibm.com> In-Reply-To: <20091006040526.GA22923@us.ibm.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sukadev Bhattiprolu wrote: > Daniel Lezcano [dlezcano@fr.ibm.com] wrote: >> Hi, >> >> I am facing a problem with the pid namespace when I launch the following >> lxc commands: >> >> lxc-execute -n foo sleep 3600 & >> ls -al /proc/$(pidof lxc-init)/exe && lxc-stop -n foo >> >> All the processes related to the container are killed, but there is >> still a refcount on the pid_namespace which is never released. > > Thanks for the bug report. > > Did you notice any leak in 'struct pids' also or just the pid_namespace ? > If the pids are not leaking, this may be slightly different from the problem > Catalin Marinas ran into: > > http://lkml.org/lkml/2009/7/29/406 I am not sure what you mean by 'struct pids' but what I observed is: pid_2 and pid_namespace (as they are named in /proc/slabinfo) are never decremented. > And the pid_namespace does not seem to reproduce for me, with out the > 'ls -al /proc/...' above, or with the simpler 'ns_exec' approach to > creating pid namespace. I tried to write a simpler program but I failed to reproduce it. > I am going through the code for lxc-execute, but does it remount /proc > in the container ? Right, the parent does a clone(NEWMNT|NEWPID|NEWIPC|NEWUTS), wait for the child while this one (pid 1) 'execs' the lxc-init process. This program mounts /proc and fork-exec the command passed as parameter (here 'sleep 3600'). Without this intermediate process, the leak *seems* not happening. If you don't access /proc//, the leak is not happening. So to summarize: Leak when: ---------- lxc-execute -n foo sleep 3600 & ls -al /proc/$(pidof sleep)/exe && lxc-stop -n foo The stop can be done, immediately after looking at the proc file or later, the leak happens in all the cases. No leak when: ------------- lxc-execute -n foo sleep 3600 & lxc-stop -n foo I tried to create a simpler program doing the same but that did not triggered the problem. -- Daniel