From owner-freebsd-bugs Fri Jan 14 4:10: 5 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 32D7D151F1 for ; Fri, 14 Jan 2000 04:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id EAA08777; Fri, 14 Jan 2000 04:10:01 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from verden.pvv.ntnu.no (verden.pvv.ntnu.no [129.241.210.224]) by hub.freebsd.org (Postfix) with SMTP id 0EC7314EB0 for ; Fri, 14 Jan 2000 04:01:54 -0800 (PST) (envelope-from he@pvv.ntnu.no) Received: (qmail 60815 invoked by uid 13841); 14 Jan 2000 12:01:52 -0000 Message-Id: <20000114120152.60814.qmail@verden.pvv.ntnu.no> Date: 14 Jan 2000 12:01:52 -0000 From: he@runit.no (Havard Eidnes) Reply-To: he@runit.no To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/16122: Incorrect SysV SHM segment accounting by async I/O helper procs Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 16122 >Category: kern >Synopsis: Incorrect SysV SHM segment accounting by async I/O helper procs >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 14 04:10:00 PST 2000 >Closed-Date: >Last-Modified: >Originator: Havard Eidnes >Release: FreeBSD 3.3-RELEASE i386 >Organization: RUNIT AS >Environment: "Standard" i386 machine running 3.3-RELEASE. >Description: Only the first async I/O helper process releases the SystemV shared memory segments inherited from the parent process. All async I/O helper processes end up calling shmfork() (implicitly via rfork()), but exit without doing shmexit(), causing shared memory segment reference counts not to be updated correctly. This causes shared memory segments to get an ever increasing reference count, preventing their removal from the system even though the processes which caused the reference count to be increased are no longer present. >How-To-Repeat: Use SystemV shared memory segments and asynchronous I/O in the same process. Note in "ipcs -mobp" output that the reference count of the segments increase over time as this process is run several times. (Sorry, no code here to reproduce the problem.) >Fix: Not only the first async I/O helper process should get rid of its SystemV shared memory segments inherited from the parent process. Perusal of cvsweb seems to indicate that this problem is also present in the FreeBSD 3.4 release. --- /sys/kern/vfs_aio.c.dist Sun Aug 29 18:26:12 1999 +++ /sys/kern/vfs_aio.c Thu Jan 13 14:24:10 2000 @@ -618,44 +618,49 @@ * We manage to create only one VM space for all AIOD processes. * The VM space for the first AIOD created becomes the shared VM * space for all of them. We add an additional reference count, * even for the first AIOD, so the address space does not go away, * and we continue to use that original VM space even if the first * AIOD exits. */ if ((aiovm = aiovmspace) == NULL) { aiovmspace = myvm; myvm->vm_refcnt++; /* * Remove userland cruft from address space. */ if (myvm->vm_shm) shmexit(mycp); pmap_remove_pages(&myvm->vm_pmap, 0, USRSTACK); vm_map_remove(&myvm->vm_map, 0, USRSTACK); myvm->vm_tsize = 0; myvm->vm_dsize = 0; myvm->vm_ssize = 0; } else { aiovm->vm_refcnt++; + /* + * Remove userland cruft from address space. + */ + if (myvm->vm_shm) + shmexit(mycp); mycp->p_vmspace = aiovm; pmap_activate(mycp); vmspace_free(myvm); myvm = aiovm; } if (mycp->p_textvp) { vrele(mycp->p_textvp); mycp->p_textvp = NULL; } /* * Allocate and ready the aio control info. There is one * aiop structure per daemon. */ aiop = zalloc(aiop_zone); aiop->aioproc = mycp; aiop->aioprocflags |= AIOP_FREE; TAILQ_INIT(&aiop->jobtorun); /* * Place thread (lightweight process) onto the AIO free thread list >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message