Project

General

Profile

Actions

Bug #14932

open

pvscsi leaks memory during pvscsi_cmd_fini

Added by Max Bruning 4 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

After a day and a half (more or less), a vm running a version of illumos became unusable due to a memory leak in the kernel.

Here is output from ::findleaks

CACHE LEAKED BUFCTL CALLER
...
fffffe170a83c2c8 97868 fffffe173201da20 rootnex_coredma_allochdl+0x3f
fffffe170a83c2c8 5 fffffe17e0561960 rootnex_coredma_allochdl+0x3f
------------------------------------------------------------------------
Total 523671 buffers, 277779392 bytes
...
rootnex_dmahdl leak: 97868 buffers, 2600 bytes each, 254456800 bytes total
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
fffffe173201da20 fffffe17401275c0 75e43a343 fffffe172c6d5060
fffffe170a83c2c8 fffffe16e535d640 0
kmem_slab_alloc_impl+0x324
kmem_slab_alloc+0x69
kmem_cache_alloc+0x193
rootnex_coredma_allochdl+0x3f
rootnex_dma_allochdl+0xd5
ddi_dma_allochdl+0x62
pcieb_dma_allochdl+0x3e
ddi_dma_allochdl+0x62
ddi_dma_alloc_handle+0x7c
pvscsi_cmd_init+0x154
pvscsi_pkt_ctor+0x35
scsi_hba_pkt_constructor+0xea
kmem_cache_alloc_debug+0x236
kmem_cache_alloc+0x135
scsi_init_cache_pkt+0x171
...

Dtrace shows:
pvscsi_cmd_fini 191
pvscsi_cmd_init 191
ddi_dma_free_handle 191
ddi_dma_alloc_handle 382

For each call to pvscsi_cmd_init, ddi_dma_alloc_handle is called twice, while ddi_dma_free_handle is called only once for each pvscsi_cmd_fini call.

This is the relevant code in pvscsi_cmd_fini:

 static void
1474 pvscsi_cmd_fini(pvscsi_cmd_t *cmd)
1475 {
1476 if (cmd->arq_pa != 0) {
1477 (void) ddi_dma_unbind_handle(cmd->arq_dmah);
1478 cmd->arq_dmah = NULL;
1479 }
1480 if (cmd->arq_dmah != NULL) {
1481 ddi_dma_free_handle(&cmd->arq_dmah);
1482 cmd->arq_dmah = NULL;
1483 }
1484 if (cmd->sgl_pa != 0) {
1485 (void) ddi_dma_unbind_handle(cmd->sgl_dmah);
1486 cmd->sgl_pa = 0;
1487 }
1488 if (cmd->sgl_acch != NULL) {
1489 ddi_dma_mem_free(&cmd->sgl_acch);
1490 cmd->sgl_acch = NULL;
1491 cmd->sgl = NULL;
1492 }
1493 if (cmd->sgl_dmah != NULL) {
1494 ddi_dma_free_handle(&cmd->sgl_dmah);
1495 cmd->sgl_dmah = NULL;
1496 }
1497 if (cmd->ctx != 0) {
1498 id32_free(cmd->ctx);
1499 cmd->ctx = 0;
1500 }
1501 }

Line number 1478 should be removed or replaced with
cmd->arq_pa = NULL;

No data to display

Actions

Also available in: Atom PDF