Project

General

Profile

Bug #6276

libidmap leaks due to a missed goto

Added by Robert Mustacchi about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jerry Jelinek
Category:
lib - userland libraries
Start date:
2015-09-30
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:

Description

I have a zone doing an nfs mount to a smartos nfs server. Over a short amount of time nfsmapid will begin to grow quickly and cause paging due to going over the cap. Using umem_debug we can see the following:

> ::umausers
134715296 bytes for 4209853 allocations with data size 32:
         libumem.so.1`umem_cache_alloc_debug+0x1fe
         libumem.so.1`umem_cache_alloc+0x18f
         libumem.so.1`umem_alloc+0x50
         libumem.so.1`umem_malloc+0x36
         libc.so.1`strdup+0x2e
         libidmap.so.1`idmap_strdupnull+0x3a
         libidmap.so.1`idmap_get_w2u_mapping+0xbb
         libidmap.so.1`idmap_getgidbywinname+0x84
         nfsmapid_str_gid+0xea
         nfsmapid_func+0x6a
67357648 bytes for 4209853 allocations with data size 16:
         libumem.so.1`umem_cache_alloc_debug+0x1fe
         libumem.so.1`umem_cache_alloc+0x18f
         libumem.so.1`umem_alloc+0x50
         libumem.so.1`umem_malloc+0x36
         libc.so.1`strdup+0x2e
         libidmap.so.1`idmap_strdupnull+0x3a
         libidmap.so.1`idmap_get_w2u_mapping+0x9f
         libidmap.so.1`idmap_getgidbywinname+0x84
         nfsmapid_str_gid+0xea
         nfsmapid_func+0x6a
1218560 bytes for 38080 allocations with data size 32:
         libumem.so.1`umem_cache_alloc_debug+0x1fe
         libumem.so.1`umem_cache_alloc+0x18f
         libumem.so.1`umem_alloc+0x50
         libumem.so.1`umem_malloc+0x36
         libc.so.1`strdup+0x2e
         libidmap.so.1`idmap_strdupnull+0x3a
         libidmap.so.1`idmap_get_w2u_mapping+0xbb
         libidmap.so.1`idmap_getuidbywinname+0x84
         nfsmapid_str_uid+0xea
         nfsmapid_func+0x4c
609280 bytes for 38080 allocations with data size 16:
         libumem.so.1`umem_cache_alloc_debug+0x1fe
         libumem.so.1`umem_cache_alloc+0x18f
         libumem.so.1`umem_alloc+0x50
         libumem.so.1`umem_malloc+0x36
         libc.so.1`strdup+0x2e
         libidmap.so.1`idmap_strdupnull+0x3a
         libidmap.so.1`idmap_get_w2u_mapping+0x9f
         libidmap.so.1`idmap_getuidbywinname+0x84
         nfsmapid_str_uid+0xea
         nfsmapid_func+0x4c
12288 bytes for 1 allocations with data size 12288:
         libumem.so.1`umem_cache_alloc_debug+0x1fe
         libumem.so.1`umem_cache_alloc+0x18f
         libumem.so.1`umem_alloc+0x50
         libumem.so.1`umem_malloc+0x36
         libc.so.1`ltzset_u+0xa2
         libc.so.1`localtime_r+0x35
         libc.so.1`ctime_r+0x2c
         libc.so.1`vsyslog+0x1e4
         libc.so.1`syslog+0x2b
         update_diag_file+0x9c
         cb_update_domain+0x18
         libmapid.so.1`domain_sync+0xce
         libmapid.so.1`mapid_reeval_domain+0x60
         check_domain+0x22
         daemon_init+0x3a

It looks like we miss a goto out on this line
https://github.com/illumos/illumos-gate/blob/8cee14c65a4afa9dabe23f414431ab808186b48e/usr/src/lib/libidmap/common/idmap_api.c#L1655-L1656

If the idmap_strdupnull above was a success we return without ever freeing the dup'd string.

History

#1

Updated by Robert Mustacchi about 4 years ago

  • Subject changed from nfsmapid leaks due to a missed goto to libidmap leaks due to a missed goto
#2

Updated by Electric Monk about 4 years ago

  • Status changed from New to Closed

git commit 29d55245572a5e53ba8b3d529926453d493fd1e3

commit  29d55245572a5e53ba8b3d529926453d493fd1e3
Author: Jerry Jelinek <jerry.jelinek@joyent.com>
Date:   2015-10-06T18:16:49.000Z

    6276 libidmap leaks due to a missed goto
    Reviewed by: Jason King <jason.brian.king@gmail.com>
    Reviewed by: Alexander Pyhalov <apyhalov@gmail.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Marcel Telka <marcel@telka.sk>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF