Actions
Bug #6452
closed
Bug #4749: ilbd_run_probe() has several problems with resource releasing
ilbd leaks lmalloc() memory due to posix_spawn() sloppiness
Start date:
2015-11-10
Due date:
% Done:
0%
Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:
Description
An OmniOS community member discovered ilbd quickly moves to eat all available memory in its 32-bit address space. He discovered, thanks to tracing mmap() calls, that ilbd's caller of posix_spawn() --> ilbd_run_probe(), doesn't clean up its posix_spawn() attributes or actions at all.
An initial suggested fix is below.
diff --git a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
index b7d7152..65fd91c 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
@@ -1297,11 +1297,11 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
if (posix_spawn_file_actions_init(&fd_actions) != 0) {
logdebug("ilbd_run_probe: posix_spawn_file_actions_init");
- goto cleanup;
+ goto cleanup_noactions;
}
if (posix_spawnattr_init(&attr) != 0) {
logdebug("ilbd_run_probe: posix_spawnattr_init");
- goto cleanup;
+ goto cleanup_noattr;
}
if (posix_spawn_file_actions_addclose(&fd_actions, fds[0]) != 0) {
logdebug("ilbd_run_probe: posix_spawn_file_actions_addclose");
@@ -1355,6 +1355,8 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
goto cleanup;
}
+ (void) posix_spawnattr_destroy(&attr);
+ (void) posix_spawn_file_actions_destroy(&fd_actions);
(void) close(fds[1]);
destroy_argv(child_argv);
srv->shc_child_pid = pid;
@@ -1378,6 +1380,10 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
return (B_TRUE);
cleanup:
+ (void) posix_spawnattr_destroy(&attr);
+cleanup_noattr:
+ (void) posix_spawn_file_actions_destroy(&fd_actions);
+cleanup_noactions:
(void) close(fds[0]);
(void) close(fds[1]);
destroy_argv(child_argv);
Updated by Dan McDonald about 8 years ago
A better fix follows:
diff --git a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
index b7d7152..0ff90ef 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
@@ -23,6 +23,7 @@
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
* Copyright 2012 Milan Jurik. All rights reserved.
+ * Copyright 2015 OmniTI Computer Consulting, Inc. All rights reserved.
*/
#include <sys/types.h>
@@ -1288,20 +1289,20 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
/* Set our side of the pipe to be non-blocking */
if ((fdflags = fcntl(fds[0], F_GETFL, 0)) == -1) {
logdebug("ilbd_run_probe: fcntl(F_GETFL)");
- goto cleanup;
+ goto cleanup_noactions;
}
if (fcntl(fds[0], F_SETFL, fdflags | O_NONBLOCK) == -1) {
logdebug("ilbd_run_probe: fcntl(F_SETFL)");
- goto cleanup;
+ goto cleanup_noactions;
}
if (posix_spawn_file_actions_init(&fd_actions) != 0) {
logdebug("ilbd_run_probe: posix_spawn_file_actions_init");
- goto cleanup;
+ goto cleanup_noactions;
}
if (posix_spawnattr_init(&attr) != 0) {
logdebug("ilbd_run_probe: posix_spawnattr_init");
- goto cleanup;
+ goto cleanup_noattr;
}
if (posix_spawn_file_actions_addclose(&fd_actions, fds[0]) != 0) {
logdebug("ilbd_run_probe: posix_spawn_file_actions_addclose");
@@ -1355,6 +1356,8 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
goto cleanup;
}
+ (void) posix_spawnattr_destroy(&attr);
+ (void) posix_spawn_file_actions_destroy(&fd_actions);
(void) close(fds[1]);
destroy_argv(child_argv);
srv->shc_child_pid = pid;
@@ -1378,6 +1381,10 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
return (B_TRUE);
cleanup:
+ (void) posix_spawnattr_destroy(&attr);
+cleanup_noattr:
+ (void) posix_spawn_file_actions_destroy(&fd_actions);
+cleanup_noactions:
(void) close(fds[0]);
(void) close(fds[1]);
destroy_argv(child_argv);
Updated by Dan McDonald about 8 years ago
- Status changed from New to Rejected
- Parent task set to #4749
Duplicate of 4749.
Updated by
Actions