Project

General

Profile

Bug #6452

Bug #4749: ilbd_run_probe() has several problems with resource releasing

ilbd leaks lmalloc() memory due to posix_spawn() sloppiness

Added by Dan McDonald about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
networking
Start date:
2015-11-10
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

An OmniOS community member discovered ilbd quickly moves to eat all available memory in its 32-bit address space. He discovered, thanks to tracing mmap() calls, that ilbd's caller of posix_spawn() --> ilbd_run_probe(), doesn't clean up its posix_spawn() attributes or actions at all.

An initial suggested fix is below.

diff --git a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
index b7d7152..65fd91c 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
@@ -1297,11 +1297,11 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)

     if (posix_spawn_file_actions_init(&fd_actions) != 0) {
         logdebug("ilbd_run_probe: posix_spawn_file_actions_init");
-        goto cleanup;
+        goto cleanup_noactions;
     }
     if (posix_spawnattr_init(&attr) != 0) {
         logdebug("ilbd_run_probe: posix_spawnattr_init");
-        goto cleanup;
+        goto cleanup_noattr;
     }
     if (posix_spawn_file_actions_addclose(&fd_actions, fds[0]) != 0) {
         logdebug("ilbd_run_probe: posix_spawn_file_actions_addclose");
@@ -1355,6 +1355,8 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
         goto cleanup;
     }

+    (void) posix_spawnattr_destroy(&attr);
+    (void) posix_spawn_file_actions_destroy(&fd_actions);
     (void) close(fds[1]);
     destroy_argv(child_argv);
     srv->shc_child_pid = pid;
@@ -1378,6 +1380,10 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
     return (B_TRUE);

 cleanup:
+    (void) posix_spawnattr_destroy(&attr);
+cleanup_noattr:
+    (void) posix_spawn_file_actions_destroy(&fd_actions);
+cleanup_noactions:
     (void) close(fds[0]);
     (void) close(fds[1]);
     destroy_argv(child_argv);

History

#1

Updated by Dan McDonald about 4 years ago

A better fix follows:

diff --git a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
index b7d7152..0ff90ef 100644
--- a/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
+++ b/usr/src/cmd/cmd-inet/usr.lib/ilbd/ilbd_hc.c
@@ -23,6 +23,7 @@
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  * Copyright 2012 Milan Jurik. All rights reserved.
+ * Copyright 2015 OmniTI Computer Consulting, Inc. All rights reserved.
  */

 #include <sys/types.h>
@@ -1288,20 +1289,20 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
     /* Set our side of the pipe to be non-blocking */
     if ((fdflags = fcntl(fds[0], F_GETFL, 0)) == -1) {
         logdebug("ilbd_run_probe: fcntl(F_GETFL)");
-        goto cleanup;
+        goto cleanup_noactions;
     }
     if (fcntl(fds[0], F_SETFL, fdflags | O_NONBLOCK) == -1) {
         logdebug("ilbd_run_probe: fcntl(F_SETFL)");
-        goto cleanup;
+        goto cleanup_noactions;
     }

     if (posix_spawn_file_actions_init(&fd_actions) != 0) {
         logdebug("ilbd_run_probe: posix_spawn_file_actions_init");
-        goto cleanup;
+        goto cleanup_noactions;
     }
     if (posix_spawnattr_init(&attr) != 0) {
         logdebug("ilbd_run_probe: posix_spawnattr_init");
-        goto cleanup;
+        goto cleanup_noattr;
     }
     if (posix_spawn_file_actions_addclose(&fd_actions, fds[0]) != 0) {
         logdebug("ilbd_run_probe: posix_spawn_file_actions_addclose");
@@ -1355,6 +1356,8 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
         goto cleanup;
     }

+    (void) posix_spawnattr_destroy(&attr);
+    (void) posix_spawn_file_actions_destroy(&fd_actions);
     (void) close(fds[1]);
     destroy_argv(child_argv);
     srv->shc_child_pid = pid;
@@ -1378,6 +1381,10 @@ ilbd_run_probe(ilbd_hc_srv_t *srv)
     return (B_TRUE);

 cleanup:
+    (void) posix_spawnattr_destroy(&attr);
+cleanup_noattr:
+    (void) posix_spawn_file_actions_destroy(&fd_actions);
+cleanup_noactions:
     (void) close(fds[0]);
     (void) close(fds[1]);
     destroy_argv(child_argv);
#2

Updated by Dan McDonald about 4 years ago

  • Status changed from New to Rejected
  • Parent task set to #4749

Duplicate of 4749.

#3

Updated by Gordon Ross about 4 years ago

  • Status changed from Rejected to Closed

Also available in: Atom PDF