Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 233294 - crash utility: a set of memory leak fixes
Summary: crash utility: a set of memory leak fixes
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: crash
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Dave Anderson
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-03-21 14:40 UTC by Konstantin Khorenko
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-03-21 15:38:10 UTC


Attachments (Terms of Use)
patch: a set of memory leak fixes (deleted)
2007-03-21 14:40 UTC, Konstantin Khorenko
no flags Details | Diff

Description Konstantin Khorenko 2007-03-21 14:40:52 UTC
Description of problem:
SWsoft Virtuozzo/OpenVZ Linux kernel team has found several places in the
"crash" utility code which could produce memory leaks.
The leaks were found by manual code verification, attached patch is intended to
fix them.

Version-Release number of selected component (if applicable):
crash-4.0-3.21

Comment 1 Konstantin Khorenko 2007-03-21 14:40:52 UTC
Created attachment 150584 [details]
patch: a set of memory leak fixes

Comment 2 Dave Anderson 2007-03-21 15:38:10 UTC
> SWsoft Virtuozzo/OpenVZ Linux kernel team has found several places in the
> "crash" utility code which could produce memory leaks.
> The leaks were found by manual code verification, attached patch is
> intended to fix them

I have taken a quick look at your patch, and it appears to 
be concerned with buffers that were allocated with GETBUF(),
and you have added a bunch of associated FREEBUF() calls.

However, if during the course of a crash command GETBUF()
is called, it is not necessary to make associated FREEBUF() calls.  

It was designed that way, because of the setjmp() done by the
various command RESTART() calls, which can be invoked in several places
during a crash command, most notably by error(FATAL, ...) calls.
Therefore, in fatal error situations, the code does not unwind
back through to the original "cmd_xxx()" function.  That being
the case, if malloc() was used to allocate temporary buffers, 
then yes, there would be memory leaks.

To avoid that possibility, the GETBUF() interface was designed
as a self-contained memory allocator.  Although it does offer a
FREEBUF() function, it is not necessary to call it.  That is 
because the crash utility's memory allocator keeps track of all
outstanding GETBUF() calls.  Prior to the *next* crash command,
get_command_line() calls restore_sanity(), which calls free_all_bufs().
The free_all_bufs() frees all of the temporary buffers that were
previously allocated by GETBUF().

I appreciate your looking into this, and if you find a real memory
leak, please report it.

Thanks,
  Dave Anderson



Comment 3 Dave Anderson 2007-03-21 18:18:51 UTC
Hi Konstantin,

I should mention that there is a valid reason for FREEBUF().

The internal allocator maintains 31 static buffers, and if 
all of them get allocated in the course of a crash command,
the allocator then does up to 2000 tracked malloc() calls.
But if a command attempts more than 2031 GETBUF() calls
without doing a FREEBUF(), the command will fail.

In any case, the whole point of the GETBUF() design was to
avoid memory leaks.

Thanks,
  Dave






Note You need to log in before you can comment on or make changes to this bug.