Mercurial > illumos > illumos-gate

changeset 9975:9a78e9b6760d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6848845 pages_locked value is leaking 6816657 Use of SHM_LOCK can leak free pages
author Gangadhar Mylapuram <Gangadhar.M@Sun.COM>
date Fri, 26 Jun 2009 00:59:33 -0700
parents 206607ab68be
children a945dec9643d
files usr/src/uts/common/os/shm.c usr/src/uts/common/vm/seg_spt.c usr/src/uts/common/vm/vm_page.c
diffstat 3 files changed, 19 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/os/shm.c	Fri Jun 26 13:51:20 2009 +0800
+++ b/usr/src/uts/common/os/shm.c	Fri Jun 26 00:59:33 2009 -0700
@@ -578,17 +578,19 @@
 	uint_t cnt;
 	size_t rsize;
 
+	if (sp->shm_sptinfo) {
+		if (isspt(sp)) {
+			sptdestroy(sp->shm_sptinfo->sptas, sp->shm_amp);
+			sp->shm_lkcnt = 0;
+		}
+		kmem_free(sp->shm_sptinfo, sizeof (sptinfo_t));
+	}
+
 	if (sp->shm_lkcnt > 0) {
 		shmem_unlock(sp, sp->shm_amp);
 		sp->shm_lkcnt = 0;
 	}
 
-	if (sp->shm_sptinfo) {
-		if (isspt(sp))
-			sptdestroy(sp->shm_sptinfo->sptas, sp->shm_amp);
-		kmem_free(sp->shm_sptinfo, sizeof (sptinfo_t));
-	}
-
 	ANON_LOCK_ENTER(&sp->shm_amp->a_rwlock, RW_WRITER);
 	cnt = --sp->shm_amp->refcnt;
 	ANON_LOCK_EXIT(&sp->shm_amp->a_rwlock);
--- a/usr/src/uts/common/vm/seg_spt.c	Fri Jun 26 13:51:20 2009 +0800
+++ b/usr/src/uts/common/vm/seg_spt.c	Fri Jun 26 00:59:33 2009 -0700
@@ -19,12 +19,10 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <sys/param.h>
 #include <sys/user.h>
 #include <sys/mman.h>
@@ -740,6 +738,13 @@
 				panic("segspt_free_pages: bad large page");
 				/*NOTREACHED*/
 			}
+			/*
+			 * Before destroying the pages, we need to take care
+			 * of the rctl locked memory accounting. For that
+			 * we need to calculte the unlocked_bytes.
+			 */
+			if (pp->p_lckcnt > 0)
+				unlocked_bytes += PAGESIZE;
 			/*LINTED: constant in conditional context */
 			VN_DISPOSE(pp, B_INVAL, 0, kcred);
 		}
--- a/usr/src/uts/common/vm/vm_page.c	Fri Jun 26 13:51:20 2009 +0800
+++ b/usr/src/uts/common/vm/vm_page.c	Fri Jun 26 00:59:33 2009 -0700
@@ -3077,15 +3077,18 @@
 		 * Acquire the "freemem_lock" for availrmem.
 		 * The page_struct_lock need not be acquired for lckcnt
 		 * and cowcnt since the page has an "exclusive" lock.
+		 * We are doing a modified version of page_pp_unlock here.
 		 */
 		if ((pp->p_lckcnt != 0) || (pp->p_cowcnt != 0)) {
 			mutex_enter(&freemem_lock);
 			if (pp->p_lckcnt != 0) {
 				availrmem++;
+				pages_locked--;
 				pp->p_lckcnt = 0;
 			}
 			if (pp->p_cowcnt != 0) {
 				availrmem += pp->p_cowcnt;
+				pages_locked -= pp->p_cowcnt;
 				pp->p_cowcnt = 0;
 			}
 			mutex_exit(&freemem_lock);