From deniskv@mail.ru  Wed Nov 24 18:13:57 2004
Return-Path: <deniskv@mail.ru>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 77C0116A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Nov 2004 18:13:57 +0000 (GMT)
Received: from mail.icn.bmstu.ru (h133.net37.bmstu.ru [195.19.37.133])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B271043D39
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Nov 2004 18:13:56 +0000 (GMT)
	(envelope-from deniskv@mail.ru)
Received: by mail.icn.bmstu.ru (Postfix, from userid 8)
	id D7BD6932C3; Wed, 24 Nov 2004 21:13:59 +0300 (MSK)
Received: from wk (Marx.icn.bmstu.ru [192.168.52.101])
	by mail.icn.bmstu.ru (Postfix) with ESMTP id C10D193247
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 24 Nov 2004 21:13:58 +0300 (MSK)
Message-Id: <7114180390.20041124211337@mail.ru>
Date: Wed, 24 Nov 2004 21:13:37 +0300
From: Denis Koreshkov <deniskv@mail.ru>
Reply-To: Denis Koreshkov <deniskv@mail.ru>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] mlock() causes physical memory leakage

>Number:         74327
>Category:       i386
>Synopsis:       [pmap] [patch] mlock() causes physical memory leakage
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    vwe
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 24 18:20:26 GMT 2004
>Closed-Date:    Sun May 18 10:23:15 UTC 2008
>Last-Modified:  Sun May 18 10:23:15 UTC 2008
>Originator:     Denis Koreshkov
>Release:        FreeBSD 4.10-RELEASE i386
>Organization:
>Environment:
System: FreeBSD doscrypt 4.8-RELEASE FreeBSD 4.8-RELEASE #0: Sat Oct 30 02:38:01 MSD 2004 root@doscrypt:/usr/obj/usr/src/sys/LITE i386

>Description:
        On FreeBSD/i386, mlock()'ing an memory area cause underlying
        pages to become unusable (to both kernel and applications)
        following exit(), when the following conditions are met:        
                1) The area had already been accessed before
                    a call to mlock(), and
                2) No corresponding call to munlock() had been
                    issued before exit().
>How-To-Repeat:
        1) malloc() a few megs of memory,
        2) bzero() it,
        3) mlock() it,
        4) exit().

        sysctl vm.stats.vm.v_wire_count will have grown
        by the amount of pages locked
>Fix:
        The bug is confined in pmap_enter() (file sys/i386/i386/pmap.c)
        One should toggle PG_W bit of pte to reflect wiring
        changes, as vm_fault_user_wire() does vm_fault() to
        bring pages into physmem.

*** sys/i386/i386/pmap.c.orig   Sun Nov 14 11:12:34 2004
--- sys/i386/i386/pmap.c        Sun Nov 14 11:21:25 2004
***************
*** 1962,1971 ****
                 * are valid mappings in them. Hence, if a user page is wired,
                 * the PT page will be also.
                 */
!               if (wired && ((origpte & PG_W) == 0))
                        pmap->pm_stats.wired_count++;
!               else if (!wired && (origpte & PG_W))
                        pmap->pm_stats.wired_count--;
  
  #if defined(PMAP_DIAGNOSTIC)
                if (pmap_nw_modified((pt_entry_t) origpte)) {
--- 1962,1974 ----
                 * are valid mappings in them. Hence, if a user page is wired,
                 * the PT page will be also.
                 */
!               if (wired && ((origpte & PG_W) == 0)) {
!                       *pte |= PG_W;
                        pmap->pm_stats.wired_count++;
!               } else if (!wired && (origpte & PG_W)) {
!                       *pte &= ~PG_W;
                        pmap->pm_stats.wired_count--;
+               }
  
  #if defined(PMAP_DIAGNOSTIC)
                if (pmap_nw_modified((pt_entry_t) origpte)) {

>Release-Note:
>Audit-Trail:

From: pluknet <pluknet@gmail.com>
To: bug-followup@freebsd.org, deniskv@mail.ru
Cc:  
Subject: Re: i386/74327: [pmap] [patch] mlock() causes physical memory leakage
Date: Sat, 23 Feb 2008 04:16:50 +0300

 I tried to reproduce on RELENG_[67] mlock()'ing 20 megs - without success.
 
 Test procedure (output from RELENG_7, same from _6):
 [root@notebook /tmp]# for i in 1 2 3 4 5; do ./a; done
 64414
 69534
 64414
 69534
 64414
 69534
 64414
 69534
 64414
 69534
 
 ---
 #include <sys/mman.h>
 #include <sys/types.h>
 #include <sys/sysctl.h>
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <strings.h>
 
 int
 main(void)
 {
 	u_int count;
 	size_t len = sizeof(u_int);
 	const size_t size = 20 * 1024 * 1024;
 	void *a;
 
 	a = malloc(size);
 	if (a == NULL)
 		perror("malloc");
 	bzero(a, size);
 	sysctlbyname("vm.stats.vm.v_wire_count", &count, &len,
 	    NULL, 0);
 	printf("%d\n", count);
 	if (mlock(a, size) == -1)
 		perror("mlock");
 	sysctlbyname("vm.stats.vm.v_wire_count", &count, &len,
 	    NULL, 0);
 	printf("%d\n", count);
 
 	exit(0);
 }
 ---
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Sat Feb 23 03:14:47 UTC 2008 
State-Changed-Why:  
Note that submitter has been asked for feedback. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74327 
State-Changed-From-To: feedback->closed 
State-Changed-By: vwe 
State-Changed-When: Sun May 18 10:22:11 UTC 2008 
State-Changed-Why:  

We're sorry to not see any feedback received for quite some time. 
We think this issue has been OBE. 
If you think this is still an issue that should be worked on, 
please provide the requested information and we'll be happy to 
re-open this ticket. 
Thank you for bringing this problem to attention! 


Responsible-Changed-From-To: freebsd-i386->vwe 
Responsible-Changed-By: vwe 
Responsible-Changed-When: Sun May 18 10:22:11 UTC 2008 
Responsible-Changed-Why:  

track 

http://www.freebsd.org/cgi/query-pr.cgi?pr=74327 
>Unformatted:
