From gallatin@cs.duke.edu  Mon Sep 24 13:16:21 2001
Return-Path: <gallatin@cs.duke.edu>
Received: from duke.cs.duke.edu (duke.cs.duke.edu [152.3.140.1])
	by hub.freebsd.org (Postfix) with ESMTP id 69DE337B406
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 24 Sep 2001 13:16:16 -0700 (PDT)
Received: from grasshopper.cs.duke.edu (grasshopper.cs.duke.edu [152.3.145.30])
	by duke.cs.duke.edu (8.9.3/8.9.3) with ESMTP id QAA09715
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 24 Sep 2001 16:16:05 -0400 (EDT)
Received: (from gallatin@localhost)
	by grasshopper.cs.duke.edu (8.11.3/8.9.1) id f8OKFdP66601;
	Mon, 24 Sep 2001 16:15:39 -0400 (EDT)
	(envelope-from gallatin@cs.duke.edu)
Message-Id: <200109242015.f8OKFdP66601@grasshopper.cs.duke.edu>
Date: Mon, 24 Sep 2001 16:15:39 -0400 (EDT)
From: gallatin@cs.duke.edu
Reply-To: gallatin@cs.duke.edu
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: contigfree() doesn't
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         30798
>Category:       kern
>Synopsis:       contigfree() doesn't
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Sep 24 13:20:01 PDT 2001
>Closed-Date:    Thu Aug 07 09:25:56 PDT 2003
>Last-Modified:  Thu Aug 07 09:25:56 PDT 2003
>Originator:     
>Release:        FreeBSD 4.4-RELEASE i386
>Organization:
>Environment:
System: FreeBSD ugly 4.4-RELEASE FreeBSD 4.4-RELEASE #3: Mon Sep 24 15:01:31 EDT 2001     gallatin@ugly:/usr/src/sys/compile/SMP  i386


	
>Description:

When debugging an apparent memory leak in a 3rd party
device driver, I found what appears to be a serious problem with
contigfree() -- it doesn't appear to actually free the pages.

>How-To-Repeat:

I modified the syscall example kld to contigmalloc 1024 pages on load &
free them on unload.  Prior to the contigmalloc() it prints out the
number of wired pages, as well as the size of the free and cache
queues.  It prints this same information after the contigfree at
unload time. 

As you can see from the following output, the pages remain wired & are
never freed:

load:   wired: 3710, cache 8, free 119993
unload: wired: 4735, cache 8, free 118954
load:   wired: 4738, cache 8, free 118950
unload: wired: 5762, cache 8, free 117924
load:   wired: 5762, cache 8, free 117926
unload: wired: 6786, cache 8, free 116900
load:   wired: 6786, cache 8, free 116902
unload: wired: 7810, cache 8, free 115876


I've appended a modified version of the syscall module:



--- /usr/share/examples/kld/syscall/module/syscall.c	Wed Aug 15 14:40:49 2001
+++ syscall.c	Mon Sep 24 15:21:42 2001
@@ -33,6 +33,8 @@
 #include <sys/sysent.h>
 #include <sys/kernel.h>
 #include <sys/systm.h>
+#include <sys/malloc.h>
+#include <sys/vmmeter.h>
 
 /*
  * The function for implementing the syscall.
@@ -64,6 +66,9 @@
  * The function called at load/unload.
  */
 
+void *contigmem;
+unsigned long size = PAGE_SIZE * 1024;
+
 static int
 load (struct module *module, int cmd, void *arg)
 {
@@ -71,10 +76,15 @@
 
 	switch (cmd) {
 	case MOD_LOAD :
-		printf ("syscall loaded at %d\n", offset);
+		printf("load:   wired: %d, cache %d, free %d\n",
+		    cnt.v_wire_count, cnt.v_cache_count, cnt.v_free_count);
+		contigmem = contigmalloc (size, M_DEVBUF, M_NOWAIT, 
+		    0x100000, 0xffffffff, PAGE_SIZE, 0);
 		break;
 	case MOD_UNLOAD :
-		printf ("syscall unloaded from %d\n", offset);
+		contigfree(contigmem, size, M_DEVBUF);
+		printf("unload: wired: %d, cache %d, free %d\n",
+		    cnt.v_wire_count, cnt.v_cache_count, cnt.v_free_count);
 		break;
 	default :
 		error = EINVAL;

>Fix:

unknown
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: schweikh 
State-Changed-When: Wed Aug 6 12:28:35 PDT 2003 
State-Changed-Why:  
Is this still a problem? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30798 
State-Changed-From-To: feedback->closed 
State-Changed-By: schweikh 
State-Changed-When: Thu Aug 7 09:25:10 PDT 2003 
State-Changed-Why:  
Appears to be fixed by dillon's vm_contig v1.3 and 
MFC'ed to vm_page.c 1.147.2.9. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=30798 
>Unformatted:
