Re: [BUG][2.6.13.4] Memoryleak - idr_layer_cache slab - inotify?

[Stefan Jones]

Stefan Jones wrote:

Made a standalone testcase, run this and the kernel will eat up your
memory (seen via slabtop):

[ creates a inotify_dev, and a watch and exits ; repeat via fork ... ]

Tracked it down me thinks:

struct inotify_device {
...
	struct idr		idr;		/* idr mapping wd -> watch */
...
}

idr gets allocated each time inotify_init() is called:

asmlinkage long sys_inotify_init(void)
{
..
idr_init(&dev->idr);
..
}

Looking in lib/idr.c you see:

 * You can release ids at any time. When all ids are released, most of
 * the memory is returned (we keep IDR_FREE_MAX) in a local pool so we
 * don't need to go to the memory "store" during an id allocate, just
 * so you don't need to be too concerned about locking and conflicts
 * with the slab allocator.

So even if you free all ids which create_watch->inotify_dev_get_wd 
creates you will still have menory in your struct idr.

So when
static inline void put_inotify_dev(struct inotify_device *dev)
{
	if (atomic_dec_and_test(&dev->count)) {
		atomic_dec(&dev->user->inotify_devs);
		free_uid(dev->user);
		kfree(dev);
	}
}

is called I think this is whre the memory gets lost. ( linux/idr.h has 
not free function I see )

Stefan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/