search

TakefiveInteractive / TedkOS

Operating System - ECE 391 Takefive Interactive Team
GNU General Public License v2.0
96 stars 17 forks source link

Kernel Mem Leak #47

Closed markzyu closed 8 years ago

markzyu commented 8 years ago

Shell will crash (and become deadlock-ed in printf) after calling sys exec for multiple times. Exception: Page Fault (make debug)

markzyu commented 8 years ago

The last 1gb virtual space is NOT FULL. It has holes in it:

(gdb) p ((uint32_t*)global_cr3val) [1022]
$13 = 260047011
(gdb) p ((uint32_t*)global_cr3val) [1000]
$14 = 0

(gdb) p palloc::virtLast1G.freeVirtAddr.empty()
$17 = false
(gdb) p palloc::physPages.freePhysAddr.empty()                               
$18 = false

So this problem may also not be related to paging at all... But why is the virtual 1G used up so fast (kernel must have already allocated 1G, along with deleting some 700MB)?

markzyu commented 8 years ago

Real reason: processDesc is messed up:

(At every breakpoint, the first printed variable is theDispatcher, the second is processDesc)

Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048558, nbytes=16)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
$518 = 0xffbc0000
$519 = 0xffac0000

Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048530, nbytes=7)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
$520 = 0xffbc0000
$521 = 0xffac0000

Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048558, nbytes=16)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
$522 = 0xffbc0000
$523 = 0xffac0000

Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048530, nbytes=7)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
$524 = 0xffbc0000
$525 = 0xffac0000

Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048558, nbytes=16)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
$526 = 0xffbc0000
$527 = 0xff7f4034
markzyu commented 8 years ago 
esp = ff7f4424
&processDesc = ff7f4004
processDesc = ffac0000
Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048530, nbytes=7)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
esp = ff7f4424
&processDesc = ff7f4004
processDesc = ffac0000
Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048558, nbytes=16)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
esp = ff7f43f0
&processDesc = ff7f4004
processDesc = ffac0000
Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048530, nbytes=7)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
esp = ff7f43f0
&processDesc = ff7f4004
processDesc = ffac0000
Breakpoint 1, syscall::fops::write (fd=1, buf=0x8048558, nbytes=16)
    at syscalls/filesystem_wrapper.cpp:29
29      return theDispatcher->write(*processDesc->fileDescs[fd], buf, nbytes);
esp = ff7f43bc
&processDesc = ff7f4004
processDesc = ff7f4034

It's not stack overflow ?!! (But the stack is CERTAINLY SHRINKING! (maybe some function called before fops::write clobbered &processDesc!)

There is no such function during this Syscall that create a stack size large enough to reach 0xff7f4004...

markzyu commented 8 years ago

fixed by 30c8c9a0b1d2e8a67b89a4ce13dd5791e6b2ede9

Tedko commented 8 years ago

added in bug log