Bug 1262864
Summary: | pmap produces ludicrous output on shared memory using programs due to bogus parsing | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Poole <mpoole> | ||||||
Component: | procps-ng | Assignee: | Jan Rybar <jrybar> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Jan Houska <jhouska> | ||||||
Severity: | high | Docs Contact: | Lenka Špačková <lkuprova> | ||||||
Priority: | urgent | ||||||||
Version: | 7.2 | CC: | bnater, fkrska, isenfeld, jkurik, jrybar, mpoole, ovasik, tbowling | ||||||
Target Milestone: | rc | Keywords: | Upstream, ZStream | ||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | procps-ng-3.3.10-4.el7 | Doc Type: | Release Note | ||||||
Doc Text: |
*pmap* no longer reports incorrect totals
With the introduction of `VmFlags` in the kernel *smaps* interface, the *pmap* tool could no longer reliably process the content due to format differences of the `VmFlags` entry. As a consequence, *pmap* reported incorrect totals. The underlying source code has been patched, and *pmap* now works as expected.
|
Story Points: | --- | ||||||
Clone Of: | |||||||||
: | 1262870 1284842 (view as bug list) | Environment: | |||||||
Last Closed: | 2016-11-04 06:36:36 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1287433, 1287643 | ||||||||
Bug Blocks: | 1203710, 1284842 | ||||||||
Attachments: |
|
Hello Martin. I remember we implemented the VmFlags support in the extended maps function, but for some reason it didn't make it in the default output. Could You please test, whether you get correct value with the -X / -XX switch ? Thanks, Jaromir. Not yet managed to create a reproducer on RHEL7, but the same logical bug is present as RHEL6 RHEL6 BZ now has reproducer. Modified RHEL6 reproducer shows double accounting rather than ludicrous values #include <sys/types.h> #include <sys/stat.h> #include <sys/shm.h> #include <fcntl.h> #include <sys/mman.h> #include <stdio.h> int main( int argc, char *argv[] ) { int fd, shmid; void *vp; char cmdline[4096]; char *pwdname = "/etc/passwd"; /* memory map something */ fd = open( pwdname, O_RDONLY ); vp = mmap( NULL, 4096*4096, PROT_READ, MAP_SHARED , fd, 0 ); fprintf( stderr, "mmap of %s at %p\n", pwdname, vp ); /* call out to get our own maps */ sprintf( cmdline, "/bin/cat /proc/%ld/smaps", getpid() ); system( cmdline ); sprintf( cmdline, "pmap -x %ld", getpid() ); system( cmdline ); sprintf( cmdline, "pmap -X %ld", getpid() ); system( cmdline ); return(0); } ./badpmap mmap of /etc/passwd at 0x7f5eaceeb000 00400000-00401000 r-xp 00000000 fd:05 113164774 /data/mpoole/src/badpmap/badpmap Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd ex mr mw me dw 00600000-00601000 r--p 00000000 fd:05 113164774 /data/mpoole/src/badpmap/badpmap Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd mr mw me dw ac 00601000-00602000 rw-p 00001000 fd:05 113164774 /data/mpoole/src/badpmap/badpmap Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me dw ac 7f5eaceeb000-7f5eadeeb000 r--s 00000000 fd:03 269079062 /etc/passwd Size: 16384 kB Rss: 0 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 0 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd mr me ms 7f5eadeeb000-7f5eae0a1000 r-xp 00000000 fd:03 537539217 /usr/lib64/libc-2.17.so Size: 1752 kB Rss: 284 kB Pss: 6 kB Shared_Clean: 280 kB Shared_Dirty: 0 kB Private_Clean: 4 kB Private_Dirty: 0 kB Referenced: 284 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd ex mr mw me 7f5eae0a1000-7f5eae2a1000 ---p 001b6000 fd:03 537539217 /usr/lib64/libc-2.17.so Size: 2048 kB Rss: 0 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 0 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: mr mw me 7f5eae2a1000-7f5eae2a5000 r--p 001b6000 fd:03 537539217 /usr/lib64/libc-2.17.so Size: 16 kB Rss: 16 kB Pss: 16 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 16 kB Referenced: 16 kB Anonymous: 16 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd mr mw me ac 7f5eae2a5000-7f5eae2a7000 rw-p 001ba000 fd:03 537539217 /usr/lib64/libc-2.17.so Size: 8 kB Rss: 8 kB Pss: 8 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 8 kB Referenced: 8 kB Anonymous: 8 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me ac 7f5eae2a7000-7f5eae2ac000 rw-p 00000000 00:00 0 Size: 20 kB Rss: 12 kB Pss: 12 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 12 kB Referenced: 12 kB Anonymous: 12 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me ac 7f5eae2ac000-7f5eae2cd000 r-xp 00000000 fd:03 541551200 /usr/lib64/ld-2.17.so Size: 132 kB Rss: 112 kB Pss: 0 kB Shared_Clean: 112 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 112 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd ex mr mw me dw 7f5eae4a0000-7f5eae4a3000 rw-p 00000000 00:00 0 Size: 12 kB Rss: 12 kB Pss: 12 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 12 kB Referenced: 12 kB Anonymous: 12 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me ac 7f5eae4cc000-7f5eae4cd000 rw-p 00000000 00:00 0 Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me ac 7f5eae4cd000-7f5eae4ce000 r--p 00021000 fd:03 541551200 /usr/lib64/ld-2.17.so Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd mr mw me dw ac 7f5eae4ce000-7f5eae4cf000 rw-p 00022000 fd:03 541551200 /usr/lib64/ld-2.17.so Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me dw ac 7f5eae4cf000-7f5eae4d0000 rw-p 00000000 00:00 0 Size: 4 kB Rss: 4 kB Pss: 4 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 4 kB Referenced: 4 kB Anonymous: 4 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me ac 7ffd9b8b5000-7ffd9b8d6000 rw-p 00000000 00:00 0 [stack] Size: 136 kB Rss: 20 kB Pss: 20 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 20 kB Referenced: 20 kB Anonymous: 20 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd wr mr mw me gd ac 7ffd9b915000-7ffd9b917000 r-xp 00000000 00:00 0 [vdso] Size: 8 kB Rss: 4 kB Pss: 0 kB Shared_Clean: 4 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 4 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd ex mr mw me de ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Size: 4 kB Rss: 0 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 0 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 0 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB Locked: 0 kB VmFlags: rd ex 25473: ./badpmap Address Kbytes RSS Dirty Mode Mapping 0000000000400000 4 4 4 r-x-- badpmap 0000000000600000 4 4 4 r---- badpmap 0000000000601000 4 4 4 rw--- badpmap 00007f5eaceeb000 16384 0 0 r--s- passwd 00007f5eadeeb000 1752 284 0 r-x-- libc-2.17.so 00007f5eae0a1000 2048 0 0 ----- libc-2.17.so 00007f5eae2a1000 16 16 16 r---- libc-2.17.so 00007f5eae2a5000 8 8 8 rw--- libc-2.17.so 00007f5eae2a7000 20 12 12 rw--- [ anon ] 00007f5eae2ac000 132 112 0 r-x-- ld-2.17.so 00007f5eae4a0000 12 12 12 rw--- [ anon ] 00007f5eae4cc000 4 4 4 rw--- [ anon ] 00007f5eae4cd000 4 4 4 r---- ld-2.17.so 00007f5eae4ce000 4 4 4 rw--- ld-2.17.so 00007f5eae4cf000 4 4 4 rw--- [ anon ] 00007ffd9b8b5000 132 20 20 rw--- [ stack ] 00007ffd9b915000 8 4 0 r-x-- [ anon ] ffffffffff600000 4 0 0 r-x-- [ anon ] ---------------- ------- ------- ------- total kB 36928 496 96 25473: ./badpmap Address Perm Offset Device Inode Size Rss Pss Referenced Anonymous Swap Locked Mapping 00400000 r-xp 00000000 fd:05 113164774 4 4 4 4 0 0 0 badpmap 00600000 r--p 00000000 fd:05 113164774 4 4 4 4 4 0 0 badpmap 00601000 rw-p 00001000 fd:05 113164774 4 4 4 4 4 0 0 badpmap 7f5eaceeb000 r--s 00000000 fd:03 269079062 16384 0 0 0 0 0 0 passwd 7f5eadeeb000 r-xp 00000000 fd:03 537539217 1752 284 6 284 0 0 0 libc-2.17.so 7f5eae0a1000 ---p 001b6000 fd:03 537539217 2048 0 0 0 0 0 0 libc-2.17.so 7f5eae2a1000 r--p 001b6000 fd:03 537539217 16 16 16 16 16 0 0 libc-2.17.so 7f5eae2a5000 rw-p 001ba000 fd:03 537539217 8 8 8 8 8 0 0 libc-2.17.so 7f5eae2a7000 rw-p 00000000 00:00 0 20 12 12 12 12 0 0 7f5eae2ac000 r-xp 00000000 fd:03 541551200 132 112 0 112 0 0 0 ld-2.17.so 7f5eae4a0000 rw-p 00000000 00:00 0 12 12 12 12 12 0 0 7f5eae4cc000 rw-p 00000000 00:00 0 4 4 4 4 4 0 0 7f5eae4cd000 r--p 00021000 fd:03 541551200 4 4 4 4 4 0 0 ld-2.17.so 7f5eae4ce000 rw-p 00022000 fd:03 541551200 4 4 4 4 4 0 0 ld-2.17.so 7f5eae4cf000 rw-p 00000000 00:00 0 4 4 4 4 4 0 0 7ffd9b8b5000 rw-p 00000000 00:00 0 136 20 20 20 20 0 0 [stack] 7ffd9b915000 r-xp 00000000 00:00 0 8 4 0 4 0 0 0 [vdso] ffffffffff600000 r-xp 00000000 00:00 0 4 0 0 0 0 0 0 [vsyscall] ===== === === ========== ========= ==== ====== 20548 496 102 496 92 0 0 KB Changing the size of the mmap to something large clearly illustrates the double accounting. The mmap segment is added to the total twice in -x Using 65336*4096 26493: ./badpmap Address Kbytes RSS Dirty Mode Mapping 0000000000400000 4 4 4 r-x-- badpmap 0000000000600000 4 4 4 r---- badpmap 0000000000601000 4 4 4 rw--- badpmap 00007f329f497000 262144 0 0 r--s- passwd 00007f32af497000 1752 284 0 r-x-- libc-2.17.so 00007f32af64d000 2048 0 0 ----- libc-2.17.so 00007f32af84d000 16 16 16 r---- libc-2.17.so 00007f32af851000 8 8 8 rw--- libc-2.17.so 00007f32af853000 20 12 12 rw--- [ anon ] 00007f32af858000 132 112 0 r-x-- ld-2.17.so 00007f32afa4c000 12 12 12 rw--- [ anon ] 00007f32afa78000 4 4 4 rw--- [ anon ] 00007f32afa79000 4 4 4 r---- ld-2.17.so 00007f32afa7a000 4 4 4 rw--- ld-2.17.so 00007f32afa7b000 4 4 4 rw--- [ anon ] 00007ffd38a8c000 132 20 20 rw--- [ stack ] 00007ffd38b19000 8 4 0 r-x-- [ anon ] ffffffffff600000 4 0 0 r-x-- [ anon ] ---------------- ------- ------- ------- total kB 528448 496 96 26493: ./badpmap Address Perm Offset Device Inode Size Rss Pss Referenced Anonymous Swap Locked Mapping 00400000 r-xp 00000000 fd:05 113164774 4 4 4 4 0 0 0 badpmap 00600000 r--p 00000000 fd:05 113164774 4 4 4 4 4 0 0 badpmap 00601000 rw-p 00001000 fd:05 113164774 4 4 4 4 4 0 0 badpmap 7f329f497000 r--s 00000000 fd:03 269079062 262144 0 0 0 0 0 0 passwd 7f32af497000 r-xp 00000000 fd:03 537539217 1752 284 6 284 0 0 0 libc-2.17.so 7f32af64d000 ---p 001b6000 fd:03 537539217 2048 0 0 0 0 0 0 libc-2.17.so 7f32af84d000 r--p 001b6000 fd:03 537539217 16 16 16 16 16 0 0 libc-2.17.so 7f32af851000 rw-p 001ba000 fd:03 537539217 8 8 8 8 8 0 0 libc-2.17.so 7f32af853000 rw-p 00000000 00:00 0 20 12 12 12 12 0 0 7f32af858000 r-xp 00000000 fd:03 541551200 132 112 0 112 0 0 0 ld-2.17.so 7f32afa4c000 rw-p 00000000 00:00 0 12 12 12 12 12 0 0 7f32afa78000 rw-p 00000000 00:00 0 4 4 4 4 4 0 0 7f32afa79000 r--p 00021000 fd:03 541551200 4 4 4 4 4 0 0 ld-2.17.so 7f32afa7a000 rw-p 00022000 fd:03 541551200 4 4 4 4 4 0 0 ld-2.17.so 7f32afa7b000 rw-p 00000000 00:00 0 4 4 4 4 4 0 0 7ffd38a8c000 rw-p 00000000 00:00 0 136 20 20 20 20 0 0 [stack] 7ffd38b19000 r-xp 00000000 00:00 0 8 4 0 4 0 0 0 [vdso] ffffffffff600000 r-xp 00000000 00:00 0 4 0 0 0 0 0 0 [vsyscall] ====== === === ========== ========= ==== ====== 266308 496 102 496 92 0 0 KB Created attachment 1168367 [details]
Patch applied to the package
Patch accepted by upstream in commit https://gitlab.com/procps-ng/procps/commit/f6abbb00f0b29a514955b864cd86dc1438728b88 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2447.html |
Created attachment 1073253 [details] somewhat redundant obvious patch to move continue statement to correct location. Description of problem: pmap parsing of smap data has the continue statement in the wrong place for Keys and attempts to parse numeric values from non-numeric lines and then adds the badly initialised values into the process total. Version-Release number of selected component (if applicable): 3.3.10-3 How reproducible: Sometimes. Steps to Reproduce: 1. pmap of a process using shared memory Actual results: 8516: /usr/sbin/AuditSp 0640 /var/run/audispd_events Address Kbytes RSS Dirty Mode Mapping 000000000019d000 28 12 0 r-x-- librt-2.12.so 00000000001a4000 4 4 4 r---- librt-2.12.so [snip] 0000000008049000 4 4 4 rw--- AuditSp 0000000009e59000 164 20 20 rw--- [ anon ] 00000000ef23f000 125496 932 932 rw-s- [ shmid=0x3f8007 ] 00000000f6ccd000 10660 32 32 rw-s- [ shmid=0x3f0006 ] 00000000f7736000 20 20 20 rw--- [ anon ] 00000000f7748000 8 8 8 rw--- [ anon ] 00000000ff7f6000 924 12 12 rw--- [ stack ] ---------------- ------ ------ ------ total kB 18014398501662120 2624 1224 Expected results: sane value for total. Additional info: pmap is reading sections like f6ccd000-f7736000 rw-s 00000000 00:04 4128774 /SYSV00000600 (deleted) Size: 10660 kB Rss: 32 kB Pss: 0 kB Shared_Clean: 0 kB Shared_Dirty: 32 kB Private_Clean: 0 kB Private_Dirty: 0 kB Referenced: 32 kB Anonymous: 0 kB AnonHugePages: 0 kB Swap: 0 kB KernelPageSize: 4 kB MMUPageSize: 4 kB VmFlags: rd wr sh mr mw me ms ?? and reads the lines with (snipped and reformatted for clarity) /* hex values are lower case or numeric, keys are upper */ if (mapbuf[0] >= 'A' && mapbuf[0] <= 'Z') { /* Its a key */ if (sscanf (mapbuf, "%20[^:]: %llu", smap_key, &smap_value) == 2) { [snip - do stuff with key/values ] continue; } } sscanf(mapbuf, "%" KLF "x-%" KLF "x %31s %llx %x:%x %llu", &start, &end, perms, &file_offset, &dev_major, &dev_minor, &inode); So when it meets the line VmFlags: rd wr sh mr mw me ms ?? it drops through to the sscanf for the address range data. Since this does not parse (and the return code is not checked) variations of the old values are used in subsequent calculations. Specifically the value for "diff" becomes a negative value in the -4286537728 range.