带有私有匿名映射的ENOMEM的munmap()失败 [英] munmap() failure with ENOMEM with private anonymous mapping

查看：171 发布时间：2020/5/1 9:03:38 linux posix mmap memory-mapping enomem

本文介绍了带有私有匿名映射的ENOMEM的munmap()失败的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我最近发现Linux无法保证使用munmap释放分配给mmap的内存，如果这会导致VMA(虚拟内存区域)结构的数量超过vm.max_map_count的情况.联机帮助页(几乎)清楚地指出了这一点:

I have recently discovered that Linux does not guarantee that memory allocated with mmap can be freed with munmap if this leads to situation when number of VMA (Virtual Memory Area) structures exceed vm.max_map_count. Manpage states this (almost) clearly:

 ENOMEM The process's maximum number of mappings would have been exceeded.
 This error can also occur for munmap(), when unmapping a region
 in the middle of an existing mapping, since this results in two
 smaller mappings on either side of the region being unmapped.

问题在于，Linux内核总是尽可能地尝试合并VMA结构，即使对于单独创建的映射，munmap也会失败.我能够编写一个小程序来确认这种行为:

The problem is that Linux kernel always tries to merge VMA structures if possible, making munmap fail even for separately created mappings. I was able to write a small program to confirm this behavior:

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>

#include <sys/mman.h>

// value of vm.max_map_count
#define VM_MAX_MAP_COUNT        (65530)

// number of vma for the empty process linked against libc - /proc/<id>/maps
#define VMA_PREMAPPED           (15)

#define VMA_SIZE                (4096)
#define VMA_COUNT               ((VM_MAX_MAP_COUNT - VMA_PREMAPPED) * 2)

int main(void)
{
    static void *vma[VMA_COUNT];

    for (int i = 0; i < VMA_COUNT; i++) {
        vma[i] = mmap(0, VMA_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);

        if (vma[i] == MAP_FAILED) {
            printf("mmap() failed at %d\n", i);
            return 1;
        }
    }

    for (int i = 0; i < VMA_COUNT; i += 2) {
        if (munmap(vma[i], VMA_SIZE) != 0) {
            printf("munmap() failed at %d (%p): %m\n", i, vma[i]);
        }
    }
}

它使用mmap分配大量页面(是允许的默认最大值的两倍)，然后每隔第二页munmap来为剩余的每个页面创建单独的VMA结构.在我的计算机上，最后一个munmap调用始终失败，并显示ENOMEM.

It allocates a large number of pages (twice the default allowed maximum) using mmap, then munmaps every second page to create separate VMA structure for each remaining page. On my machine the last munmap call always fails with ENOMEM.

最初，我认为munmap如果使用与用于创建映射的地址和大小相同的值使用，则永远不会失败.显然，在Linux上不是这种情况，我无法在其他系统上找到有关类似行为的信息.

Initially I thought that munmap never fails if used with the same values for address and size that were used to create mapping. Apparently this is not the case on Linux and I was not able to find information about similar behavior on other systems.

同时，我认为对于每一个合理的实现，在任何操作系统上应用到映射区域中间的部分取消映射都将失败，但是我还没有找到任何文档表明这种失败是可能的.

At the same time in my opinion partial unmapping applied to the middle of a mapped region is expected to fail on any OS for every sane implementation, but I haven't found any documentation that says such failure is possible.

我通常会认为这是内核中的错误，但是了解Linux如何处理内存过量使用和OOM时，我几乎可以肯定这是一个存在的功能"，可以提高性能并减少内存消耗.

I would usually consider this a bug in the kernel, but knowing how Linux deals with memory overcommit and OOM I am almost sure this is a "feature" that exists to improve performance and decrease memory consumption.

我能找到的其他信息:

Windows上的类似API由于其设计而没有此功能"(请参阅MapViewOfFile，UnmapViewOfFile，VirtualAlloc，VirtualFree)-它们只是不支持部分取消映射.
glibc malloc实现实现的创建次数不超过65535映射，当达到此限制时退回到sbrk:

Similar APIs on Windows do not have this "feature" due to their design (see MapViewOfFile, UnmapViewOfFile, VirtualAlloc, VirtualFree) - they simply do not support partial unmapping.
glibc malloc implementation does not create more than 65535 mappings, backing off to sbrk when this limit is reached: https://code.woboq.org/userspace/glibc/malloc/malloc.c.html. This looks like a workaround for this issue, but it is still possible to make free silently leak memory.
jemalloc had trouble with this and tried to avoid using mmap/munmap because of this issue (I don't know how it ended for them).

其他操作系统是否真的可以保证释放内存映射?我知道Windows可以做到这一点，但是其他类似Unix的操作系统呢? FreeBSD? QNX?

Do other OS's really guarantee deallocation of memory mappings? I know Windows does this, but what about other Unix-like operating systems? FreeBSD? QNX?

我正在添加一个示例，该示例显示当内部munmap调用因ENOMEM失败时，glibc的free如何泄漏内存.使用strace来查看munmap失败:

I am adding example that shows how glibc's free can leak memory when internal munmap call fails with ENOMEM. Use strace to see that munmap fails:

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>

#include <sys/mman.h>

// value of vm.max_map_count
#define VM_MAX_MAP_COUNT        (65530)

#define VMA_MMAP_SIZE           (4096)
#define VMA_MMAP_COUNT          (VM_MAX_MAP_COUNT)

// glibc's malloc default mmap_threshold is 128 KiB
#define VMA_MALLOC_SIZE         (128 * 1024)
#define VMA_MALLOC_COUNT        (VM_MAX_MAP_COUNT)

int main(void)
{
    static void *mmap_vma[VMA_MMAP_COUNT];

    for (int i = 0; i < VMA_MMAP_COUNT; i++) {
        mmap_vma[i] = mmap(0, VMA_MMAP_SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);

        if (mmap_vma[i] == MAP_FAILED) {
            printf("mmap() failed at %d\n", i);
            return 1;
        }
    }

    for (int i = 0; i < VMA_MMAP_COUNT; i += 2) {
        if (munmap(mmap_vma[i], VMA_MMAP_SIZE) != 0) {
            printf("munmap() failed at %d (%p): %m\n", i, mmap_vma[i]);
            return 1;
        }
    }

    static void *malloc_vma[VMA_MALLOC_COUNT];

    for (int i = 0; i < VMA_MALLOC_COUNT; i++) {
        malloc_vma[i] = malloc(VMA_MALLOC_SIZE);

        if (malloc_vma[i] == NULL) {
            printf("malloc() failed at %d\n", i);
            return 1;
        }
    }

    for (int i = 0; i < VMA_MALLOC_COUNT; i += 2) {
        free(malloc_vma[i]);
    }
}

带有私有匿名映射的ENOMEM的munmap()失败 [英] munmap() failure with ENOMEM with private anonymous mapping

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录关闭

带有私有匿名映射的ENOMEM的munmap()失败 [英] munmap() failure with ENOMEM with private anonymous mapping

问题描述

推荐答案

相关文章

服务器开发最新文章

热门教程

热门工具

登录 关闭

登录关闭