From: "J. Bruce Fields" <bfields@fieldses.org>
To: Stephen Hemminger <stephen@networkplumber.org>
Cc: trond.myklebust@hammerspace.com, chuck.lever@oracle.com,
linux-nfs@vger.kernel.org
Subject: Re: Fw: [Bug 206651] New: kmemleak in rpcsec_gss_krb5
Date: Tue, 3 Mar 2020 10:55:47 -0500 [thread overview]
Message-ID: <20200303155547.GD17257@fieldses.org> (raw)
In-Reply-To: <20200223195520.0afdad4a@hermes.lan>
On Sun, Feb 23, 2020 at 07:55:20PM -0800, Stephen Hemminger wrote:
> During the loading and unloading of the kernel module, kmemleak discovered a
> leak problem. To reproduce this problem, you only need to enable the kmemleak
> option.
> CONFIG_DEBUG_KMEMLEAK=y
> CONFIG_DEBUG_KMEMLEAK_EARLY_LOG_SIZE=10000:
> Then, load and unload the module.
> modprobe rpcsec_gss_krb5
> modprobe -r rpcsec_gss_krb5:
> Repeat this process every 1000 cycles to obtain the leaked information.
> Repeat the preceding operations for 115 times. The SUnreclaim memory will
> increase by 85 MB.
>
> After checking the loading source code of rpcsec_gss_krb5, we find that the
> svcauth_gss_register_pseudoflavor function in the svcauth_gss.c file contains
> the following code segment:
>
> ...
> test = auth_domain_lookup(name, &new->h);
> if (test != &new->h) { /* Duplicate registration */
> auth_domain_put(test);
> kfree(new->h.name);
> goto out_free_dom;
> }
> return 0;
>
> out_free_dom:
> kfree(new);
> out:
> return stat;
> ...
>
> The structure of new->h.name is dynamically applied by kstrdup. When
> auth_domain_lookup cannot find new->h.name in the hash table, it is added to
> the hash table.
>
> When the module is unloaded, the structure in the hash table is not released
> accordingly. As a result, the module is leaked. I modified the gss_mech_free
> function to forcibly release the structure in the hash table.
>
> ...
> for (i = 0; i < gm->gm_pf_num; i++) {
> pf = &gm->gm_pfs[i];
> + struct auth_domain *test;
> + test = auth_domain_find(pf->auth_domain_name);
> + if (test != NULL) {
> + test->flavour->domain_release(test);
> + }
> kfree(pf->auth_domain_name);
> ...
>
> Perform the leakage test again. The memory usage of SUnreclaim does not
> increase.
>
> I want a complete destructor to free the hash table, not by force.
Thanks! I'm not sure what the right solution is. Honestly, maybe just
preventing unloading of these modules--I'm not sure why it's really
needed.
--b.
prev parent reply other threads:[~2020-03-03 15:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-24 3:55 Fw: [Bug 206651] New: kmemleak in rpcsec_gss_krb5 Stephen Hemminger
2020-03-03 15:55 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200303155547.GD17257@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=trond.myklebust@hammerspace.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox