lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160705143452.GA20099@redhat.com>
Date:	Tue, 5 Jul 2016 16:34:52 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Xishi Qiu <qiuxishi@...wei.com>
Cc:	ebiederm@...ssion.com, Linux MM <linux-mm@...ck.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: is pid_namespace leak in v3.10?

On 07/05, Xishi Qiu wrote:
>
> I find pid_namespace leak by "cat /proc/slabinfo | grep pid_namespace".
> The kernel version is RHEL 7.1 (kernel v3.10 stable).
> The following is the test case, after several times, the count of pid_namespace
> become very large, is it correct?

Apparently not,

> I also test mainline, and the count will increase too, but it seems stably later.

And I can't reproduce the problem with the latest rhel7 kernel.

And just in case, I have no idea what actually slub reports as "active_objs" but
certainly this is not the number of allocated "in use" objects, so it is fine if
this counter doesn't go to zero when your test-case exits. But it should not grow
"too much".

> BTW, this patch doesn't help.
> 24c037ebf5723d4d9ab0996433cee4f96c292a4d
> exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting

Sure, it can't help, your test-case doesn't fork other processes which could race
with the exiting sub-namespace init.


> int main()
> {
>         pid_t pid, child_pid;
>         int  i, status;
>         void *stack;
>
>         for (i = 0; i < 100; i++) {
>                 stack = malloc(8192);
>                 pid = clone(&test, (char *)stack + 8192, CLONE_NEWPID|SIGCHLD, 0);
>         }
>
>         sleep(5);

is this sleep() really needed to trigger the problem?

Oleg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ