lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Sep 2010 22:17:33 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Nick Bowler <nbowler@...iptictech.com> Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net> Subject: Re: Regression, bisected: reference leak with IPSec since ~2.6.31 Le lundi 20 septembre 2010 à 15:52 -0400, Nick Bowler a écrit : > On 2010-09-20 20:20 +0200, Eric Dumazet wrote: > > If you change your program to send small frames (so they are not > > fragmented), is the problem still present ? > > I changed MAX_DGRAM_SIZE in the test program to 1000 (mtu on the > interface is 1500). The short answer is that the references are > not leaked, and things seem to get cleaned up. So the rest of this > mail probably describes a separate issue. > > The long answer, however, is interesting: With latest Linus' git, the > references are cleaned up much later than I would expect. After running > the test program and flushing the SAD/SPD, the reference count is still > 1. If I repeat the test immediately, the reference count will increase > further. I can easily raise the reference count to, say, 100. Now, if > I wait a while (10 minutes or so), the reference count will still be > 100. However, when I run the setkey script after this delay, the > reference count drops immediately to 1. If I then flush the SAD/SPD, it > drops to 0. > > This behaviour is new: newer than the reported leak. For example, with > 2.6.34, everything works perfectly with MAX_DGRAM_SIZE set to 1000 (the > SAs are destroyed immediately when the SAD/SPD are flushed), but the > leak occurs with MAX_DGRAM_SIZE set to 10000. > Thanks Nick I suspect a skb->truesize bug somewhere. I can see atomic_read(&sk->sk_wmem_alloc) becoming negative after a while... I am investigating and let you know. Thanks -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists