lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1315807643.92529.YahooMailNeo@web113911.mail.gq1.yahoo.com>
Date:	Sun, 11 Sep 2011 23:07:23 -0700 (PDT)
From:	Kumar S <ps2kumar@...oo.com>
To:	Eric Dumazet <eric.dumazet@...il.com>
Cc:	Neil Horman <nhorman@...driver.com>,
	netdev <netdev@...r.kernel.org>
Subject: Re: Memory leak in ip_dst_cache

----- Original Message -----
From: Eric Dumazet <eric.dumazet@...il.com>
To: Kumar S <ps2kumar@...oo.com>
Cc: Neil Horman <nhorman@...driver.com>; netdev <netdev@...r.kernel.org>
Sent: Sunday, September 11, 2011 10:40 PM
Subject: Re: Memory leak in ip_dst_cache

Le dimanche 11 septembre 2011 à 20:38 -0700, Kumar S a écrit :

Please dont top post.

>> Thanks Neil. I did try with prink(). I do see entries getting aged
>> out, but they are not getting deallocated. This seems to be happening
>> because of "ref_cnt". When the route entries are added the ref_cnt is
>> set to 1. Looks this is causing trouble clearing the entries
>> completely. If I set the ref_cnt to 0, I can see it working. Now I'm
>> trying to understand whether this is right. Please let me know if you
>> have any thoughts on it.

>I believe I already explained what was happening.

>A tcp socket has a pointer to a dst, so it holds a reference on it, to
>make sure no freeing of dst can happen while at least some socket still
>can reference dst. (It could reference freed memory and crash)

>As soon as the tcp socket will try to transmit some data, the dst will
>be checked and we notice its obsolete : We then release the refcount and
>dst pointer.

>Later, the garbage collector can notice dst refcount is zero and can
>free dst.

>If you have dormant tcp sockets (no trafic at all), they hold their dst.
>A dormant tcp socket has a pretty more expensive memory cost than its
>dst. (Socket structure, dentry, inode, and probably in user land a
>thread or process, and data)
 
Thanks Eric for detailed explanation. You did mention this before. What I see is the cache entries related to the TCP sockets are getting cleared, whenever they age out. But the issue we see here is with the broadcast messages such as SMB messages and network neighbor hood messages. They never get freed. There is no traffic to those destinations from our board. 
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ