audit-related slab memory leak in recent -mm kernels?
Dustin Kirkland
dustin.kirkland at us.ibm.com
Fri Feb 24 19:37:10 UTC 2006
On Fri, 2006-02-24 at 13:41 -0500, Valdis.Kletnieks at vt.edu wrote:
> For a while, I've been seeing a pretty serious leak in slab-32 entries in -mm
> kernels. Doing a quilt bisection on -mm calls out git-audit.patch as the
> offender.
>
> In kernel/auditsc.c, we have audit_inode_context(), which does:
>
> ctx = kmalloc(len, GFP_KERNEL);
> ...
> context->names[idx].ctx = ctx;
>
> but the only obvious kfree() I can find is in audit_free_names(), but that
> one is (a) inside an if statement along with a printk(KERN_ERR) and (b) has
> a '#if AUDIT_DEBUG == 2' around it.
>
> [/usr/src/linux-2.6.16-rc4-mm2/kernel]1 grep -n '\.ctx' *.c
> auditsc.c:384: kfree(context->names[i].ctx);
> auditsc.c:686: if (context->names[i].ctx) {
> auditsc.c:688: context->names[i].ctx);
> auditsc.c:961: context->names[idx].ctx = ctx;
>
> Is this my memory leak? If so, who is supposed to be freeing it?
It does look to be so, and I'm looking at the proper place to fix this.
Thanks.
:-Dustin
More information about the Linux-audit
mailing list