New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memory leakage in fragments #83

Closed
tadokoro opened this Issue Mar 14, 2014 · 2 comments

Comments

Projects
None yet
3 participants
@tadokoro
Contributor

tadokoro commented Mar 14, 2014

Once the "Packet is too big" path in translate_packet.c is executed, some memory seems to leak.
After that, the kernel complains when rmmoding jool.

# rmmod jool
# dmesg
...
[88024.313526] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88024.313577] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88024.313898] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88024.347013] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88024.347060] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88024.347153] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88028.028533] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88035.397138] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88050.134187] Packet is too big (1500 bytes; MTU: 1280); dropping.
[88061.505518] kmem_cache_destroy jool_fragments: Slab cache still has objects
[88061.505817] CPU: 0 PID: 10328 Comm: rmmod Tainted: G           O 3.12-0.bpo.1-amd64 #1 Debian 3.12.9-1~bpo70+1
[88061.505823] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 01/07/2011
[88061.505828]  0000000000000000 0000000000000800 ffffffff814be0b3 ffff880036695140
[88061.505837]  ffffffff81141647 ffffffffa037e180 ffffffffa0379e57 ffffffffa0379e18
[88061.505844]  ffffffff810c7ccd ffff8800364207c0 ffffffffa037e180 ffff880000000800
[88061.505850] Call Trace:
[88061.505865]  [<ffffffff814be0b3>] ? dump_stack+0x41/0x51
[88061.505875]  [<ffffffff81141647>] ? kmem_cache_destroy+0xe7/0xf0
[88061.505888]  [<ffffffffa0379e57>] ? cleanup_module+0x3f/0x1e8 [jool]
[88061.505897]  [<ffffffffa0379e18>] ? core_6to4+0x48/0x48 [jool]
[88061.505905]  [<ffffffff810c7ccd>] ? SyS_delete_module+0x17d/0x270
[88061.505913]  [<ffffffff814c4018>] ? page_fault+0x28/0x30
[88061.505921]  [<ffffffff814cb7b9>] ? system_call_fastpath+0x16/0x1b
[88061.505925] Jool module removed.
# grep jool /proc/slabinfo
jool_fragments         9     34    112   34    1 : tunables  120   60    0 : slabdata      1      1      0

This is because the out fragment allocated via translate is not deallocated in this path.
The following patch seems to work correctly for me.

diff --git a/mod/translate_packet.c b/mod/translate_packet.c
index f92c176..e160c9f 100644
--- a/mod/translate_packet.c
+++ b/mod/translate_packet.c
@@ -426,6 +426,7 @@ static verdict translate_fragment(struct fragment *in, struct tuple *tuple,
                                icmp64_send(in, ICMPERR_FRAG_NEEDED, cpu_to_be32(min_ipv6_mtu));
                                log_info("Packet is too big (%u bytes; MTU: %u); dropping.",
                                                out->skb->len, min_ipv6_mtu);
+                               frag_kfree(out);
                                return VER_DROP;
                        }
@ydahhrk

This comment has been minimized.

Show comment
Hide comment
@ydahhrk

ydahhrk Mar 15, 2014

Member

Impressive :)
Since the solution appears to suffice, this is definitely going to be part of the current milestone.

Member

ydahhrk commented Mar 15, 2014

Impressive :)
Since the solution appears to suffice, this is definitely going to be part of the current milestone.

@ydahhrk ydahhrk added this to the 3.1.3 milestone Mar 15, 2014

@ydahhrk ydahhrk assigned ydahhrk and dhfelix and unassigned ydahhrk Mar 15, 2014

@dhfelix dhfelix closed this Mar 18, 2014

@dhfelix dhfelix reopened this Mar 18, 2014

@dhfelix dhfelix closed this Mar 18, 2014

@ydahhrk

This comment has been minimized.

Show comment
Hide comment
@ydahhrk

ydahhrk Mar 18, 2014

Member

BTW: Fixed in commit b7bcd96.

Member

ydahhrk commented Mar 18, 2014

BTW: Fixed in commit b7bcd96.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment