Bug 672554
| Summary: | libvirtd should use selabel_open rather than matchpathcon | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | RHEL Program Management <pm-rhel> |
| Component: | libvirt | Assignee: | Daniel Veillard <veillard> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | low | ||
| Version: | 6.0 | CC: | bsarathy, dallan, dyuan, eblake, gren, jdenemar, kxiong, plyons, pm-eus, xen-maint |
| Target Milestone: | rc | Keywords: | ZStream |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-0.8.1-27.el6_0.3 | Doc Type: | Bug Fix |
| Doc Text: |
Starting and shutting down a domain led to a memory leak due to the use of a thread-unfriendly "matchpathcon" (which gets the default security context for the specified path) SELinux API. With this update, libvirt uses improved SELinux APIs and a memory leak no longer occurs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-04-14 16:19:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 658657 | ||
| Bug Blocks: | |||
|
Description
RHEL Program Management
2011-01-25 15:28:23 UTC
Should be fixed with build libvirt-0.8.1-27.el6_0.3, Daniel Hi,I am now verifing this bug I set selinux enforcing status,then I do the test. bug it seems I can't see any libselinux information 1. service libvirtd stop 2.valgrind --leak-check=full /usr/sbin/libvirtd 2>&1 | tee valgrind.out& pid=$1 Look at the log ==3800== Memcheck, a memory error detector ==3800== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==3800== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info ==3800== Command: /usr/sbin/libvirtd ==3800== ==3800== Conditional jump or move depends on uninitialised value(s) ==3800== at 0x434708: virUUIDParse (in /usr/sbin/libvirtd) ==3800== by 0x434B25: virSetHostUUIDStr (in /usr/sbin/libvirtd) ==3800== by 0x41CAF9: ??? (in /usr/sbin/libvirtd) ==3800== by 0x327861EC5C: (below main) (in /lib64/libc-2.12.so) ==3800== ==3800== ==3800== HEAP SUMMARY: ==3800== in use at exit: 459,275 bytes in 6,744 blocks ==3800== total heap usage: 100,216 allocs, 93,472 frees, 356,530,058 bytes allocated ==3800== ==3800== 5 bytes in 1 blocks are possibly lost in loss record 14 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BDAB: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE74: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 5 bytes in 1 blocks are possibly lost in loss record 15 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BB8B: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC43: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 6 bytes in 1 blocks are possibly lost in loss record 43 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BB8B: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 7 bytes in 1 blocks are possibly lost in loss record 58 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BDAB: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE41: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 7 bytes in 1 blocks are possibly lost in loss record 59 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BDAB: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE63: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 7 bytes in 1 blocks are possibly lost in loss record 60 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BDAB: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 7 bytes in 1 blocks are possibly lost in loss record 61 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BB8B: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC21: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 8 bytes in 1 blocks are possibly lost in loss record 87 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BB8B: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC32: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 9 bytes in 1 blocks are possibly lost in loss record 106 of 481 ==3800== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==3800== by 0x327867FD51: strdup (in /lib64/libc-2.12.so) ==3800== by 0x3F89C2BDAB: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE52: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 193 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BD97: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE41: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 194 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BD97: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE52: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 195 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BD97: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE63: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 196 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BD97: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BE74: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 197 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BD97: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 198 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BB77: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC21: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 199 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BB77: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC32: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 200 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BB77: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C2BC43: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 32 bytes in 1 blocks are possibly lost in loss record 201 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x3F89C2BB77: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C3A485: ??? (in /lib64/libnl.so.1.1) ==3800== by 0x3F89C134FA: ??? (in /lib64/libnl.so.1.1) ==3800== ==3800== 90 (40 direct, 50 indirect) bytes in 1 blocks are definitely lost in loss record 367 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x43426D: virAlloc (in /usr/sbin/libvirtd) ==3800== by 0x307E466201: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E468F30: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E465C2E: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E46832B: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x45FC29: ??? (in /usr/sbin/libvirtd) ==3800== by 0x440BEF: ??? (in /usr/sbin/libvirtd) ==3800== by 0x441209: ??? (in /usr/sbin/libvirtd) ==3800== by 0x307E47D14F: virStateInitialize (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x41D140: ??? (in /usr/sbin/libvirtd) ==3800== by 0x327861EC5C: (below main) (in /lib64/libc-2.12.so) ==3800== ==3800== 120 bytes in 3 blocks are definitely lost in loss record 372 of 481 ==3800== at 0x4A04481: calloc (vg_replace_malloc.c:418) ==3800== by 0x43426D: virAlloc (in /usr/sbin/libvirtd) ==3800== by 0x307E44E962: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E44F41D: virDomainDefParseNode (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E44F525: ??? (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x307E44F79C: virDomainLoadAllConfigs (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x4412D1: ??? (in /usr/sbin/libvirtd) ==3800== by 0x307E47D14F: virStateInitialize (in /usr/lib64/libvirt.so.0.8.1) ==3800== by 0x41D140: ??? (in /usr/sbin/libvirtd) ==3800== by 0x327861EC5C: (below main) (in /lib64/libc-2.12.so) ==3800== ==3800== LEAK SUMMARY: ==3800== definitely lost: 160 bytes in 4 blocks ==3800== indirectly lost: 50 bytes in 3 blocks ==3800== possibly lost: 349 bytes in 18 blocks ==3800== still reachable: 458,716 bytes in 6,719 blocks ==3800== suppressed: 0 bytes in 0 blocks ==3800== Reachable blocks (those to which a pointer was found) are not shown. ==3800== To see them, rerun with: --leak-check=full --show-reachable=yes ==3800== ==3800== For counts of detected and suppressed errors, rerun with: -v ==3800== Use --track-origins=yes to see where uninitialised values come from ==3800== ERROR SUMMARY: 21 errors from 21 contexts (suppressed: 29 from 9) ^C 3.On another terminal run ps -ef|grep 3800,the pid doesn't exist. So I wanna know anything wrong with my steps? What version of libselinux do you have installed? The leak is only present if you have an older version (such as libselinux-2.0.94-2.el6.x86_64), since bug 658571 fixed libselinux to avoid the leak. If that's the case, you may have to resort to stap tracing to see which functions get called, rather than relying on valgrind. Hi,Eric Blake,I am wondering this package has problem, I have verified with bug 658657,and the matchpathcon leak isn't detected. I am using the same env with bug 658657 to verify this bug,with libselinux-2.0.94-2.el6.x86_64, but with package libvirt-0.8.1-27.el6_0.3, it all show: 32 bytes in 1 blocks are possibly lost in loss record 1,059 of 2,952 ==15881== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==15881== by 0x38360FF38F: ??? (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x383610159C: xmlPatterncompile (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x383607FE3B: ??? (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x3836086D9D: xmlXPathCtxtCompile (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x3840E0F9F7: xsltXPathCompile (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E25A3F: xsltStylePreCompute (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0BDF2: ??? (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E16A: xsltParseStylesheetProcess (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E570: xsltParseStylesheetImportedDoc (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E602: xsltParseStylesheetDoc (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E696: xsltParseStylesheetFile (in /usr/lib64/libxslt.so.1.1.26) ==15881== ==15881== 32 bytes in 1 blocks are possibly lost in loss record 1,060 of 2,952 ==15881== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==15881== by 0x38360FF38F: ??? (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x3836101CDB: xmlPatterncompile (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x383607FE3B: ??? (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x3836086D9D: xmlXPathCtxtCompile (in /usr/lib64/libxml2.so.2.7.6) ==15881== by 0x3840E0F9F7: xsltXPathCompile (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E2586D: xsltStylePreCompute (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0BDF2: ??? (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E16A: xsltParseStylesheetProcess (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E570: xsltParseStylesheetImportedDoc (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E602: xsltParseStylesheetDoc (in /usr/lib64/libxslt.so.1.1.26) ==15881== by 0x3840E0E696: xsltParseStylesheetFile (in /usr/lib64/libxslt.so.1.1.26) ==15881== Is it a problem? with package libvirt-0.8.7-1.el6,No such problem. I'm not yet sure if the leak regarding xsltParseStylesheetFile is a regression, but if it is, it's unrelated to the point of this BZ of selabel_open. I think you have verified this bug using the same means as for 658657, but that it should be cloned to another bug that ensures we didn't add some other memory leak. You're missing some debuginfo (libxml2 in comment 7, and libvirt in comment 4) that makes the valgrind output less informative. Also, the libnl leaks in comment 4 are a known issue (bug 620345), and not something that libvirt can fix or avoid. Verified with Verified with selinux=enforcing state libvirt-0.8.7-1.el6 libselinux-2.0.94-2.el6.x86_64 libnl-1.1-12.el6.x86_64 1.service libvirtd stop 2.valgrind --leak-check=full /usr/sbin/libvirtd 2>&1 | tee valgrind.out& pid=$1 3.virsh start guest Look at the log ==15881== 34 bytes in 1 blocks are definitely lost in loss record 1,117 of 2,952 ==15881== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==15881== by 0x382D07FD51: strdup (in /lib64/libc-2.12.so) ==15881== by 0x382E813DF6: selinux_raw_to_trans_context (in /lib64/libselinux.so.1) ==15881== by 0x382E80D0CF: ??? (in /lib64/libselinux.so.1) ==15881== by 0x382E80D18D: selabel_lookup (in /lib64/libselinux.so.1) ==15881== by 0x4D0910C: SELinuxRestoreSecurityFileLabel (security_selinux.c:385) ==15881== by 0x4D09699: SELinuxRestoreSecurityAllLabel (security_selinux.c:754) ==15881== by 0x459773: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) ==15881== by 0x43F405: qemudShutdownVMDaemon (qemu_driver.c:4342) ==15881== by 0x455B11: qemudStartVMDaemon (qemu_driver.c:4265) ==15881== by 0x458A36: qemudDomainObjStart (qemu_driver.c:7314) ==15881== by 0x458F8F: qemudDomainStart (qemu_driver.c:7354) ==15881== ==15881== 34 bytes in 1 blocks are definitely lost in loss record 1,118 of 2,952 ==15881== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==15881== by 0x382D07FD51: strdup (in /lib64/libc-2.12.so) ==15881== by 0x382E813B8F: selinux_trans_to_raw_context (in /lib64/libselinux.so.1) ==15881== by 0x382E813657: setfilecon (in /lib64/libselinux.so.1) ==15881== by 0x4D08F2A: SELinuxSetFilecon (security_selinux.c:325) ==15881== by 0x4D09125: SELinuxRestoreSecurityFileLabel (security_selinux.c:388) ==15881== by 0x4D09699: SELinuxRestoreSecurityAllLabel (security_selinux.c:754) ==15881== by 0x459773: qemuSecurityStackedRestoreSecurityAllLabel (qemu_security_stacked.c:257) ==15881== by 0x43F405: qemudShutdownVMDaemon (qemu_driver.c:4342) ==15881== by 0x455B11: qemudStartVMDaemon (qemu_driver.c:4265) ==15881== by 0x458A36: qemudDomainObjStart (qemu_driver.c:7314) ==15881== by 0x458F8F: qemudDomainStart (qemu_driver.c:7354) No matchpathcon leak is detected. So this bug is verified. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0446.html
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Starting and shutting down a domain led to a memory leak due to the use of a thread-unfriendly "matchpathcon" (which gets the default security context for the specified path) SELinux API. With this update, libvirt uses improved SELinux APIs and a memory leak no longer occurs.
|