Bug 903203

Summary: libselinux memory leak causes libvirtd to grow unbounded (with fix)
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: libselinuxAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 18CC: ajia, dallan, dwalsh, dyasny, dyuan, gren, jferlan, mgrepl, mzhan, rjones, rwu, whuang, ydu
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 891324 Environment:
Last Closed: 2013-03-02 20:10:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 903280    
Bug Blocks: 890039, 891324    

Description Richard W.M. Jones 2013-01-23 13:37:17 UTC 
+++ This bug was initially created as a clone of Bug #891324 +++

+++ This bug was initially created as a clone of Bug #890039 +++

Description of problem:

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND           
25390 rjones    20   0 10.9g  10g 8.4g S   0.0 66.8  16:34.08 libvirtd          

At least a component of this is caused by a memory leak
in libselinux.  The memory leak isn't in libselinux upstream,
but in a Fedora-specific patch that we apply to libselinux
('libselinux-rhat.patch').

This patch causes selabel_open to indirectly call a function
called 'load_mmap'.  This function strdups a string:

 spec->lr.ctx_raw = strdup((char *)addr);

but because of later faulty logic, spec->lr.ctx_raw is never
freed up.

The following patch fixes this:

--- libselinux-2.1.12/src/label_file.c.orig	2013-01-23 13:16:49.290131262 +0000
+++ libselinux-2.1.12/src/label_file.c	2013-01-23 13:17:13.202021998 +0000
@@ -535,11 +535,11 @@
 
 	for (i = 0; i < data->nspec; i++) {
 		spec = &data->spec_arr[i];
+		free(spec->lr.ctx_raw);
 		if (spec->from_mmap)
 			continue;
 		free(spec->regex_str);
 		free(spec->type_str);
-		free(spec->lr.ctx_raw);
 		free(spec->lr.ctx_trans);
 		if (spec->regcomp) {
 			pcre_free(spec->regex);

I have tested this patch and it works and reduces the memory
leakage of libvirtd in Fedora 18 (it doesn't eliminate it,
but I believe that we have another patch to libvirt which
fixes it completely).

Please apply the above patch to libselinux.
Comment 1 Richard W.M. Jones 2013-01-23 13:38:55 UTC 
Additionally, this is the valgrind log showing the memory leak:

https://bugzilla.redhat.com/attachment.cgi?id=685857
Comment 2 Daniel Walsh 2013-01-28 16:16:50 UTC 
We actually have more of a fix in rawhide.

	for (i = 0; i < data->nspec; i++) {
		spec = &data->spec_arr[i];
		free(spec->lr.ctx_trans);
		free(spec->lr.ctx_raw);
		if (spec->from_mmap)
			continue;
		free(spec->regex_str);
		free(spec->type_str);
		if (spec->regcomp) {
			pcre_free(spec->regex);
			pcre_free_study(spec->sd);
		}
	}
Comment 3 Daniel Walsh 2013-01-28 16:35:44 UTC 
Fixed in libselinux-2.1.12-7.1.fc18
Comment 4 Fedora Update System 2013-01-28 16:54:10 UTC 
libselinux-2.1.12-7.1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libselinux-2.1.12-7.1.fc18
Comment 5 Fedora Update System 2013-01-30 00:55:40 UTC 
Package libselinux-2.1.12-7.1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libselinux-2.1.12-7.1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-1636/libselinux-2.1.12-7.1.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-03-02 20:10:08 UTC 
libselinux-2.1.12-7.1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.