Bug 141377 - (IT#55725) [PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
[PATCH] memory leak in ipv6 ip6_{push,flush}_pending_frames()
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: kernel (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Miller
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-30 14:33 EST by Steve Conklin
Modified: 2010-10-21 22:43 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-18 09:28:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch fix for the bug. (525 bytes, patch)
2005-02-08 20:14 EST, David Miller
no flags Details | Diff

  None (edit)
Description Steve Conklin 2004-11-30 14:33:11 EST
From IT# 55725:

This bug was reported for the U4 beta, but it's in U3 as well.

Description of problem:

 The ipv6 ping packet can be transmitted only up to 1024 times or less
by repeatedly executing the "interface up/down" processing and the
transmission of the ipv6 ping packet according to the following procedure.
 This cause is leak of the dst_entry structure.

Version-Release number of selected component (if applicable):
2.4.21-20.EL

How reproducible:
Always

Steps to Reproduce:
1.Connect two hosts:
      |host1|-(eth0)-------(LAN)---------|host2|
       3ffe:501:ffff::1        3ffe:501:ffff::2
      (RHEL3 is installed in the host1.)

2. Execute the following processing more than 1024 times repeatedly at
host1.

       # ifconfig eth0 down
       # ifconfig eth0 up
       # sleep 3
       # ifconfig eth0 add 3ffe:501:ffff::1/64
       # sleep 3
       # ping6 -c1 3ffe:501:ffff::2

3. 
    

Actual Results:  The ping6 command fails after 1025 times though it
succeeds 1024 times.

Expected Results:  The ping6 command should succeed more than 1024 times.

  note: The value 1024 is the value of
        /proc/sys/net/ipv6/neigh/default/gc_thresh3.

Additional info:

There are editing mistakes in functions
 ip6_{push,flush}_pending_frames()

 This problem can be solved by applying the undermentioned patch.

--- ip6_output.c.ORIG   2004-11-29 18:51:58.000000000 +0900
+++ ip6_output.c        2004-11-29 18:53:08.000000000 +0900
@@ -1475,6 +1475,7 @@
               np->cork.opt = NULL;
       }
       if (np->cork.rt) {
+               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       }
       if (np->cork.fl) {
@@ -1502,7 +1503,6 @@
       }
       if (np->cork.rt) {
               dst_release(&np->cork.rt->u.dst);
-               dst_release(&np->cork.rt->u.dst);
               np->cork.rt = NULL;
       }
       if (np->cork.fl) {
Comment 3 David Miller 2005-02-08 20:14:49 EST
Created attachment 110840 [details]
Patch fix for the bug.

Just putting this here as a proper attachment instead of
inline.
Comment 4 Ernie Petrides 2005-02-16 07:32:31 EST
A fix for this problem has just been committed to the RHEL3 U5
patch pool this evening (in kernel version 2.4.21-27.14.EL).
Comment 5 Tim Powers 2005-05-18 09:28:45 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-294.html

Note You need to log in before you can comment on or make changes to this bug.