Bug 903203 - libselinux memory leak causes libvirtd to grow unbounded (with fix)
Summary: libselinux memory leak causes libvirtd to grow unbounded (with fix)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libselinux
Version: 18
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 903280
Blocks: 890039 891324
TreeView+ depends on / blocked
 
Reported: 2013-01-23 13:37 UTC by Richard W.M. Jones
Modified: 2013-03-02 20:10 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 891324
Environment:
Last Closed: 2013-03-02 20:10:02 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Richard W.M. Jones 2013-01-23 13:37:17 UTC 
+++ This bug was initially created as a clone of Bug #891324 +++

+++ This bug was initially created as a clone of Bug #890039 +++

Description of problem:

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND           
25390 rjones    20   0 10.9g  10g 8.4g S   0.0 66.8  16:34.08 libvirtd          

At least a component of this is caused by a memory leak
in libselinux.  The memory leak isn't in libselinux upstream,
but in a Fedora-specific patch that we apply to libselinux
('libselinux-rhat.patch').

This patch causes selabel_open to indirectly call a function
called 'load_mmap'.  This function strdups a string:

 spec->lr.ctx_raw = strdup((char *)addr);

but because of later faulty logic, spec->lr.ctx_raw is never
freed up.

The following patch fixes this:

--- libselinux-2.1.12/src/label_file.c.orig	2013-01-23 13:16:49.290131262 +0000
+++ libselinux-2.1.12/src/label_file.c	2013-01-23 13:17:13.202021998 +0000
@@ -535,11 +535,11 @@
 
 	for (i = 0; i < data->nspec; i++) {
 		spec = &data->spec_arr[i];
+		free(spec->lr.ctx_raw);
 		if (spec->from_mmap)
 			continue;
 		free(spec->regex_str);
 		free(spec->type_str);
-		free(spec->lr.ctx_raw);
 		free(spec->lr.ctx_trans);
 		if (spec->regcomp) {
 			pcre_free(spec->regex);

I have tested this patch and it works and reduces the memory
leakage of libvirtd in Fedora 18 (it doesn't eliminate it,
but I believe that we have another patch to libvirt which
fixes it completely).

Please apply the above patch to libselinux.
Comment 1 Richard W.M. Jones 2013-01-23 13:38:55 UTC 
Additionally, this is the valgrind log showing the memory leak:

https://bugzilla.redhat.com/attachment.cgi?id=685857
Comment 2 Daniel Walsh 2013-01-28 16:16:50 UTC 
We actually have more of a fix in rawhide.

	for (i = 0; i < data->nspec; i++) {
		spec = &data->spec_arr[i];
		free(spec->lr.ctx_trans);
		free(spec->lr.ctx_raw);
		if (spec->from_mmap)
			continue;
		free(spec->regex_str);
		free(spec->type_str);
		if (spec->regcomp) {
			pcre_free(spec->regex);
			pcre_free_study(spec->sd);
		}
	}
Comment 3 Daniel Walsh 2013-01-28 16:35:44 UTC 
Fixed in libselinux-2.1.12-7.1.fc18
Comment 4 Fedora Update System 2013-01-28 16:54:10 UTC 
libselinux-2.1.12-7.1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/libselinux-2.1.12-7.1.fc18
Comment 5 Fedora Update System 2013-01-30 00:55:40 UTC 
Package libselinux-2.1.12-7.1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libselinux-2.1.12-7.1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-1636/libselinux-2.1.12-7.1.fc18
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-03-02 20:10:08 UTC 
libselinux-2.1.12-7.1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.