+++ This bug was initially created as a clone of Bug #891324 +++ +++ This bug was initially created as a clone of Bug #890039 +++ Description of problem: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 25390 rjones 20 0 10.9g 10g 8.4g S 0.0 66.8 16:34.08 libvirtd At least a component of this is caused by a memory leak in libselinux. The memory leak isn't in libselinux upstream, but in a Fedora-specific patch that we apply to libselinux ('libselinux-rhat.patch'). This patch causes selabel_open to indirectly call a function called 'load_mmap'. This function strdups a string: spec->lr.ctx_raw = strdup((char *)addr); but because of later faulty logic, spec->lr.ctx_raw is never freed up. The following patch fixes this: --- libselinux-2.1.12/src/label_file.c.orig 2013-01-23 13:16:49.290131262 +0000 +++ libselinux-2.1.12/src/label_file.c 2013-01-23 13:17:13.202021998 +0000 @@ -535,11 +535,11 @@ for (i = 0; i < data->nspec; i++) { spec = &data->spec_arr[i]; + free(spec->lr.ctx_raw); if (spec->from_mmap) continue; free(spec->regex_str); free(spec->type_str); - free(spec->lr.ctx_raw); free(spec->lr.ctx_trans); if (spec->regcomp) { pcre_free(spec->regex); I have tested this patch and it works and reduces the memory leakage of libvirtd in Fedora 18 (it doesn't eliminate it, but I believe that we have another patch to libvirt which fixes it completely). Please apply the above patch to libselinux.
Additionally, this is the valgrind log showing the memory leak: https://bugzilla.redhat.com/attachment.cgi?id=685857
We actually have more of a fix in rawhide. for (i = 0; i < data->nspec; i++) { spec = &data->spec_arr[i]; free(spec->lr.ctx_trans); free(spec->lr.ctx_raw); if (spec->from_mmap) continue; free(spec->regex_str); free(spec->type_str); if (spec->regcomp) { pcre_free(spec->regex); pcre_free_study(spec->sd); } }
Fixed in libselinux-2.1.12-7.1.fc18
libselinux-2.1.12-7.1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/libselinux-2.1.12-7.1.fc18
Package libselinux-2.1.12-7.1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libselinux-2.1.12-7.1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-1636/libselinux-2.1.12-7.1.fc18 then log in and leave karma (feedback).
libselinux-2.1.12-7.1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.