tcpdump mailing list archives
Re: Memory leak in libpcap (top of tree) and/or kernel
From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Fri, 10 Jul 2009 17:09:36 -0700
Guy, you were 100% right.I think the routine usb_cleanup_linux_mmap(pcap_t* handle) should be modified as follows:
diff --git a/pcap-usb-linux.c b/pcap-usb-linux.c
index 3d7cb2c..9ad8953 100644
--- a/pcap-usb-linux.c
+++ b/pcap-usb-linux.c
@@ -835,6 +835,9 @@ usb_cleanup_linux_mmap(pcap_t* handle)
{
/* buffer must not be freed because it's memory mapped */
/* XXX - does it need to be unmapped? */
+ int len = ioctl(handle->fd, MON_IOCQ_RING_SIZE);
+
+ munmap(handle->buffer, len);
handle->buffer = NULL;
pcap_cleanup_live_common(handle);
}
I'm not too happy about querying again the fd for the RING_SIZE (it should
be stored in the pcap_t structure), but I tried it on my VM and it seems to
work ok. BTW, it's interesting there is a note about the missing munmap in
the code...
What do you think? Have a nice day GV----- Original Message ----- From: "Guy Harris" <guy () alum mit edu>
To: <tcpdump-workers () lists tcpdump org> Sent: Friday, July 10, 2009 3:45 PMSubject: Re: [tcpdump-workers] Memory leak in libpcap (top of tree) and/or kernel
On Jul 10, 2009, at 3:35 PM, Gianluca Varenni wrote:I just discovered an interesting leak with the libpcap 1.0 or the current top-of-tree.On Fedora 10, kernel 2.6.27.5 or 2.6.27.12, there is a memory leak by which a simple program like this one will eventually use all the memory on the system (as reported by top) and eventually the application gets killed by the OS (and as a side effect the graphical system gets killed too and restarts). This happens only if the usbmon devices are listed (I tried on a VM disabling and enabling the virtual USB controller. No VM tools are installed on the guest, we are able to replicate it on a physical machine).The interesting part is that in top the memory usage of the process is always < 1%, but the total amount of free memory on the system goes down to few megabytes, until the OS finally kills the process.Spot the potential leaks: $ egrep -l 'mmap\(' *.c pcap-bpf.c pcap-dag.c pcap-linux.c pcap-usb-linux.c $ egrep -l 'munmap\(' *.c pcap-bpf.c pcap-linux.cI suspect the close routines for Linux USB devices - and DAG devices - need to unmap any buffer they have.As pcap_findalldevs() checks whether the device can be opened, the USB devices will be opened and closed; that leaks address space, and it might leak kernel wired memory. It's not leaking anonymous pages, though, so it might not show up as memory usage.- This is the tcpdump-workers list.Visit https://cod.sandelman.ca/ to unsubscribe.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Memory leak in libpcap (top of tree) and/or kernel Gianluca Varenni (Jul 10)
- Re: Memory leak in libpcap (top of tree) and/or kernel Guy Harris (Jul 10)
- Re: Memory leak in libpcap (top of tree) and/or kernel Gianluca Varenni (Jul 10)
- Re: Memory leak in libpcap (top of tree) and/or kernel Guy Harris (Jul 11)
- Re: Memory leak in libpcap (top of tree) and/or kernel Gianluca Varenni (Jul 13)
- Re: Memory leak in libpcap (top of tree) and/or kernel Gianluca Varenni (Jul 10)
- Re: Memory leak in libpcap (top of tree) and/or Stephen Donnelly (Jul 12)
- Re: Memory leak in libpcap (top of tree) and/or kernel Guy Harris (Jul 10)