[RP-PPPoE] RP-PPPoE Memory Leak?
Daniel Le
daniel.le at exfo.com
Thu Nov 13 13:58:35 EST 2014
Hi David,
For information purpose, I use RP-PPPoE 3.10 in kernel mode and PPP 2.4.5. Most of my code change is in the PPP open source code. For RP-PPPoE, I only modified plugin.c (see diffs below, based on valgrind results at end of email) and the pppoe-connect script to essentially have "RETRY_ON_FAILURE=no" (that is because the amount of memory leak is multiplied by the number of retries). I made several changes in the PPP code, but not sure this is the appropriate list to discuss PPP. If it is for the reason that PPPoE is tied with PPP, I'll follow up with patch on the PPP side. With my attempted fix, I do observe a reduction in memory leak, especially in the case of failed authentication, however the leak is not completely eliminated. By the way, valgrind doesn't detect memory loss in the Linux kernel, is that correct?
src$cvs diff -c plugin.c
Index: plugin.c
===================================================================
RCS file: /export/home/cvsroot/software/vendors/pppoe/rp-pppoe-3.10/src/plugin.c,v
retrieving revision 1.2
diff -c -r1.2 plugin.c
*** plugin.c 9 Jul 2014 19:09:56 -0000 1.2
--- plugin.c 28 Oct 2014 21:26:14 -0000
***************
*** 175,181 ****
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
sp.sa_addr.pppoe.sid = conn->session;
! memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ);
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
/* Set remote_number for ServPoET */
--- 175,182 ----
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
sp.sa_addr.pppoe.sid = conn->session;
! memset(sp.sa_addr.pppoe.dev, 0, IFNAMSIZ);
! memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
/* Set remote_number for ServPoET */
***************
*** 265,271 ****
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
sp.sa_addr.pppoe.sid = 0;
! memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ);
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
sizeof(struct sockaddr_pppox)) < 0) {
--- 266,273 ----
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
sp.sa_addr.pppoe.sid = 0;
! memset(sp.sa_addr.pppoe.dev, 0, IFNAMSIZ);
! memcpy(sp.sa_addr.pppoe.dev, conn->ifName, strlen(conn->ifName));
memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN);
if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
sizeof(struct sockaddr_pppox)) < 0) {
***************
*** 275,280 ****
--- 277,286 ----
close(conn->sessionSocket);
close(conn->discoverySocket);
+ if (conn->ifName)
+ free(conn->ifName);
+
+ free(conn);
}
A snapshot of valgrind memory check results with failed authentication
---------------------------------------------------------------------------------------
/ #/usr/lib/valgrind/valgrind --leak-check=full pppd plugin /etc/ppp/plugins/rp-pppoe.so nic-eth2 unit 2 noipdefault noauth default-asyncmap defaultroute hide-password nodetach usepeerdns mtu 1492 mru 1492 noaccomp nodeflate nopcomp novj novjccomp user pap1 lcp-echo-interval 20 lcp-echo-failure 3
==11443== Memcheck, a memory error detector
==11443== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==11443== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==11443== Command: pppd plugin /etc/ppp/plugins/rp-pppoe.so nic-eth2 unit 2 noipdefault noauth default-asyncmap defaultroute hide-password nodetach usepeerdns mtu 1492 mru 1492
==11443==
==11443== Conditional jump or move depends on uninitialised value(s)
==11443== at 0x407037: _dl_relocate_object (in /lib/ld-linux.so.2)
==11443== by 0x40E055: dl_open_worker (in /lib/ld-linux.so.2)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x40D9C5: _dl_open (in /lib/ld-linux.so.2)
==11443== by 0x53CE21: do_dlopen (in /lib/libc-2.12.so)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x53CFE4: __libc_dlopen_mode (in /lib/libc-2.12.so)
==11443== by 0x51339E: __nss_lookup_function (in /lib/libc-2.12.so)
==11443== by 0x51340E: __nss_lookup (in /lib/libc-2.12.so)
==11443== by 0x51538E: __nss_passwd_lookup2 (in /lib/libc-2.12.so)
==11443== by 0x4BDDAE: getpwuid_r@@GLIBC_2.1.2 (in /lib/libc-2.12.so)
==11443== by 0x4BD5FE: getpwuid (in /lib/libc-2.12.so)
==11443==
==11443== Conditional jump or move depends on uninitialised value(s)
==11443== at 0x406D19: _dl_relocate_object (in /lib/ld-linux.so.2)
==11443== by 0x40E055: dl_open_worker (in /lib/ld-linux.so.2)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x40D9C5: _dl_open (in /lib/ld-linux.so.2)
==11443== by 0x53CE21: do_dlopen (in /lib/libc-2.12.so)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x53CFE4: __libc_dlopen_mode (in /lib/libc-2.12.so)
==11443== by 0x51339E: __nss_lookup_function (in /lib/libc-2.12.so)
==11443== by 0x51340E: __nss_lookup (in /lib/libc-2.12.so)
==11443== by 0x51538E: __nss_passwd_lookup2 (in /lib/libc-2.12.so)
==11443== by 0x4BDDAE: getpwuid_r@@GLIBC_2.1.2 (in /lib/libc-2.12.so)
==11443== by 0x4BD5FE: getpwuid (in /lib/libc-2.12.so)
==11443==
==11443== Conditional jump or move depends on uninitialised value(s)
==11443== at 0x40645B: _dl_relocate_object (in /lib/ld-linux.so.2)
==11443== by 0x40E055: dl_open_worker (in /lib/ld-linux.so.2)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x40D9C5: _dl_open (in /lib/ld-linux.so.2)
==11443== by 0x5CCC3A: dlopen_doit (in /lib/libdl-2.12.so)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x5CD03B: _dlerror_run (in /lib/libdl-2.12.so)
==11443== by 0x5CCB70: dlopen@@GLIBC_2.1 (in /lib/libdl-2.12.so)
==11443== by 0x8062371: loadplugin (options.c:1593)
==11443== by 0x8062D65: process_option (options.c:771)
==11443== by 0x806325D: parse_args (options.c:378)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Conditional jump or move depends on uninitialised value(s)
==11443== at 0x40649E: _dl_relocate_object (in /lib/ld-linux.so.2)
==11443== by 0x40E055: dl_open_worker (in /lib/ld-linux.so.2)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x40D9C5: _dl_open (in /lib/ld-linux.so.2)
==11443== by 0x5CCC3A: dlopen_doit (in /lib/libdl-2.12.so)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x5CD03B: _dlerror_run (in /lib/libdl-2.12.so)
==11443== by 0x5CCB70: dlopen@@GLIBC_2.1 (in /lib/libdl-2.12.so)
==11443== by 0x8062371: loadplugin (options.c:1593)
==11443== by 0x8062D65: process_option (options.c:771)
==11443== by 0x806325D: parse_args (options.c:378)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Conditional jump or move depends on uninitialised value(s)
==11443== at 0x4064CF: _dl_relocate_object (in /lib/ld-linux.so.2)
==11443== by 0x40E055: dl_open_worker (in /lib/ld-linux.so.2)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x40D9C5: _dl_open (in /lib/ld-linux.so.2)
==11443== by 0x5CCC3A: dlopen_doit (in /lib/libdl-2.12.so)
==11443== by 0x409965: _dl_catch_error (in /lib/ld-linux.so.2)
==11443== by 0x5CD03B: _dlerror_run (in /lib/libdl-2.12.so)
==11443== by 0x5CCB70: dlopen@@GLIBC_2.1 (in /lib/libdl-2.12.so)
==11443== by 0x8062371: loadplugin (options.c:1593)
==11443== by 0x8062D65: process_option (options.c:771)
==11443== by 0x806325D: parse_args (options.c:378)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Invalid read of size 4
==11443== at 0x441BE17: PPPOEConnectDevice (plugin.c:178)
==11443== by 0x80617F3: start_link (auth.c:561)
==11443== by 0x8050E41: main (main.c:539)
==11443== Address 0x400ec4c is 4 bytes inside a block of size 5 alloc'd
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x441E70F: strDup (common.c:267)
==11443== by 0x441BAD4: PPPoEDevnameHook (plugin.c:115)
==11443== by 0x8061DF5: match_option (options.c:587)
==11443== by 0x8061EC3: find_option (options.c:612)
==11443== by 0x8063277: parse_args (options.c:367)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Invalid read of size 4
==11443== at 0x441BE1D: PPPOEConnectDevice (plugin.c:178)
==11443== by 0x80617F3: start_link (auth.c:561)
==11443== by 0x8050E41: main (main.c:539)
==11443== Address 0x400ec50 is 3 bytes after a block of size 5 alloc'd
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x441E70F: strDup (common.c:267)
==11443== by 0x441BAD4: PPPoEDevnameHook (plugin.c:115)
==11443== by 0x8061DF5: match_option (options.c:587)
==11443== by 0x8061EC3: find_option (options.c:612)
==11443== by 0x8063277: parse_args (options.c:367)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Invalid read of size 4
==11443== at 0x441BE23: PPPOEConnectDevice (plugin.c:178)
==11443== by 0x80617F3: start_link (auth.c:561)
==11443== by 0x8050E41: main (main.c:539)
==11443== Address 0x400ec54 is 7 bytes after a block of size 5 alloc'd
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x441E70F: strDup (common.c:267)
==11443== by 0x441BAD4: PPPoEDevnameHook (plugin.c:115)
==11443== by 0x8061DF5: match_option (options.c:587)
==11443== by 0x8061EC3: find_option (options.c:612)
==11443== by 0x8063277: parse_args (options.c:367)
==11443== by 0x8050705: main (main.c:368)
==11443==
connect: ppp2 <--> eth2
==11443== Syscall param ioctl(generic) points to uninitialised byte(s)
==11443== at 0x4F60B9: ioctl (in /lib/libc-2.12.so)
==11443== by 0x8060F53: start_networks (auth.c:877)
==11443== by 0x8060FAD: network_phase (auth.c:850)
==11443== by 0x80525DA: fsm_input (fsm.c:465)
==11443== by 0x80511D3: main (main.c:1088)
==11443== Address 0xbeea3a4a is on thread 1's stack
==11443==
LCP terminated by peer (peer refused to authenticate)
connection terminated
==11443== Invalid read of size 4
==11443== at 0x441BC53: PPPOEDisconnectDevice (plugin.c:268)
==11443== by 0x8061706: link_terminated (auth.c:665)
==11443== by 0x805037A: handle_events (main.c:1347)
==11443== by 0x8050E83: main (main.c:541)
==11443== Address 0x400ec4c is 4 bytes inside a block of size 5 alloc'd
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x441E70F: strDup (common.c:267)
==11443== by 0x441BAD4: PPPoEDevnameHook (plugin.c:115)
==11443== by 0x8061DF5: match_option (options.c:587)
==11443== by 0x8061EC3: find_option (options.c:612)
==11443== by 0x8063277: parse_args (options.c:367)
==11443== by 0x8050705: main (main.c:368)
==11443==
==11443== Invalid read of size 4
==11443== at 0x441BC5F: PPPOEDisconnectDevice (plugin.c:268)
==11443== by 0x8061706: link_terminated (auth.c:665)
==11443== by 0x805037A: handle_events (main.c:1347)
==11443== by 0x8050E83: main (main.c:541)
==11443== Address 0x400ec54 is 7 bytes after a block of size 5 alloc'd
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x441E70F: strDup (common.c:267)
==11443== by 0x441BAD4: PPPoEDevnameHook (plugin.c:115)
==11443== by 0x8061DF5: match_option (options.c:587)
==11443== by 0x8061EC3: find_option (options.c:612)
==11443== by 0x8063277: parse_args (options.c:367)
==11443== by 0x8050705: main (main.c:368)
==11443==
modem hangup
==11443==
==11443== HEAP SUMMARY:
==11443== in use at exit: 5,526 bytes in 21 blocks
==11443== total heap usage: 130 allocs, 109 frees, 49,024 bytes allocated
==11443==
==11443== 12 bytes in 1 blocks are possibly lost in loss record 5 of 21
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x804ED2A: script_setenv (main.c:1943)
==11443== by 0x8050662: main (main.c:339)
==11443==
==11443== 13 bytes in 1 blocks are possibly lost in loss record 6 of 21
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x804ED2A: script_setenv (main.c:1943)
==11443== by 0x8050923: main (main.c:470)
==11443==
==11443== 16 bytes in 1 blocks are possibly lost in loss record 7 of 21
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x804ED2A: script_setenv (main.c:1943)
==11443== by 0x8050969: main (main.c:472)
==11443==
==11443== 17 bytes in 1 blocks are possibly lost in loss record 8 of 21
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x804ED2A: script_setenv (main.c:1943)
==11443== by 0x80508FE: main (main.c:467)
==11443==
==11443== 29 bytes in 1 blocks are possibly lost in loss record 13 of 21
==11443== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==11443== by 0x804ED2A: script_setenv (main.c:1943)
==11443== by 0x441BE92: PPPOEConnectDevice (plugin.c:201)
==11443== by 0x80617F3: start_link (auth.c:561)
==11443== by 0x8050E41: main (main.c:539)
==11443==
==11443== LEAK SUMMARY:
==11443== definitely lost: 0 bytes in 0 blocks
==11443== indirectly lost: 0 bytes in 0 blocks
==11443== possibly lost: 87 bytes in 5 blocks
==11443== still reachable: 5,439 bytes in 16 blocks
==11443== suppressed: 0 bytes in 0 blocks
==11443== Reachable blocks (those to which a pointer was found) are not shown.
==11443== To see them, rerun with: --leak-check=full --show-reachable=yes
==11443==
==11443== For counts of detected and suppressed errors, rerun with: -v
==11443== Use --track-origins=yes to see where uninitialised values come from
==11443== ERROR SUMMARY: 20 errors from 17 contexts (suppressed: 16 from 8)
/ #
-----Original Message-----
From: rp-pppoe-bounces at lists.roaringpenguin.com [mailto:rp-pppoe-bounces at lists.roaringpenguin.com] On Behalf Of F. Skoll
Sent: Thursday, November 13, 2014 11:31 AM
To: rp-pppoe at lists.roaringpenguin.com
Subject: Re: [RP-PPPoE] RP-PPPoE Memory Leak?
On Thu, 13 Nov 2014 16:06:40 +0000
Daniel Le <daniel.le at exfo.com> wrote:
> Has anyone come across a memory leak in the following scenarios?
No. I'd like to see your patch, though, to see what you did to fix the suspected leak.
Regards,
David.
_______________________________________________
RP-PPPoE mailing list
RP-PPPoE at lists.roaringpenguin.com
http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/rp-pppoe
More information about the RP-PPPoE
mailing list