Actions
Bug #12086
open
memory leak in iscsit_process_negotiated_values
Status:
New
Priority:
Normal
Assignee:
-
Category:
comstar - iSCSI/FC/SAS target
Start date:
Due date:
% Done:
0%
Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
External Bug:
Description
While testing #4454,
kmem_alloc_8 leak: 1 buffer, 8 bytes
ADDR BUFADDR TIMESTAMP THREAD
CACHE LASTLOG CONTENTS
ffffff071ea9bcd0 ffffff071eac8ae0 161bec07b35b ffffff0020c19c20
ffffff06e1627008 ffffff06ef64aa40 ffffff0707e74748
kmem_cache_alloc_debug+0x2fc
kmem_cache_alloc+0x135
kmem_alloc+0x4b
ddi_strdup+0x5e
strdup+0x10
iscsit_process_negotiated_values+0x9c
login_sm_ffp_actions+0xe
login_sm_new_state+0x1f0
login_sm_responding+0x7a
login_sm_event_dispatch+0x15b
iscsit_login_sm_event_locked+0xe7
iscsit_login_sm_event+0x52
iscsit_pdu_op_login_cmd+0x13
iscsit_deferred+0xe3
taskq_thread+0x315
This is from line 2628 - 2629:
2621 if ((nvrc = nvlist_lookup_string(lsm->icl_negotiated_values,
2622 "InitiatorAlias", &string_val)) != ENOENT) {
2623 ASSERT(nvrc == 0);
2624 ict->ict_sess->ist_initiator_alias =
2625 kmem_alloc(strlen(string_val) + 1, KM_SLEEP);
2626 (void) strcpy(ict->ict_sess->ist_initiator_alias, string_val);
2627 if (ict->ict_sess->ist_stmf_sess)
2628 ict->ict_sess->ist_stmf_sess->ss_rport_alias =
2629 strdup(string_val);
This is a little bit of a mess because sometimes ss_rport_alias is assigned a value like we see above, other times it is a reference to a string in other structures. For instance, in fct_process_prli()
1662 irp->irp_session->ss_rport_alias = irp->irp_snn;
And the teardown path is just as confused. We are lucky that we are just leaking.
In iscsit_sess_unref():
237 if (iss->ss_rport_alias) 238 strfree(iss->ss_rport_alias);
In stmf_dregister_scsi_session():
3943 if (ss->ss_rport_alias) {
3944 ss->ss_rport_alias = NULL;
3945 }
Updated by
Actions