Project

General

Profile

Bug #12086

memory leak in iscsit_process_negotiated_values

Added by Mike Gerdts 6 months ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Assignee:
Category:
comstar - iSCSI/FC/SAS target
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

While testing #4454,

kmem_alloc_8 leak: 1 buffer, 8 bytes
            ADDR          BUFADDR        TIMESTAMP           THREAD
                            CACHE          LASTLOG         CONTENTS
ffffff071ea9bcd0 ffffff071eac8ae0     161bec07b35b ffffff0020c19c20
                 ffffff06e1627008 ffffff06ef64aa40 ffffff0707e74748
                 kmem_cache_alloc_debug+0x2fc
                 kmem_cache_alloc+0x135
                 kmem_alloc+0x4b
                 ddi_strdup+0x5e
                 strdup+0x10
                 iscsit_process_negotiated_values+0x9c
                 login_sm_ffp_actions+0xe
                 login_sm_new_state+0x1f0
                 login_sm_responding+0x7a
                 login_sm_event_dispatch+0x15b
                 iscsit_login_sm_event_locked+0xe7
                 iscsit_login_sm_event+0x52
                 iscsit_pdu_op_login_cmd+0x13
                 iscsit_deferred+0xe3
                 taskq_thread+0x315

This is from line 2628 - 2629:

2621         if ((nvrc = nvlist_lookup_string(lsm->icl_negotiated_values,
2622             "InitiatorAlias", &string_val)) != ENOENT) {
2623                 ASSERT(nvrc == 0);
2624                 ict->ict_sess->ist_initiator_alias =
2625                     kmem_alloc(strlen(string_val) + 1, KM_SLEEP);
2626                 (void) strcpy(ict->ict_sess->ist_initiator_alias, string_val);
2627                 if (ict->ict_sess->ist_stmf_sess)
2628                         ict->ict_sess->ist_stmf_sess->ss_rport_alias =
2629                             strdup(string_val);

This is a little bit of a mess because sometimes ss_rport_alias is assigned a value like we see above, other times it is a reference to a string in other structures. For instance, in fct_process_prli()

1662                         irp->irp_session->ss_rport_alias = irp->irp_snn;

And the teardown path is just as confused. We are lucky that we are just leaking.

In iscsit_sess_unref():

237                 if (iss->ss_rport_alias)
238                         strfree(iss->ss_rport_alias);

In stmf_dregister_scsi_session():

3943         if (ss->ss_rport_alias) {
3944                 ss->ss_rport_alias = NULL;
3945         }

History

#1

Updated by John Levon 5 months ago

  • Assignee set to John Levon

Also available in: Atom PDF