Message ID | cover.1676651944.git.iecedge@gmail.com |
---|---|
Headers | show |
Series | UBUNTU: audit: fix memory leak of audit_log_lsm() | expand |
On 2/17/23 10:05 AM, Jianlin Lv wrote: > BugLink: https://bugs.launchpad.net/bugs/1987430 > > [Impact] > > Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory > started to ramp up slowly that growth ~1 GB a day. > > [Fix] > > The memory leak is an allocated struct audit_buffer object in > audit_log_lsm() that to record LSM attributes. > Free audit buffer before audit_log_lsm() return. > > [Test Plan] > > 1.Disable apparmor module by append apparmor=0 to grub > > 2.Start auditd service with following audit rule: > -a exit,always -F arch=b64 -S execve > -a exit,always -F arch=b32 -S execve > > 3.Using Kmemleak to check if memory leak has occurred > $ cat /sys/kernel/debug/kmemleak > or Keep watching for changes in slabinfo > $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" > > Jianlin Lv (1): > UBUNTU: audit: fix memory leak of audit_log_lsm() > > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > Acked-by: Tim Gardner <tim.gardner@canonical.com> Have you reported this upstream ? We could carry this patch, but it needs SAUCE: in the subject which can be added when the patch is applied.
On Wed, Feb 22, 2023 at 12:18 AM Tim Gardner <tim.gardner@canonical.com> wrote: > > On 2/17/23 10:05 AM, Jianlin Lv wrote: > > BugLink: https://bugs.launchpad.net/bugs/1987430 > > > > [Impact] > > > > Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory > > started to ramp up slowly that growth ~1 GB a day. > > > > [Fix] > > > > The memory leak is an allocated struct audit_buffer object in > > audit_log_lsm() that to record LSM attributes. > > Free audit buffer before audit_log_lsm() return. > > > > [Test Plan] > > > > 1.Disable apparmor module by append apparmor=0 to grub > > > > 2.Start auditd service with following audit rule: > > -a exit,always -F arch=b64 -S execve > > -a exit,always -F arch=b32 -S execve > > > > 3.Using Kmemleak to check if memory leak has occurred > > $ cat /sys/kernel/debug/kmemleak > > or Keep watching for changes in slabinfo > > $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" > > > > Jianlin Lv (1): > > UBUNTU: audit: fix memory leak of audit_log_lsm() > > > > kernel/auditsc.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > Acked-by: Tim Gardner <tim.gardner@canonical.com> > > Have you reported this upstream ? > > We could carry this patch, but it needs SAUCE: in the subject which can > be added when the patch is applied. This issue is introduced by 85ff537962 (UBUNTU: SAUCE: Audit: Add new record for multiple process LSM attributes). The corresponding upstream patches have not landed in the Linux kernel mainline. In this case, Should I commit patches v2 with SAUCE? > -- > ----------- > Tim Gardner > Canonical, Inc >
On 2/22/23 12:25 AM, Jianlin Lv wrote: > On Wed, Feb 22, 2023 at 12:18 AM Tim Gardner <tim.gardner@canonical.com> wrote: >> >> On 2/17/23 10:05 AM, Jianlin Lv wrote: >>> BugLink: https://bugs.launchpad.net/bugs/1987430 >>> >>> [Impact] >>> >>> Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory >>> started to ramp up slowly that growth ~1 GB a day. >>> >>> [Fix] >>> >>> The memory leak is an allocated struct audit_buffer object in >>> audit_log_lsm() that to record LSM attributes. >>> Free audit buffer before audit_log_lsm() return. >>> >>> [Test Plan] >>> >>> 1.Disable apparmor module by append apparmor=0 to grub >>> >>> 2.Start auditd service with following audit rule: >>> -a exit,always -F arch=b64 -S execve >>> -a exit,always -F arch=b32 -S execve >>> >>> 3.Using Kmemleak to check if memory leak has occurred >>> $ cat /sys/kernel/debug/kmemleak >>> or Keep watching for changes in slabinfo >>> $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" >>> >>> Jianlin Lv (1): >>> UBUNTU: audit: fix memory leak of audit_log_lsm() >>> >>> kernel/auditsc.c | 5 +++-- >>> 1 file changed, 3 insertions(+), 2 deletions(-) >>> >> Acked-by: Tim Gardner <tim.gardner@canonical.com> >> >> Have you reported this upstream ? >> >> We could carry this patch, but it needs SAUCE: in the subject which can >> be added when the patch is applied. > > This issue is introduced by 85ff537962 (UBUNTU: SAUCE: Audit: Add new > record for multiple process LSM attributes). The corresponding upstream > patches have not landed in the Linux kernel mainline. > In this case, Should I commit patches v2 with SAUCE? > That shouldn't be necessary. >> -- >> ----------- >> Tim Gardner >> Canonical, Inc >>
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com> On Fri, Feb 17, 2023 at 9:06 AM Jianlin Lv <iecedge@gmail.com> wrote: > BugLink: https://bugs.launchpad.net/bugs/1987430 > > [Impact] > > Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory > started to ramp up slowly that growth ~1 GB a day. > > [Fix] > > The memory leak is an allocated struct audit_buffer object in > audit_log_lsm() that to record LSM attributes. > Free audit buffer before audit_log_lsm() return. > > [Test Plan] > > 1.Disable apparmor module by append apparmor=0 to grub > > 2.Start auditd service with following audit rule: > -a exit,always -F arch=b64 -S execve > -a exit,always -F arch=b32 -S execve > > 3.Using Kmemleak to check if memory leak has occurred > $ cat /sys/kernel/debug/kmemleak > or Keep watching for changes in slabinfo > $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" > > Jianlin Lv (1): > UBUNTU: audit: fix memory leak of audit_log_lsm() > > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > -- > 2.25.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team >
On 17.02.23 18:05, Jianlin Lv wrote: > BugLink: https://bugs.launchpad.net/bugs/1987430 > > [Impact] > > Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory > started to ramp up slowly that growth ~1 GB a day. > > [Fix] > > The memory leak is an allocated struct audit_buffer object in > audit_log_lsm() that to record LSM attributes. > Free audit buffer before audit_log_lsm() return. > > [Test Plan] > > 1.Disable apparmor module by append apparmor=0 to grub > > 2.Start auditd service with following audit rule: > -a exit,always -F arch=b64 -S execve > -a exit,always -F arch=b32 -S execve > > 3.Using Kmemleak to check if memory leak has occurred > $ cat /sys/kernel/debug/kmemleak > or Keep watching for changes in slabinfo > $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" > > Jianlin Lv (1): > UBUNTU: audit: fix memory leak of audit_log_lsm() > > kernel/auditsc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > Applied to jammy:linux/master-next adding "SAUCE:" and a "Fixes:". Thanks. I saw that the bug report also has a Kinetic task but not seeing any submission for that. Is that expected? -Stefan
On Fri, Feb 24, 2023 at 5:44 PM Stefan Bader <stefan.bader@canonical.com> wrote: > > On 17.02.23 18:05, Jianlin Lv wrote: > > BugLink: https://bugs.launchpad.net/bugs/1987430 > > > > [Impact] > > > > Under upgrading server to Ubuntu 22.04 with kernel 5.15.0-XX, memory > > started to ramp up slowly that growth ~1 GB a day. > > > > [Fix] > > > > The memory leak is an allocated struct audit_buffer object in > > audit_log_lsm() that to record LSM attributes. > > Free audit buffer before audit_log_lsm() return. > > > > [Test Plan] > > > > 1.Disable apparmor module by append apparmor=0 to grub > > > > 2.Start auditd service with following audit rule: > > -a exit,always -F arch=b64 -S execve > > -a exit,always -F arch=b32 -S execve > > > > 3.Using Kmemleak to check if memory leak has occurred > > $ cat /sys/kernel/debug/kmemleak > > or Keep watching for changes in slabinfo > > $ watch "sudo cat /proc/slabinfo | grep kmalloc-2k" > > > > Jianlin Lv (1): > > UBUNTU: audit: fix memory leak of audit_log_lsm() > > > > kernel/auditsc.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > Applied to jammy:linux/master-next adding "SAUCE:" and a "Fixes:". > Thanks. I saw that the bug report also has a Kinetic task but not seeing > any submission for that. Is that expected? Have no background about why this memleak issue affects Kinetic. Check auditsc.c of Kinetic and didn't find the same memleak issue as jammy. Jianlin > > -Stefan > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team