Home » Mailing list archives » linux-kernel » 2010 » November » 23

Inotify memory leak

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Vegard Nossum
Subject: Inotify memory leak
Date: Tuesday, November 23, 2010 - 4:15 pm

Hi,

Inotify does not clean up properly when it fails to create the file
descriptor. So it leaks kernel memory. Watch "slabtop" while running
this program:

#include <sys/inotify.h>
#include <unistd.h>

int main(int argc, char *argv[])
{
        int fds[2];

        /* Circumvent max inotify instances limit */
        while (pipe(fds) != -1)
                ;

        while (1)
                inotify_init();

        return 0;
}

Specifically, the problem is in inotify_init1 where the group pointer is leaked:

        group = inotify_new_group(user, inotify_max_queued_events);
[...]
        ret = anon_inode_getfd("inotify", &inotify_fops, group,
                                  O_RDONLY | flags);
        if (ret >= 0)
                return ret;

        atomic_dec(&user->inotify_devs);
out_free_uid:
        free_uid(user);
        return ret;

I think it should be easily fixed by calling fsnotify_put_group() at
the right place.


Vegard
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Inotify memory leak, Vegard Nossum, (Tue Nov 23, 4:15 pm)
Re: Inotify memory leak, Eric Paris, (Tue Nov 23, 4:25 pm)