On Wed, May 17, 2006 at 10:35:59PM -0400, Frederic Briere wrote: > [I'm setting this to severity: critical because it has the potential to > bring the kernel to a grinding halt.]
Well, but it can only be done by root, and only be enabling monitor mode for some longer time. It seems to be one of the "don't do that then"-bugs. > Recently, I've been using this dongle in monitor mode with kismet. I > noticed that all the while that kismet was running, the kernel was > slowly growing in size. This growth would appear to pause when kismet > was stopped, but the memory thus allocated cannot be reclaimed, even > when unloading the prism2_usb and p80211 modules (or any other > unloadable module for that matter). [...] > A few precisions: > > * The memory leak is obvious when running kismet, but I cannot swear > that it does not occur otherwise. Maybe it's not the monitor mode as > much as the high level of traffic that results from it. > > * As I pointed out, I only used this adaptor sporadically before, so I > couldn't say whether this is a recent bug or an old one. > > * Even going into runlevel 1 and unloading every module that allows > itself to be unloaded (this includes all of the prism2 and USB > modules) does not free the reserved memory. Thanks for the detailed report! I think I've found a leak in the -usb monitor code. If I get this right it leaks a few bytes on every received packet, since it copies the device name, but doesn't free the string again. The leak is in prism2/driver/hfa384x_usb.c, line 4359, msg->devname isn't freed again AFAICS. I've attached a patch that removes that strcpy and just uses wlandev->name directly. Could you apply that patch and see if it fixes the leak? I'm not sure that just dropping the strcpy is entirely safe. It could be possible that wlandev is freed (and ->name with it), while it's still referenced by msg->devname. That'd probably cause an oops. So long story short, it'd be great if you could test this out, also check if module unloading, bringing the interface up/down, enabling/disabling monitor mode several times, ... I'd probably save important stuff and sync before trying it though :) HTH, Christian Aichinger
diff -Nur linux-wlan-ng-0.2.4+svn20060414.orig/src/prism2/driver/hfa384x_usb.c
linux-wlan-ng-0.2.4+svn20060414/src/prism2/driver/hfa384x_usb.c
--- linux-wlan-ng-0.2.4+svn20060414.orig/src/prism2/driver/hfa384x_usb.c
2006-04-14 10:28:44.000000000 +0200
+++ linux-wlan-ng-0.2.4+svn20060414/src/prism2/driver/hfa384x_usb.c
2006-06-10 20:29:02.000000000 +0200
@@ -4356,7 +4356,7 @@
/* Initialize the message members */
msg->msgcode = DIDmsg_lnxind_wlansniffrm;
msg->msglen = sizeof(p80211msg_lnxind_wlansniffrm_t);
- strcpy(msg->devname, wlandev->name);
+ msg->devname = wlandev->name;
msg->hosttime.did = DIDmsg_lnxind_wlansniffrm_hosttime;
msg->hosttime.status = 0;
signature.asc
Description: Digital signature
