[PATCH] Fix channel mux_ctx memory leak

Eiichi Tsukata eiichi.tsukata at nutanix.com
Thu May 21 09:25:13 AEST 2020 

Hello

For better understanding, here is a reproducer.

Steps to reproduce:

- Create ControlMaster

    $ ./ssh -o ControlPath=~/.ssh/mux -o ControlMaster=yes -N -n localhost

- Use multiplexing

    $ while true; do ./ssh -o ControlPath=~/.ssh/mux localhost true; done

- Watch RSS of ssh process

[eiichi at build-c7 ~]$ LANG=C pidstat -r -p 62937 10 60
Linux 3.10.0-1062.9.1.el7.x86_64 (build-c7)     05/21/20        _x86_64_        (8 CPU)

08:20:50          PID  minflt/s  majflt/s     VSZ    RSS   %MEM  Command
08:21:00        62937      0.40      0.00  128032   2920   0.04  ssh
08:21:10        62937      0.30      0.00  128164   2920   0.04  ssh
08:21:20        62937      0.40      0.00  128164   2920   0.04  ssh
08:21:30        62937      0.50      0.00  128164   2920   0.04  ssh
08:21:40        62937      0.40      0.00  128164   2920   0.04  ssh
08:21:50        62937      0.40      0.00  128164   2920   0.04  ssh
08:22:00        62937      0.40      0.00  128164   2920   0.04  ssh
08:22:10        62937      0.40      0.00  128164   2920   0.04  ssh
08:22:20        62937      0.40      0.00  128164   2920   0.04  ssh
08:22:30        62937      0.40      0.00  128292   3068   0.04  ssh
08:22:40        62937      0.30      0.00  128292   3068   0.04  ssh
08:22:50        62937      0.40      0.00  128292   3068   0.04  ssh
08:23:00        62937      0.40      0.00  128292   3068   0.04  ssh
08:23:10        62937      0.40      0.00  128292   3068   0.04  ssh
08:23:20        62937      0.40      0.00  128292   3068   0.04  ssh
08:23:30        62937      0.30      0.00  128292   3068   0.04  ssh
08:23:40        62937      0.40      0.00  128292   3068   0.04  ssh
08:23:50        62937      0.40      0.00  128292   3068   0.04  ssh
08:24:00        62937      0.40      0.00  128420   3196   0.04  ssh
08:24:10        62937      0.40      0.00  128420   3196   0.04  ssh
08:24:20        62937      0.40      0.00  128420   3196   0.04  ssh


Thanks

Eiichi

> On May 19, 2020, at 11:07, Eiichi Tsukata <eiichi.tsukata at nutanix.com> wrote:
> 
> mux_ctx is allocated at mux_master_read_cb() but not freed.
> This can cause ssh process memory leak when we use multiplexing.
> 
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
> ---
> channels.c | 2 ++
> 1 file changed, 2 insertions(+)
> 
> diff --git a/channels.c b/channels.c
> index 95a51e2..74b3cec 100644
> --- a/channels.c
> +++ b/channels.c
> @@ -621,6 +621,8 @@ channel_free(struct ssh *ssh, Channel *c)
> 	c->path = NULL;
> 	free(c->listening_addr);
> 	c->listening_addr = NULL;
> +	free(c->mux_ctx);
> +	c->mux_ctx = NULL;
> 	while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
> 		if (cc->abandon_cb != NULL)
> 			cc->abandon_cb(ssh, c, cc->ctx);
> -- 
> 1.8.3.1
>

More information about the openssh-unix-dev mailing list