bpftune icon indicating copy to clipboard operation
bpftune copied to clipboard

Published 20 hours ago verified publisher icon oracle

Potential memory leak

Open 0xAlcibiades opened this issue 10 months ago • 1 comments

Seen on debian 12 kernel 6.13 signed from backports, amd64 architecture

clang --analyze -I../include -I/usr/include -I/usr/include/libnl3 -I../include/uapi libbpftune.c bpftune.c tcp_buffer_tuner.c route_table_tuner.c neigh_table_tuner.c sysctl_tuner.c tcp_conn_tuner.c netns_tuner.c net_buffer_tuner.c ip_frag_tuner.c
warning: Path diagnostic report is not generated. Current output format does not support diagnostics that cross file boundaries. Refer to --analyzer-output for valid output formats
warning: Path diagnostic report is not generated. Current output format does not support diagnostics that cross file boundaries. Refer to --analyzer-output for valid output formats
warning: Path diagnostic report is not generated. Current output format does not support diagnostics that cross file boundaries. Refer to --analyzer-output for valid output formats
In file included from libbpftune.c:57:
./probe.skel.h:217:2: warning: Potential leak of memory pointed to by 's' [unix.Malloc]
        return err;
        ^~~~~~~~~~
In file included from libbpftune.c:58:
./probe.skel.legacy.h:211:2: warning: Potential leak of memory pointed to by 's' [unix.Malloc]
        return err;
        ^~~~~~~~~~
In file included from libbpftune.c:59:
./probe.skel.nobtf.h:211:2: warning: Potential leak of memory pointed to by 's' [unix.Malloc]
        return err;
        ^~~~~~~~~~
3 warnings generated.

0xAlcibiades avatar Apr 05 '24 23:04 0xAlcibiades

see https://github.com/oracle/bpftune/issues/23 this seems to be a false positive; it originates in the generated "BPF skeleton" header file

alan-maguire avatar Apr 08 '24 10:04 alan-maguire

the problem is we calloc() the skeleton progs but then later call bpf_object__destroy_skeleton() to clean up. clang analysis does not have a way to know that bpf_object__destroy_skeleton() will free the progs array:

void bpf_object__destroy_skeleton(struct bpf_object_skeleton *s) { if (!s) return;

    bpf_object__detach_skeleton(s);
    if (s->obj)
            bpf_object__close(*s->obj);
    free(s->maps);
    free(s->progs);
    free(s);

}

closing this one as it's not actually a leak.

alan-maguire avatar Jun 14 '24 13:06 alan-maguire

we can't fix this locally in bpftune as it's autogenerated bpf skeleton code..

alan-maguire avatar Jun 14 '24 13:06 alan-maguire