[Bug 262743] Memory leak in security/strongswan's charon daemon when communicating over vici socket.

From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 27 Jul 2022 17:14:38 UTC

--- Comment #5 from MichaƂ Skalski <mskalski13@gmail.com> ---
Thank you very much for the clues

(In reply to Mark Millard from comment #4)

Yes, using default value 12 (I used stock qemu VM image):

    # sysctl vm.pageout_oom_seq
    vm.pageout_oom_seq: 12

(In reply to Kubilay Kocak from comment #3)

Result of `uname -a` (vm image FreeBSD-13.1-RELEASE)|

    FreeBSD freebsd 13.1-RELEASE FreeBSD 13.1-RELEASE
releng/13.1-n250148-fc952ac2212 GENERIC  amd64

and the same is for:

    FreeBSD freebsd 13.1-RELEASE FreeBSD 13.1-RELEASE
releng/13.1-n250148-fc952ac2212 GENERIC  arm64

Indeed, the packaged version (strongswan-5.9.6_2, either installed from binary
package or built from ports) behaves different. Still memory usage increases,
but only RSS one (VMS does not change in observable period) and in much lower
scale, raise is rather logarithmic than linear.

I compared then configure options for strongswan port and among other
differences `--with-printf-hooks=builtin` option is specified by default for
the port version. 

So I tested again sources of strongswan 5.9.6 - the same as used for ports and
when the strongswan is configured with:

    ./configure --disable-kernel-netlink --enable-kernel-pfroute
--enable-kernel-pfkey --disable-gmp --enable-openssl \
                --enable-mediation --disable-scripts --with-group=wheel
--enable-gcm --enable-ccm --enable-pkcs11 \

(only `--with-printf-hooks=builtin` is added) the memory usage is similar to
packaged version even for unpatched original sources. Without this option (or
when port version is compiled with `libc` printf-hook which I believe is
default one) memory usage raises quickly as in this bug report.

I must have missed that on previous tests, I didn't notice that VMS does not
rise, and RSS raises on much smaller scale.
Also checked for `printf-hooks=vstr` and it is memory usage increase is
slightly bigger than for `builtin`, but still VMS is constant.

I'm still not sure if for `printf-hooks=builtin` memory does not raise too
much, I will check it.

You are receiving this mail because:
You are the assignee for the bug.