Hello
For better understanding, here is a reproducer.
Steps to reproduce:
- Create ControlMaster
$ ./ssh -o ControlPath=~/.ssh/mux -o ControlMaster=yes -N -n localhost
- Use multiplexing
$ while true; do ./ssh -o ControlPath=~/.ssh/mux localhost true; done
- Watch RSS of ssh process
[eiichi at build-c7 ~]$ LANG=C pidstat -r -p 62937 10 60
Linux 3.10.0-1062.9.1.el7.x86_64 (build-c7) 05/21/20 _x86_64_
(8 CPU)
08:20:50 PID minflt/s majflt/s VSZ RSS %MEM Command
08:21:00 62937 0.40 0.00 128032 2920 0.04 ssh
08:21:10 62937 0.30 0.00 128164 2920 0.04 ssh
08:21:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:30 62937 0.50 0.00 128164 2920 0.04 ssh
08:21:40 62937 0.40 0.00 128164 2920 0.04 ssh
08:21:50 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:00 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:10 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:20 62937 0.40 0.00 128164 2920 0.04 ssh
08:22:30 62937 0.40 0.00 128292 3068 0.04 ssh
08:22:40 62937 0.30 0.00 128292 3068 0.04 ssh
08:22:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:00 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:10 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:20 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:30 62937 0.30 0.00 128292 3068 0.04 ssh
08:23:40 62937 0.40 0.00 128292 3068 0.04 ssh
08:23:50 62937 0.40 0.00 128292 3068 0.04 ssh
08:24:00 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:10 62937 0.40 0.00 128420 3196 0.04 ssh
08:24:20 62937 0.40 0.00 128420 3196 0.04 ssh
Thanks
Eiichi
> On May 19, 2020, at 11:07, Eiichi Tsukata <eiichi.tsukata at
nutanix.com> wrote:
>
> mux_ctx is allocated at mux_master_read_cb() but not freed.
> This can cause ssh process memory leak when we use multiplexing.
>
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata at nutanix.com>
> ---
> channels.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/channels.c b/channels.c
> index 95a51e2..74b3cec 100644
> --- a/channels.c
> +++ b/channels.c
> @@ -621,6 +621,8 @@ channel_free(struct ssh *ssh, Channel *c)
> c->path = NULL;
> free(c->listening_addr);
> c->listening_addr = NULL;
> + free(c->mux_ctx);
> + c->mux_ctx = NULL;
> while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) {
> if (cc->abandon_cb != NULL)
> cc->abandon_cb(ssh, c, cc->ctx);
> --
> 1.8.3.1
>