Memory leak in the server due to McAfee's "mfeaack" module
Issue
-
Memory utilization of the system increases 1GB per day.
-
From the vmcore, a huge memory usage is observed on the server:
crash> kmem -i PAGES TOTAL PERCENTAGE TOTAL MEM 3042629 11.6 GB ---- FREE 95101 371.5 MB 3% of TOTAL MEM USED 2947528 11.2 GB 96% of TOTAL MEM <<--- SHARED 661135 2.5 GB 21% of TOTAL MEM BUFFERS 26502 103.5 MB 0% of TOTAL MEM CACHED 1027230 3.9 GB 33% of TOTAL MEM SLAB 73412 286.8 MB 2% of TOTAL MEM TOTAL HUGE 0 0 ---- HUGE FREE 0 0 0% of TOTAL HUGE TOTAL SWAP 6553599 25 GB ---- SWAP USED 10742 42 MB 0% of TOTAL SWAP SWAP FREE 6542857 25 GB 99% of TOTAL SWAP COMMIT LIMIT 8074913 30.8 GB ---- COMMITTED 588464 2.2 GB 7% of TOTAL LIMIT -
Only 7.21% (0.84 GB) memory is utilized by user-space processes out of the total memory on the server(11.6 GB) :
crash> ps -G | tail -n +2 | cut -b2- | gawk '{mem += $8} END {print "total " mem/1048576 "GB"}' total 0.836407GB <==
-
No memory is allocated to the balloon driver:
crash> sym balloon ffffffffc04733e0 (b) balloon [vmw_balloon] crash> pd (( struct vmballoon *)0xffffffffc04733e0)->size $1 = 0 <==
-
The issue starts right after loading McAfee's mfeaack module:
[ 9.966394] mfeaack: loading out-of-tree module taints kernel. [ 9.966402] WARNING: module 'mfeaack' built without retpoline-enabled compiler, may affect Spectre v2 mitigation [ 9.967016] mfeaack: module verification failed: signature and/or required key missing - tainting kernel [ 9.969756] AAC rule matching/reporting engine initialized successfully [ 9.969778] AAC module was inserted successfully. Version is - 10.5.1.1578 <<---
Environment
- Red Hat Enterprise Linux 7
- McAfee's
mfeaack
moduleMcAfeeFMP-10.5.1-1578.x86_64
- VMware® Virtual Machine
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.