Memory leak in the server due to McAfee's "mfeaack" module

Solution Verified - Updated -

Issue

  • Memory utilization of the system increases 1GB per day.

  • From the vmcore, a huge memory usage is observed on the server:


    crash> kmem -i PAGES TOTAL PERCENTAGE TOTAL MEM 3042629 11.6 GB ---- FREE 95101 371.5 MB 3% of TOTAL MEM USED 2947528 11.2 GB 96% of TOTAL MEM <<--- SHARED 661135 2.5 GB 21% of TOTAL MEM BUFFERS 26502 103.5 MB 0% of TOTAL MEM CACHED 1027230 3.9 GB 33% of TOTAL MEM SLAB 73412 286.8 MB 2% of TOTAL MEM TOTAL HUGE 0 0 ---- HUGE FREE 0 0 0% of TOTAL HUGE TOTAL SWAP 6553599 25 GB ---- SWAP USED 10742 42 MB 0% of TOTAL SWAP SWAP FREE 6542857 25 GB 99% of TOTAL SWAP COMMIT LIMIT 8074913 30.8 GB ---- COMMITTED 588464 2.2 GB 7% of TOTAL LIMIT
  • Only 7.21% (0.84 GB) memory is utilized by user-space processes out of the total memory on the server(11.6 GB) :

    crash> ps -G | tail -n +2 | cut -b2- | gawk '{mem += $8} END {print "total " mem/1048576 "GB"}'
    total 0.836407GB  <==
    
  • No memory is allocated to the balloon driver:

    crash> sym balloon
    ffffffffc04733e0 (b) balloon [vmw_balloon]
    
    crash> pd (( struct vmballoon *)0xffffffffc04733e0)->size
    $1 = 0  <== 
    
  • The issue starts right after loading McAfee's mfeaack module:

    [    9.966394] mfeaack: loading out-of-tree module taints kernel.
    [    9.966402] WARNING: module 'mfeaack' built without retpoline-enabled compiler, may affect Spectre v2 mitigation
    [    9.967016] mfeaack: module verification failed: signature and/or required key missing - tainting kernel
    [    9.969756] AAC rule matching/reporting engine initialized successfully
    [    9.969778] AAC module was inserted successfully. Version is - 10.5.1.1578  <<---
    

Environment

  • Red Hat Enterprise Linux 7
  • McAfee's mfeaack module
    • McAfeeFMP-10.5.1-1578.x86_64
  • VMware® Virtual Machine

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In