Bug 1380166

Summary: polkitd keeps consuming RAM
Product: Red Hat Enterprise Linux 7 Reporter: Paulo Andrade <pandrade>
Component: polkitAssignee: Miloslav Trmač <mitr>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.2CC: alanm, ayadav, cww, jwright, ksrot, mitr, mkolaja, pkis, toneata
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: polkit-0.112-11.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1418935 1418936 (view as bug list) Environment:
Last Closed: 2017-08-28 13:21:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1298243, 1418935, 1418936    
Attachments:
Description Flags
polkit-valgrind-debug.log
none
polkit-valgrind-debug--test_package.log none

Description Paulo Andrade 2016-09-28 20:15:51 UTC 
Created attachment 1205662 [details]
polkit-valgrind-debug.log

User problem description:
"""
polkitd process starts with 27Mb of memory footprint and grows to over 1G within a day or two

RHEL 7.2 with Gnome, all latest patches applied

always, while the box is up, reproducible
"""

  When installing debug packages and run polkit under
valgrind, a sample of the leaks is attached.

  On another valgrind run, but before installing debuginfo
packages, and run for a longer time a larger leak was detected:
==8970== 6,785,263 bytes in 344,167 blocks are definitely lost in loss record 2,375 of 2,375
==8970==    at 0x4C29BFD: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==8970==    by 0x5CD11E6: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x115B49: ??? (in /usr/lib/polkit-1/polkitd)
==8970==    by 0x5C57868: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x5C50E28: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x5C5774C: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x5C579C8: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x5C57D14: ??? (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x5BC3559: JS_CallFunctionName (in /usr/lib64/libmozjs-17.0.so)
==8970==    by 0x114884: ??? (in /usr/lib/polkit-1/polkitd)
==8970==    by 0x118AFC: ??? (in /usr/lib/polkit-1/polkitd)
==8970==    by 0x1194DF: ??? (in /usr/lib/polkit-1/polkitd)
Comment 4 Paulo Andrade 2016-10-03 16:29:28 UTC 
Created attachment 1206930 [details]
polkit-valgrind-debug--test_package.log

  User run a test package under valgrind over the
weekend with this patch:

diff -up polkit-0.112/src/polkitbackend/polkitbackendjsauthority.c.orig polkit-0.112/src/polkitbackend/polkitbackendjsauthority.c
--- polkit-0.112/src/polkitbackend/polkitbackendjsauthority.c.orig	2016-09-30 16:05:49.011691879 -0300
+++ polkit-0.112/src/polkitbackend/polkitbackendjsauthority.c	2016-09-30 16:06:07.547670140 -0300
@@ -1420,7 +1420,6 @@ js_polkit_spawn (JSContext  *cx,
           goto out;
 	}
       s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
-      s = JS_EncodeString (cx, JSVAL_TO_STRING (elem_val));
       argv[n] = g_strdup (s);
       JS_free (cx, s);
     }

and it appears to not have leaks, just not released
resources at exit.
Comment 15 amit yadav 2016-12-20 14:20:55 UTC 
Created attachment 1233891 [details]
polkit-valgrind.log
Comment 32 Miloslav Trmač 2017-08-28 14:04:23 UTC 
FWIW, the fix was published on the main RHEL 7 branch as https://access.redhat.com/errata/RHBA-2017:1306 .