Bug 1509177

Summary: Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: sssdAssignee: SSSD Maintainers <sssd-maint>
Status: CLOSED ERRATA QA Contact: sssd-qe <sssd-qe>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.4CC: aheverle, anazmy, ekeck, fhanzelk, fidencio, gparente, grajaiya, jhrozek, lslebodn, mkosek, msauton, mzidek, ndehadra, pbrezina, sbose, sgoveas, sssd-maint, striker, tscherf
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: sssd-1.15.2-50.el7_4.8 Doc Type: Bug Fix
Doc Text:
Previously, the list of cache request domains was sometimes freed in the middle of a cache request operation due to the refresh domains request, as they both were using the same list. As a consequence, a segmentation fault sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache request domains' list for each cache request. As a result, SSSD no longer crashes in this case.
 Story Points: ---
Clone Of: 1505277 Environment:
Last Closed: 2017-12-05 10:51:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1505277    
Bug Blocks:    

Description Oneata Mircea Teodor 2017-11-03 09:42:28 UTC 
This bug has been copied from bug #1505277 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 5 Nikhil Dehadrai 2017-11-08 09:59:29 UTC 
IPA-server: ipa-server-4.5.0-22.el7_4.x86_64
sssd version: sssd-ipa-1.15.2-50.el7_4.8.x86_64


Verified the bug with following tests/ observations:
1. Tested that the sanity test suite for IPA-ADtrust runs successfully.
2. The failure noticed inside the test suites are already logged and tracked in separate bug bz#1479398

Thus marking the status of bug to "VERIFIED", based on above observations and comment#4.
Comment 12 errata-xmlrpc 2017-12-05 10:51:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3379
Comment 13 Jakub Hrozek 2018-01-04 11:45:11 UTC 
*** Bug 1518340 has been marked as a duplicate of this bug. ***