Bug 1571183
Summary: | when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | zhenggu | ||||
Component: | nss | Assignee: | nss-nspr-maint <nss-nspr-maint> | ||||
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.9 | CC: | ccoleman, dwysocha, esandeen, farandac, gblomqui, hkario, nss-nspr-maint, rkrawitz, rrelyea, syangsao, toneata | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1779325 (view as bug list) | Environment: | |||||
Last Closed: | 2019-07-03 12:28:50 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1779325, 1879249 | ||||||
Attachments: |
|
Description
zhenggu
2018-04-24 09:07:03 UTC
This mechanism is used by NSS to ensure optimal performance when using the certificate database (that includes the system-wide trust store). It is used to reliably detect if the storage that contains the certificate database is accessed over network or using a network file-system, or using directly attached storage. Setting the NSS_SDB_USE_CACHE environment variable will disable the autodetection mechanism. dentry in the kernel memory is considered part of system "cache", and as such, will be freed by kernel automatically as soon as real applications require more memory, but as long as there is free memory available, it will be used instead of freeing the cache so I don't see any incorrect behaviour in either NSS, curl or kernel that would require fixing Since this is a RHEL6 bug and the conversation should probably have not been here, I have created a RHEL7 bug where we can track any further incidents and consider whether an alternative algorithm is appropriate for RHEL7: https://bugzilla.redhat.com/show_bug.cgi?id=1779325 Created attachment 1641805 [details]
patch to remove negative dcache entries post-test
Here's a patch that works for me, it could use review. Happy to send it to an upstream list if that's appropriate.
Oops sorry, that was supposed to go on bug #1779325 |