Bug 1745916
| Summary: | glusterfs client process memory leak after enable tls on community version 6.5 | ||
|---|---|---|---|
| Product: | [Community] GlusterFS | Reporter: | zhou lin <zz.sh.cynthia> |
| Component: | rpc | Assignee: | bugs <bugs> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6 | CC: | bugs, pasik |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-09 07:58:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: after enable ssl, glusterfs process memory leak detected Version-Release number of selected component (if applicable): glusterfs 6.5 How reproducible: Steps to Reproduce: 1.enable tls 2.do io on volume with tls enabled 3.found glusterfs client process memory increase steadily Actual results: Expected results: Additional info: I find that the following patch create new SSL_CTX for each transport, but when I check the code, I am not clear that In function socket_server_event_handler, “ret = socket_init(new_trans);” create new SSL_CTX for new_trans, but why after that, new_priv->ssl_ctx = priv->ssl_ctx; this will overwrite the newly allocated ssl_ctx in new_priv, and may cause potential memory leak, i think. Could you please brief on my confusion, many thanks! SHA-1: 06fa261207f0f0625c52fa977b96e5875e9a91e0 * socket/ssl: fix crl handling Problem: Just setting the path to the CRL directory in socket_init() wasn't working. Solution: Need to use special API to retrieve and set X509_VERIFY_PARAM and set the CRL checking flags explicitly. Also, setting the CRL checking flags is a big pain, since the connection is declared as failed if any CRL isn't found in the designated file or directory. A comment has been added to the code appropriately. Change-Id: I8a8ed2ddaf4b5eb974387d2f7b1a85c1ca39fe79 fixes: bz#1687326 Signed-off-by: Milind Changire <mchangir>