First Last Prev Next    This bug is not in your last search results.
Bug 1268772 - ns-slapd crash double free in pagedresults_cleanup
ns-slapd crash double free in pagedresults_cleanup
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
6.8
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
: ZStream
Depends On: 1267296
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-05 04:30 EDT by Jan Kurik
Modified: 2015-11-10 04:15 EST (History)
8 users (show)

See Also:
Fixed In Version: 389-ds-base-1.2.11.15-65.el6_7
Doc Type: Bug Fix
Doc Text:
Cause: When a search results object was freed, there was a window until the freed information was set to the pagedresults handle. If the paged-results handle was released due to a timeout in the window, double free occurred. Fix: The window is eliminated and there is no chance for the double free now.
Story Points: ---
Clone Of: 1267296
Environment:
Last Closed: 2015-11-10 04:15:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jan Kurik 2015-10-05 04:30:11 EDT 
This bug has been copied from bug #1267296 and has been proposed
to be backported to 6.7 z-stream (EUS).
Comment 4 Noriko Hosoi 2015-10-06 20:16:59 EDT 
For verification...
It is extremely hard to reproduce the bug with the standalone 389-ds-base.
I recommend to run
1) tet simple paged results test suite
2) upstream simple paged results related test cases.
3) run ldapsearch -E pr=<page_size> -l <timelimit>
   and wait longer than <timelimit> in the middle of the paging.
   If the connection is closed with T2 (SLAPD_DISCONNECT_IO_TIMEOUT) without any problem, test is passed.

Ideally, set up IPA/SSSD and stress DS with short timelimit (nsslapd-timelimit in cn=config in dse.ldif) and short client_idle_timeout in sssd.conf.  Then, stress the DS via SSSD.  If it runs fine with no crash for long enough (one day?), we are confident to say verified.
Comment 5 Sankar Ramalingam 2015-10-21 13:27:29 EDT 
1. Executed simplepaged acceptance tests. No regression found.

############## Result  for  backend test :   SIMPLEPAGED run
    SIMPLEPAGED run elapse time : 00:04:57
    SIMPLEPAGED run Tests PASS      : 100% (17/17)

2. Executed simplepaged search with -E pr=15 -l 9 and waited for more than the timelimit. nsslapd-timelimit is set to 7, cn=config in dse.ldif.
The connection got closed without any problem.

3. Currently, I am stressing the server with add/modify/delete/search in an IPA environment to check if there are crashes. nsslapd-timelimit value in cn=config is set to 7 and value for client_idle_timeout in sssd.conf is set 9. I will observe the setup for about 24hrs and then update the bug with my findings.
Comment 6 Sankar Ramalingam 2015-10-22 13:08:29 EDT 
Stressed directory sever for 24hrs and I observed no crashes. Hence, marking the bug as Verified.

[root@vm-idm-004 ~]# rpm -qa |egrep 'ipa-|389-ds-'
ipa-server-3.0.0-47.el6.x86_64
ipa-python-3.0.0-47.el6.x86_64
sssd-ipa-1.12.4-47.el6.x86_64
ipa-client-3.0.0-47.el6.x86_64
ipa-pki-common-theme-9.0.3-7.el6.noarch
389-ds-base-1.2.11.15-65.el6_7.x86_64
ipa-admintools-3.0.0-47.el6.x86_64
389-ds-base-debuginfo-1.2.11.15-65.el6_7.x86_64
389-ds-base-libs-1.2.11.15-65.el6_7.x86_64
ipa-pki-ca-theme-9.0.3-7.el6.noarch
ipa-server-selinux-3.0.0-47.el6.x86_64
Comment 8 errata-xmlrpc 2015-11-10 04:15:20 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1998.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.