Bug 1268772 - ns-slapd crash double free in pagedresults_cleanup
ns-slapd crash double free in pagedresults_cleanup
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: Noriko Hosoi
Viktor Ashirov
: ZStream
Depends On: 1267296
  Show dependency treegraph
Reported: 2015-10-05 04:30 EDT by Jan Kurik
Modified: 2015-11-10 04:15 EST (History)
8 users (show)

See Also:
Fixed In Version: 389-ds-base-
Doc Type: Bug Fix
Doc Text:
Cause: When a search results object was freed, there was a window until the freed information was set to the pagedresults handle. If the paged-results handle was released due to a timeout in the window, double free occurred. Fix: The window is eliminated and there is no chance for the double free now.
Story Points: ---
Clone Of: 1267296
Last Closed: 2015-11-10 04:15:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Kurik 2015-10-05 04:30:11 EDT
This bug has been copied from bug #1267296 and has been proposed
to be backported to 6.7 z-stream (EUS).
Comment 4 Noriko Hosoi 2015-10-06 20:16:59 EDT
For verification...
It is extremely hard to reproduce the bug with the standalone 389-ds-base.
I recommend to run
1) tet simple paged results test suite
2) upstream simple paged results related test cases.
3) run ldapsearch -E pr=<page_size> -l <timelimit>
   and wait longer than <timelimit> in the middle of the paging.
   If the connection is closed with T2 (SLAPD_DISCONNECT_IO_TIMEOUT) without any problem, test is passed.

Ideally, set up IPA/SSSD and stress DS with short timelimit (nsslapd-timelimit in cn=config in dse.ldif) and short client_idle_timeout in sssd.conf.  Then, stress the DS via SSSD.  If it runs fine with no crash for long enough (one day?), we are confident to say verified.
Comment 5 Sankar Ramalingam 2015-10-21 13:27:29 EDT
1. Executed simplepaged acceptance tests. No regression found.

############## Result  for  backend test :   SIMPLEPAGED run
    SIMPLEPAGED run elapse time : 00:04:57
    SIMPLEPAGED run Tests PASS      : 100% (17/17)

2. Executed simplepaged search with -E pr=15 -l 9 and waited for more than the timelimit. nsslapd-timelimit is set to 7, cn=config in dse.ldif.
The connection got closed without any problem.

3. Currently, I am stressing the server with add/modify/delete/search in an IPA environment to check if there are crashes. nsslapd-timelimit value in cn=config is set to 7 and value for client_idle_timeout in sssd.conf is set 9. I will observe the setup for about 24hrs and then update the bug with my findings.
Comment 6 Sankar Ramalingam 2015-10-22 13:08:29 EDT
Stressed directory sever for 24hrs and I observed no crashes. Hence, marking the bug as Verified.

[root@vm-idm-004 ~]# rpm -qa |egrep 'ipa-|389-ds-'
Comment 8 errata-xmlrpc 2015-11-10 04:15:20 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.