Bug 1435615 – nscd is not caching ldap netgroup data properly, hangs on nscd -i netgroup

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1435615 - nscd is not caching ldap netgroup data properly, hangs on nscd -i netgroup

Summary:	nscd is not caching ldap netgroup data properly, hangs on nscd -i netgroup

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	glibc (Show other bugs)
Sub Component:
Version:	7.2
Hardware:	x86_64 Linux

Priority	medium Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	DJ Delorie
QA Contact:	Sergey Kolosov
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:	1277672
Blocks:	1420851 1473718
	Show dependency tree / graph

Reported:	2017-03-24 07:41 EDT by Deepu K S
Modified:	2018-04-10 10:00 EDT (History)
CC List:	14 users (show)

See Also:
Fixed In Version:	glibc-2.17-201.el7
Doc Type:	Bug Fix
Doc Text:	Cause: incorrect use of locks in nscd Consequence: On systems where netgroups are cached by nscd, nscd may occasionally hang, resulting in a failure to notice updates in cached information. Fix: nscd has been patched to properly release its internal locks when handling cache timeouts. Result: Cache data should properly update now.
Story Points:	---
Clone Of:	1277672
Environment:
Last Closed:	2018-04-10 09:58:28 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Sourceware	22161	None	None	None	2017-09-21 03:37 EDT
Debian BTS	800523	None	None	None	2017-03-24 07:41 EDT
Red Hat Product Errata	RHSA-2018:0805	None	None	None	2018-04-10 10:00 EDT

Groups: None (edit)

Comment 8 DJ Delorie 2017-09-26 11:56:18 EDT

To reproduce the core of this issue, the following steps must happen:

* Configure a service that nscd can cache, which provides netgroup maps.  I use LDAP but others should work also.
* Ensure it has at least one positive query for "in net group" (which may require other maps)
* Perform multiple identical "in net group" queries within the TTL time.  If the cached service is remote, you can tell when you have enough when network traffic stops.  I used getent netgroup QAUsers "" testuser23461 ""

(the bug has now been triggered; the next steps show the effects)

* wait for the entry to time out (the positive TTL time).
* If you watch the logs (enable debug) you can see the message where the cleanup task tries to purge it, or after the timeout time, you can use "nscd -i netgroup" to force a purge

If you let the cleanup task run, you can attach to nscd with gdb and "info threads" - one will be waiting for a write lock.

If you use "nscd -i netgroup" it will hang.

To "reset" this test, you need to stop nscd *and* manually remove the persistent cached databases it uses.

Comment 13 errata-xmlrpc 2018-04-10 09:58:28 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0805

Note You need to log in before you can comment on or make changes to this bug.