Bug 1745916 - glusterfs client process memory leak after enable tls on community version 6.5
Summary: glusterfs client process memory leak after enable tls on community version 6.5
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: GlusterFS
Classification: Community
Component: rpc
Version: 6
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: bugs@gluster.org
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-27 08:33 UTC by zhou lin
Modified: 2019-12-09 07:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-09 07:58:55 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:


Attachments (Terms of Use)

Description zhou lin 2019-08-27 08:33:09 UTC
Description of problem:
after enable ssl, glusterfs process memory leak detected

Version-Release number of selected component (if applicable):

glusterfs 6.5
How reproducible:


Steps to Reproduce:
1.enable tls
2.do io on volume with tls enabled
3.found glusterfs client process memory increase steadily

Actual results:


Expected results:


Additional info:
I find that the following patch create new SSL_CTX for each transport, but when I check the code, I am not clear that 
In function socket_server_event_handler, “ret = socket_init(new_trans);” create new SSL_CTX for new_trans, but why after that, new_priv->ssl_ctx = priv->ssl_ctx; this will overwrite the newly allocated ssl_ctx in new_priv, and may cause potential memory leak, i think.
      Could you please brief on my confusion, many thanks!


SHA-1: 06fa261207f0f0625c52fa977b96e5875e9a91e0

* socket/ssl: fix crl handling

Problem:
Just setting the path to the CRL directory in socket_init() wasn't working.

Solution:
Need to use special API to retrieve and set X509_VERIFY_PARAM and set
the CRL checking flags explicitly.
Also, setting the CRL checking flags is a big pain, since the connection
is declared as failed if any CRL isn't found in the designated file or
directory. A comment has been added to the code appropriately.

Change-Id: I8a8ed2ddaf4b5eb974387d2f7b1a85c1ca39fe79
fixes: bz#1687326
Signed-off-by: Milind Changire <mchangir>


Note You need to log in before you can comment on or make changes to this bug.