Bug 481670 - TPS startup code is leaky!
TPS startup code is leaky!
Status: NEW
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
unspecified
All Linux
medium Severity medium
: 1.0
: ---
Assigned To: Ade Lee
Ben Levenson
:
Depends On:
Blocks: 530474
  Show dependency treegraph
 
Reported: 2009-01-26 18:01 EST by Ade Lee
Modified: 2015-01-04 19:12 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix multiple bugs (26.66 KB, patch)
2009-02-05 14:25 EST, Ade Lee
no flags Details | Diff
valgrind logs starting TPS with no log signing (70.00 KB, application/x-tar)
2009-07-06 13:02 EDT, Jenny Galipeau
no flags Details
valgrind logs restart log signing enabled (90.00 KB, application/x-tar)
2009-07-06 13:03 EDT, Jenny Galipeau
no flags Details

  None (edit)
Description Ade Lee 2009-01-26 18:01:21 EST
Description of problem:

TPS has many leaks in its startup code.  This needs to be fixed because at  least some of the leaky code in now performed in the client post-fork - making the problem worse than it was before.



Version-Release number of selected component (if applicable):


How reproducible:
Start the TPS under valgrind.  Fix the leaks!

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Ade Lee 2009-02-05 14:25:48 EST
Created attachment 331046 [details]
patch to fix multiple bugs

Patch to fix: 
484268: length validation checks needed for TPS inputs added for TPS roles  
224889: TPS: configuration wizard: when no server-side-keygen option is selected, CS.cfg contains incorrect values
431158: mis-display Serial Number on TPS Agent page
483303:  for IPA compatibility, change groups used in TPS to groupOfNames
484077: Adding _All Profiles_ or any of the given profiles to the the TPS admin does not reflect in the Profile memberships

and this bug -- TPS startup code is leaky.

Note: I do not eliminate all leaks - just the most noxious ones on startup, and any leaks that get larger as the application continues.

cfu, please review!
Comment 2 Christina Fu 2009-02-05 20:25:47 EST
Please separate the fixes into each respective bug next time.  thanks.
mharmsen please take note in attribute change for migration tool.

cfu+
Comment 3 Ade Lee 2009-02-06 00:20:47 EST
builder@dhcp231-124 tps]$ svn ci -m "Bugzilla BZ# 481670 and others"
Sending        tps/forms/esc/cgi-bin/sow/cfg.pl
Sending        tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
Sending        tps/scripts/addAgents.ldif
Sending        tps/src/engine/RA.cpp
Sending        tps/src/include/engine/RA.h
Sending        tps/src/include/tus/tus_db.h
Sending        tps/src/main/ConfigStore.cpp
Sending        tps/src/modules/tokendb/mod_tokendb.cpp
Sending        tps/src/processor/RA_Enroll_Processor.cpp
Sending        tps/src/tus/tus_db.c
Transmitting file data ..........
Committed revision 211.

[builder@dhcp231-124 tps]$ svn ci -m "Bugzilla BZ# 481670 and others"
Sending        tps/pki-tps.spec
Transmitting file data .
Committed revision 212.
Comment 4 Jenny Galipeau 2009-06-25 16:09:12 EDT
Can you please add steps to run TPS through valgrind? Thanks
Comment 5 Ade Lee 2009-06-25 16:32:22 EDT
sure -- in /etc/init.d/pki-tps, there is a section which looks like :

      if [ -x /etc/init.d/functions ]; then
                /usr/sbin/selinuxenabled
                RETVAL=$?
                if [ $RETVAL = 0 ] ; then
                        if [ ${ARCHITECTURE} = "i386" ] ; then
                                LANG=$HTTPD_LANG daemon runcon -t pki_tps_t -- $httpd $OPTIONS
                                # overwrite output from "daemon"
                                echo -n $"Starting $prog:                                        "
                        elif [ ${ARCHITECTURE} = "x86_64" ] ; then
                                # NOTE:  "daemon" is incompatible with "httpd"
                                #        on 64-bit architectures
                                LANG=$HTTPD_LANG runcon -t pki_tps_t -- $httpd $OPTIONS
                        fi
                else
                        LANG=$HTTPD_LANG daemon $httpd $OPTIONS
                        # overwrite output from "daemon"
                        echo -n $"Starting $prog:                                        "
                fi
        else
                LANG=$HTTPD_LANG $httpd $OPTIONS -k start
        fi

You need to replace the appropriate line (depending on architecture and OS)

LANG $HTTP_LANG runcon -t pki_tps_t -- $httpd $OPTIONS

with :

valgrind --trace-children=yes --log-file=/tmp/results/foo LANG $HTTP_LANG runcon -t pki_tps_t -- $httpd $OPTIONS

This will create log files for the parent and child processes in /tmp/results.  Make sure to create the directory /tmp/results.

The restart the TPS.

The results may be useful, but please note that not all memory leaks have been fixed - so its not clear that running this is useful for QE.  A more appropriate test would be to run the TPS under a load and confirm that the rate of memory leak is not too large.  Between this fix and a later one on leaks, most of the leaks while running the tps have been fixed.
Comment 12 Jenny Galipeau 2009-06-26 16:19:38 EDT
Verified - output of valgrind issues

[root@qe-blade-11 results]# ./valpyk.py foo.12*
line ==12888== Syscall param semctl(IPC_SET, arg.buf) points to uninitialised
byte(s) is param error but did not match regex_param
Total: 0 (0)

Total: 0 (0)
Comment 13 Jenny Galipeau 2009-07-06 13:02:35 EDT
Created attachment 350644 [details]
valgrind logs starting TPS with no log signing

Reopening bug: 
there are still a few startup leaks with TPS and with log signing enabled remaining to be fixed see attached valgrind logs
Comment 14 Jenny Galipeau 2009-07-06 13:03:12 EDT
Created attachment 350645 [details]
valgrind logs restart log signing enabled

logs with audit signing enabled
Comment 15 Jenny Galipeau 2009-07-06 13:03:34 EDT
dropping priority

Note You need to log in before you can comment on or make changes to this bug.