Description of problem: TPS has many leaks in its startup code. This needs to be fixed because at least some of the leaky code in now performed in the client post-fork - making the problem worse than it was before. Version-Release number of selected component (if applicable): How reproducible: Start the TPS under valgrind. Fix the leaks! Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 331046 [details] patch to fix multiple bugs Patch to fix: 484268: length validation checks needed for TPS inputs added for TPS roles 224889: TPS: configuration wizard: when no server-side-keygen option is selected, CS.cfg contains incorrect values 431158: mis-display Serial Number on TPS Agent page 483303: for IPA compatibility, change groups used in TPS to groupOfNames 484077: Adding _All Profiles_ or any of the given profiles to the the TPS admin does not reflect in the Profile memberships and this bug -- TPS startup code is leaky. Note: I do not eliminate all leaks - just the most noxious ones on startup, and any leaks that get larger as the application continues. cfu, please review!
Please separate the fixes into each respective bug next time. thanks. mharmsen please take note in attribute change for migration tool. cfu+
builder@dhcp231-124 tps]$ svn ci -m "Bugzilla BZ# 481670 and others" Sending tps/forms/esc/cgi-bin/sow/cfg.pl Sending tps/lib/perl/PKI/TPS/DRMInfoPanel.pm Sending tps/scripts/addAgents.ldif Sending tps/src/engine/RA.cpp Sending tps/src/include/engine/RA.h Sending tps/src/include/tus/tus_db.h Sending tps/src/main/ConfigStore.cpp Sending tps/src/modules/tokendb/mod_tokendb.cpp Sending tps/src/processor/RA_Enroll_Processor.cpp Sending tps/src/tus/tus_db.c Transmitting file data .......... Committed revision 211. [builder@dhcp231-124 tps]$ svn ci -m "Bugzilla BZ# 481670 and others" Sending tps/pki-tps.spec Transmitting file data . Committed revision 212.
Can you please add steps to run TPS through valgrind? Thanks
sure -- in /etc/init.d/pki-tps, there is a section which looks like : if [ -x /etc/init.d/functions ]; then /usr/sbin/selinuxenabled RETVAL=$? if [ $RETVAL = 0 ] ; then if [ ${ARCHITECTURE} = "i386" ] ; then LANG=$HTTPD_LANG daemon runcon -t pki_tps_t -- $httpd $OPTIONS # overwrite output from "daemon" echo -n $"Starting $prog: " elif [ ${ARCHITECTURE} = "x86_64" ] ; then # NOTE: "daemon" is incompatible with "httpd" # on 64-bit architectures LANG=$HTTPD_LANG runcon -t pki_tps_t -- $httpd $OPTIONS fi else LANG=$HTTPD_LANG daemon $httpd $OPTIONS # overwrite output from "daemon" echo -n $"Starting $prog: " fi else LANG=$HTTPD_LANG $httpd $OPTIONS -k start fi You need to replace the appropriate line (depending on architecture and OS) LANG $HTTP_LANG runcon -t pki_tps_t -- $httpd $OPTIONS with : valgrind --trace-children=yes --log-file=/tmp/results/foo LANG $HTTP_LANG runcon -t pki_tps_t -- $httpd $OPTIONS This will create log files for the parent and child processes in /tmp/results. Make sure to create the directory /tmp/results. The restart the TPS. The results may be useful, but please note that not all memory leaks have been fixed - so its not clear that running this is useful for QE. A more appropriate test would be to run the TPS under a load and confirm that the rate of memory leak is not too large. Between this fix and a later one on leaks, most of the leaks while running the tps have been fixed.
Verified - output of valgrind issues [root@qe-blade-11 results]# ./valpyk.py foo.12* line ==12888== Syscall param semctl(IPC_SET, arg.buf) points to uninitialised byte(s) is param error but did not match regex_param Total: 0 (0) Total: 0 (0)
Created attachment 350644 [details] valgrind logs starting TPS with no log signing Reopening bug: there are still a few startup leaks with TPS and with log signing enabled remaining to be fixed see attached valgrind logs
Created attachment 350645 [details] valgrind logs restart log signing enabled logs with audit signing enabled
dropping priority