Bug 491419 - leaking file descriptors
leaking file descriptors
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nss_ldap (Show other bugs)
4.7
All Linux
high Severity high
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE
: OtherQA
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-20 17:09 EDT by Jeff Bastian
Modified: 2011-01-10 16:24 EST (History)
10 users (show)

See Also:
Fixed In Version: nss_ldap-253-7.el4
Doc Type: Bug Fix
Doc Text:
libnss-ldap does not pay attention to error codes received from LDAP servers. Therefore, if a process (such as nscd) attempted to re-open a connection after an LDAP server closed the connection, nss-ldap would previously leak file descriptors. A long-lived caller process would eventually run out of file descriptors and enter a loop, preventing any further name service activity. Nss-ldap now checks whether a socket has been closed by the LDAP server and avoids leaking file descriptors.
Story Points: ---
Clone Of: 428837
Environment:
Last Closed: 2009-05-18 16:20:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix leaking file descriptors (2.88 KB, patch)
2009-03-20 17:37 EDT, Jeff Bastian
no flags Details | Diff
patch to fix leaking file descriptors (4.02 KB, patch)
2009-03-20 17:59 EDT, Jeff Bastian
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Debian BTS 401758 None None None Never

  None (edit)
Description Jeff Bastian 2009-03-20 17:09:07 EDT
+++ This bug was initially created as a clone of Bug #428837 +++

Description of problem:
nscd against an LDAP directory service appears to leak file descriptors like
crazy.  Eventually, nscd hits the 1024 limit and goes into a loop consuming 100%
CPU attempting to reconnect to the LDAP server and getting EMFILE.  It appears
that the leaking is triggered by having to reconnect to the LDAP server.

Test machine marvin has just rebooted.  The lsof shows that nscd has no leaked
FDs and a TCP connection to the ldap server.

My workstation, anduril shows that nscd is using over 1,000 FDs show as:

   nscd      24468      nscd 1001u     sock                0,5            
11243699 can't identify protocol

and then a TCP connection to the LDAP server.

Busted machine, uni01svn's lsof shows lots of the above and the last file
descriptor is 1023.  Its done, it can't spare an FD to connect to the LDAP server.

Version-Release number of selected component (if applicable):
nscd-2.3.4-2.41-x86_64
nss_ldap-253-5.el4-x86_64


How reproducible:
This seems to build as LDAP reconnections are required.
Comment 1 Jeff Bastian 2009-03-20 17:37:54 EDT
Created attachment 336123 [details]
patch to fix leaking file descriptors

This is a very slightly modified patch to apply to RHEL4 nss_ldap tree.
Comment 2 Jeff Bastian 2009-03-20 17:59:56 EDT
Created attachment 336124 [details]
patch to fix leaking file descriptors

Never mind, the original patch actually applies cleanly.
Comment 8 Chris Ward 2009-04-01 04:16:45 EDT
Support, Customers, 

I have uploaded test packages that should fix this issue below. These packages - if the issue reported can be confirmed as resolved - will be included in the upcoming 4.8 release.

http://people.redhat.com/cward/4.8/nss_ldap/

The latest 4.8 Beta can be downloaded from RHN @ 
https://rhn.redhat.com/network/software/download_isos_full.pxt

Please test and provide us with feedback ASAP.
Comment 10 Mark Huth 2009-04-17 23:58:09 EDT
I can confirm that the test package fixes the issue for my customer in CRM 1881376.  Now the customer is asking about getting some supported hotfix packages!

Thanks
Comment 12 Ruediger Landmann 2009-05-06 02:09:15 EDT
Release note added. If any revisions are required, please set the 
"requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly.
All revisions will be proofread by the Engineering Content Services team.

New Contents:
libnss-ldap does not pay attention to error codes received from LDAP servers. Therefore, if a process (such as nscd) attempted to re-open a connection after an LDAP server closed the connection, nss-ldap would previously leak file descriptors. A long-lived caller process would eventually run out of file descriptors and enter a loop, preventing any further name service activity. Nss-ldap now checks whether a socket has been closed by the LDAP server and avoids leaking file descriptors.
Comment 13 errata-xmlrpc 2009-05-18 16:20:00 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0986.html

Note You need to log in before you can comment on or make changes to this bug.