Hide Forgot
Description of problem: IMA seems to cause a ton of kernel messages on every file access due to not understanding the openafs cache. This slows down the client and generates large volumes of log traffic, e.g.: ima_file_free: V9356 open/free imbalance (r:0 w:-21 o:-21 f:0) The rate at which these messages are logged when running OpenAFS is excessive leading to disk space utilisation and performance problems. Version-Release number of selected component (if applicable): 2.6.32-*.el6 How reproducible: 100% Steps to Reproduce: 1. Configure OpenAFS with a RHEL6 kernel that enables IMA 2. Access some files Actual results: Log spamming of the form: ima_file_free: V9356 open/free imbalance (r:0 w:-21 o:-21 f:0) On every file access. Expected results: Upstream has already modified this to limit the volume of log messages. Additional info: author Mimi Zohar <zohar@us.ibm.com> committer Eric Paris <eparis@redhat.com> Wed, 9 Dec 2009 20:58:05 +0000 (15:58 -0500) commit 632eb15fdd4f87886138ab3511f0b651abffe9df ima: limit imbalance msg Limit the number of imbalance messages to once per filesystem type instead of once per system boot. (it's actually slightly racy and could give you a couple per fs, but this isn't a real issue) Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
Created attachment 408627 [details] Patch which fixes IMA object lifetime thus making it work with AFS
*** Bug 585286 has been marked as a duplicate of this bug. ***
I'm trying to test the attached patch on the kernel source from the 2.6.32-19.el6 SRPM (from ftp.redhat.com/pub/redhat/rhel/beta/6/source/SRPMS/), but it doesn't apply cleanly. A few hunks fail in fs/namei.c, and it looks like it's based on a different tree than the current SRPM - for instance the context lines have handle_truncate(), which doesn't exist in the version I'm looking at. I guess you may be working from something more recent than the published SRPM.
Yes I am. Some of the patches that are needed to make this work are not in the -19 kernel :(. I'm going to try to find one of the old versions of the patch for you to test.
Created attachment 409960 [details] Same basic fix, hopefully applies to older RHEL6 kernels
That patch does apply cleanly on the -19 kernel, thanks. I haven't been able to complete the build and test yet, I'll post an update when I have. It's pretty clear from the code that this should take care of the issue for OpenAFS.
BTW it would also be very nice to see this fixed in Fedora 12, where it has also been a problem, or a move to 2.6.33.
I completed some tests and can confirm that as expected, IMA warnings are no longer an issue with the patch applied, tested with the current OpenAFS. Thanks
I also had success with this patch and OpenAFS-1.5.74 (the current development release) + http://git.openafs.org/?p=openafs.git;a=commit;h=14195f0f48d52dd3a81c52c4a3bc2078857d0f86 . It even works with SELinux in enforcing mode once all the labels are right. This will be the basic setup for all further work with the beta here. Thanks for the patch, and for making this BZ public.
Is it known yet if this patch will be the released version of EL6? I want to file a support request through our support account if not.
The patch has been posted for review by the internal Red Hat kernel team. We have not yet committed to inclusion but we are pursuing the process for inclusion in EL6. I believe that comment #2 is still the 'official' position.
Is there any update on the 'official' position on this patch? Had a look at the beta 2 kernel source and it doesn't look like this has made it in yet.
Patch(es) available on kernel-2.6.32-42.el6
*** Bug 534113 has been marked as a duplicate of this bug. ***
*** Bug 593329 has been marked as a duplicate of this bug. ***
Since nobody has confirmed here, I'll just mention that I got a chance to test openafs with kernel-2.6.32-44.2 and I can confirm that the issue is indeed resolved.
Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.
*** Bug 589760 has been marked as a duplicate of this bug. ***