Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
IMA seems to cause a ton of kernel messages on every file access due to not understanding the openafs cache. This slows down the client and generates large volumes of log traffic, e.g.:
ima_file_free: V9356 open/free imbalance (r:0 w:-21 o:-21 f:0)
The rate at which these messages are logged when running OpenAFS is excessive leading to disk space utilisation and performance problems.
Version-Release number of selected component (if applicable):
2.6.32-*.el6
How reproducible:
100%
Steps to Reproduce:
1. Configure OpenAFS with a RHEL6 kernel that enables IMA
2. Access some files
Actual results:
Log spamming of the form:
ima_file_free: V9356 open/free imbalance (r:0 w:-21 o:-21 f:0)
On every file access.
Expected results:
Upstream has already modified this to limit the volume of log messages.
Additional info:
author Mimi Zohar <zohar.com>
committer Eric Paris <eparis>
Wed, 9 Dec 2009 20:58:05 +0000 (15:58 -0500)
commit 632eb15fdd4f87886138ab3511f0b651abffe9df
ima: limit imbalance msg
Limit the number of imbalance messages to once per filesystem type instead of
once per system boot. (it's actually slightly racy and could give you a
couple per fs, but this isn't a real issue)
Signed-off-by: Mimi Zohar <zohar.com>
Acked-by: Mimi Zohar <zohar.ibm.com>
Comment 2RHEL Program Management
2010-04-22 18:23:53 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
inclusion.
I'm trying to test the attached patch on the kernel source from the 2.6.32-19.el6 SRPM (from ftp.redhat.com/pub/redhat/rhel/beta/6/source/SRPMS/), but it doesn't apply cleanly. A few hunks fail in fs/namei.c, and it looks like it's based on a different tree than the current SRPM - for instance the context lines have handle_truncate(), which doesn't exist in the version I'm looking at.
I guess you may be working from something more recent than the published SRPM.
Yes I am. Some of the patches that are needed to make this work are not in the -19 kernel :(. I'm going to try to find one of the old versions of the patch for you to test.
That patch does apply cleanly on the -19 kernel, thanks. I haven't been able to complete the build and test yet, I'll post an update when I have. It's pretty clear from the code that this should take care of the issue for OpenAFS.
I completed some tests and can confirm that as expected, IMA warnings are no longer an issue with the patch applied, tested with the current OpenAFS.
Thanks
I also had success with this patch and OpenAFS-1.5.74 (the current development release) + http://git.openafs.org/?p=openafs.git;a=commit;h=14195f0f48d52dd3a81c52c4a3bc2078857d0f86 . It even works with SELinux in enforcing mode once all the labels are right.
This will be the basic setup for all further work with the beta here.
Thanks for the patch, and for making this BZ public.
The patch has been posted for review by the internal Red Hat kernel team. We have not yet committed to inclusion but we are pursuing the process for inclusion in EL6. I believe that comment #2 is still the 'official' position.
Since nobody has confirmed here, I'll just mention that I got a chance to test openafs with kernel-2.6.32-44.2 and I can confirm that the issue is indeed resolved.
Comment 32releng-rhel@redhat.com
2010-11-11 15:48:41 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.