Hi,
if an nss provider dies during a request the nss responders dies due to a double free error minutes after the request was sent. The responder does not handle the unfinished request and so they stay around and the client has to wait for a response until SSS_CLI_SOCKET_TIMEOUT (5 minutes) is over. During the termination of the request the sss_dp_callback structure is free two times which lead to an abort in the nss responder.
The first patch add a handler which removes all open requests after a reconnect. The second one is only marginally related to the described issue but makes sure that cmdctx, the parent or grand-parent memory context of the sss_dp_callback structure, is always allocate with talloc_zero. The third patch removes the explicit talloc_free of the sss_dp_callback structures, because they are already freed because cmdctx was freed during the callback.
bye, Sumit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/25/2010 09:51 AM, Sumit Bose wrote:
Hi,
if an nss provider dies during a request the nss responders dies due to a double free error minutes after the request was sent. The responder does not handle the unfinished request and so they stay around and the client has to wait for a response until SSS_CLI_SOCKET_TIMEOUT (5 minutes) is over. During the termination of the request the sss_dp_callback structure is free two times which lead to an abort in the nss responder.
The first patch add a handler which removes all open requests after a reconnect. The second one is only marginally related to the described issue but makes sure that cmdctx, the parent or grand-parent memory context of the sss_dp_callback structure, is always allocate with talloc_zero. The third patch removes the explicit talloc_free of the sss_dp_callback structures, because they are already freed because cmdctx was freed during the callback.
Looks good to me. Ack.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 10/26/2010 07:51 AM, Stephen Gallagher wrote:
On 10/25/2010 09:51 AM, Sumit Bose wrote:
Hi,
if an nss provider dies during a request the nss responders dies due to a double free error minutes after the request was sent. The responder does not handle the unfinished request and so they stay around and the client has to wait for a response until SSS_CLI_SOCKET_TIMEOUT (5 minutes) is over. During the termination of the request the sss_dp_callback structure is free two times which lead to an abort in the nss responder.
The first patch add a handler which removes all open requests after a reconnect. The second one is only marginally related to the described issue but makes sure that cmdctx, the parent or grand-parent memory context of the sss_dp_callback structure, is always allocate with talloc_zero. The third patch removes the explicit talloc_free of the sss_dp_callback structures, because they are already freed because cmdctx was freed during the callback.
Looks good to me. Ack.
Pushed to master and sssd-1-4.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org