Unix domain socket leak in 6-STABLE
Alexandre Biancalana
biancalana at gmail.com
Thu Jun 14 20:41:39 UTC 2007
On 6/14/07, Marc G. Fournier <freebsd at hub.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> - --On Thursday, June 14, 2007 14:03:27 -0300 Alexandre Biancalana
> <biancalana at gmail.com> wrote:
>
> > On 6/14/07, Marc G. Fournier <freebsd at hub.org> wrote:
> >
> >> I don't know ... it was caused by an application, but nothing was freed
> up
> >> after the application was stop'd ...
> >
> >
> > In my case the sockets are closed only if I stop the samba processes.
> When I
> > just changed the connection mode from Unix Socket to TCP on
> nss_ldap.conf,
> > the connections remain opened. I think this could be a problem with
> nss_ldap
> > (in the way of the connections are handled ?) because samba is accessing
> > OpenLDAP directly via TCP, the access via Unix Sockets is only done by
> Samba
> > throughnss_ldap.
> >
> > I trying to simulate this error on another machine. I will write some
> > scripts/program that connect to OpenLDAP socket directly and via
> nss_ldap
> > and post the results.
> >
> > Any more hints ?
>
> Hrmm .. how about nss in general? the one VPS that I killed off was using
> nss-mysql for passwd/group and shadow ... its definitely not something
> that is
> normally done here, and about the only thing I can think of that is
> 'unusual'
> about that specific VPS, in my case ...
Huuuummmm maybe... I don't know nss-mysql (I didn't ever know about your
existence..... hahaha) What's the connection method used to access MySQL
database ? You can read the rest of my message and try a similar test......
How I said......... here is the test:
I write the following perl script:
#!/usr/bin/perl
$counter = 0;
@users = ('user1', 'user2', 'user3');
while ( $counter <= 4 ) {
my $idx = int(rand($#users));
my @data = getpwnam($users[$idx]);
print join(' ', @data) . "\n";
$counter++;
}
sleep(50);
After run the script I have:
AleStation:/usr/home/ale $ sockstat -uc
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
root xterm 1528 3 stream -> /tmp/.X11-unix/X0
root xterm 1464 3 stream -> /tmp/.X11-unix/X0
ale nedit 1436 3 stream -> /tmp/.X11-unix/X0
ale xmms 1404 3 stream -> /tmp/.X11-unix/X0
ale gconfd-2 1331 4 dgram -> ??
ale gconfd-2 1331 12 stream
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale gconfd-2 1331 14 stream ->
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale dbus-daemo 1329 4 stream -> /var/run/openldap/ldapi
ale dbus-daemo 1329 5 stream -> ??
ale dbus-daemo 1329 7 stream -> ??
ale dbus-daemo 1329 8 stream /var/tmp/dbus-luPSSzilmv
ale dbus-daemo 1329 10 stream -> /var/run/openldap/ldapi
ale dbus-launc 1328 3 stream -> /tmp/.X11-unix/X0
ale pidgin 1324 3 stream -> /tmp/.X11-unix/X0
ale pidgin 1324 5 stream -> /var/tmp/dbus-luPSSzilmv
ale firefox-bi 1323 3 stream -> /tmp/.X11-unix/X0
ale firefox-bi 1323 11 stream ->
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale firefox-bi 1323 19 stream
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale gkrellm 1309 5 stream -> /tmp/.X11-unix/X0
ale wmaker 1306 3 stream -> /tmp/.X11-unix/X0
root Xorg 1301 10 stream /tmp/.X11-unix/X0
root Xorg 1301 11 stream /tmp/.X11-unix/X0
root Xorg 1301 12 stream /tmp/.X11-unix/X0
root Xorg 1301 13 stream /tmp/.X11-unix/X0
root Xorg 1301 14 stream /tmp/.X11-unix/X0
root Xorg 1301 15 stream /tmp/.X11-unix/X0
root Xorg 1301 16 stream /tmp/.X11-unix/X0
root Xorg 1301 17 stream /tmp/.X11-unix/X0
root Xorg 1301 18 stream /tmp/.X11-unix/X0
root Xorg 1301 19 stream /tmp/.X11-unix/X0
ale xinit 1300 3 stream -> /tmp/.X11-unix/X0
root login 1295 3 dgram -> ??
root login 1295 5 stream -> /var/run/openldap/ldapi
root natd 1294 4 dgram -> ??
_dhcp dhclient 1219 3 dgram -> ??
root dhclient 1195 3 dgram -> ??
root smbd 1044 4 dgram -> ??
root smbd 1044 18 stream ->
/var/db/samba/winbindd_privileged/pipe
root smbd 1044 22 stream -> /var/run/openldap/ldapi
root winbindd 954 3 dgram -> ??
root winbindd 954 15 stream -> ??
root winbindd 954 17 stream -> ??
root winbindd 954 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 954 20 stream -> ??
root winbindd 953 3 dgram -> ??
root winbindd 953 15 stream -> ??
root winbindd 953 17 stream -> ??
root winbindd 953 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 951 3 dgram -> ??
root winbindd 951 14 stream -> ??
root winbindd 925 3 dgram -> ??
root winbindd 925 15 stream -> ??
root winbindd 925 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 925 20 stream -> ??
root winbindd 925 21 stream -> ??
root smbd 921 4 dgram -> ??
root smbd 921 18 stream ->
/var/db/samba/winbindd_privileged/pipe
root smbd 921 22 stream -> /var/run/openldap/ldapi
root nmbd 917 4 dgram -> ??
ldap slapd 898 3 dgram -> ??
ldap slapd 898 19 stream /var/run/openldap/ldapi
ldap slapd 898 21 stream /var/run/openldap/ldapi
ldap slapd 898 22 stream /var/run/openldap/ldapi
ldap slapd 898 23 stream /var/run/openldap/ldapi
AleStation:/usr/home/ale $ sockstat -uc |wc -l
65
Running the above script, after the end of the while loop I have:
AleStation:/usr/home/ale $ sockstat -uc
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
ale perl5.8.8 1639 3 stream -> /var/run/openldap/ldapi
ale perl5.8.8 1639 4 stream -> /var/run/openldap/ldapi
ale perl5.8.8 1639 6 stream -> /var/run/openldap/ldapi
ale perl5.8.8 1639 7 stream -> /var/run/openldap/ldapi
ale perl5.8.8 1639 8 stream -> /var/run/openldap/ldapi
root xterm 1528 3 stream -> /tmp/.X11-unix/X0
root xterm 1464 3 stream -> /tmp/.X11-unix/X0
ale nedit 1436 3 stream -> /tmp/.X11-unix/X0
ale xmms 1404 3 stream -> /tmp/.X11-unix/X0
ale gconfd-2 1331 4 dgram -> ??
ale gconfd-2 1331 12 stream
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale gconfd-2 1331 14 stream ->
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale dbus-daemo 1329 4 stream -> /var/run/openldap/ldapi
ale dbus-daemo 1329 5 stream -> ??
ale dbus-daemo 1329 7 stream -> ??
ale dbus-daemo 1329 8 stream /var/tmp/dbus-luPSSzilmv
ale dbus-daemo 1329 10 stream -> /var/run/openldap/ldapi
ale dbus-launc 1328 3 stream -> /tmp/.X11-unix/X0
ale pidgin 1324 3 stream -> /tmp/.X11-unix/X0
ale pidgin 1324 5 stream -> /var/tmp/dbus-luPSSzilmv
ale firefox-bi 1323 3 stream -> /tmp/.X11-unix/X0
ale firefox-bi 1323 11 stream ->
/var/tmp/orbit-ale/linc-533-0-37a529d2e9123
ale firefox-bi 1323 19 stream
/var/tmp/orbit-ale/linc-52b-0-249abddc2887e
ale gkrellm 1309 5 stream -> /tmp/.X11-unix/X0
ale wmaker 1306 3 stream -> /tmp/.X11-unix/X0
root Xorg 1301 10 stream /tmp/.X11-unix/X0
root Xorg 1301 11 stream /tmp/.X11-unix/X0
root Xorg 1301 12 stream /tmp/.X11-unix/X0
root Xorg 1301 13 stream /tmp/.X11-unix/X0
root Xorg 1301 14 stream /tmp/.X11-unix/X0
root Xorg 1301 15 stream /tmp/.X11-unix/X0
root Xorg 1301 16 stream /tmp/.X11-unix/X0
root Xorg 1301 17 stream /tmp/.X11-unix/X0
root Xorg 1301 18 stream /tmp/.X11-unix/X0
root Xorg 1301 19 stream /tmp/.X11-unix/X0
ale xinit 1300 3 stream -> /tmp/.X11-unix/X0
root login 1295 3 dgram -> ??
root login 1295 5 stream -> /var/run/openldap/ldapi
root natd 1294 4 dgram -> ??
_dhcp dhclient 1219 3 dgram -> ??
root dhclient 1195 3 dgram -> ??
root smbd 1044 4 dgram -> ??
root smbd 1044 18 stream ->
/var/db/samba/winbindd_privileged/pipe
root smbd 1044 22 stream -> /var/run/openldap/ldapi
root winbindd 954 3 dgram -> ??
root winbindd 954 15 stream -> ??
root winbindd 954 17 stream -> ??
root winbindd 954 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 954 20 stream -> ??
root winbindd 953 3 dgram -> ??
root winbindd 953 15 stream -> ??
root winbindd 953 17 stream -> ??
root winbindd 953 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 951 3 dgram -> ??
root winbindd 951 14 stream -> ??
root winbindd 925 3 dgram -> ??
root winbindd 925 15 stream -> ??
root winbindd 925 19 stream /var/db/samba/winbindd_privileged/pipe
root winbindd 925 20 stream -> ??
root winbindd 925 21 stream -> ??
root smbd 921 4 dgram -> ??
root smbd 921 18 stream ->
/var/db/samba/winbindd_privileged/pipe
root smbd 921 22 stream -> /var/run/openldap/ldapi
root nmbd 917 4 dgram -> ??
ldap slapd 898 3 dgram -> ??
ldap slapd 898 19 stream /var/run/openldap/ldapi
ldap slapd 898 21 stream /var/run/openldap/ldapi
ldap slapd 898 22 stream /var/run/openldap/ldapi
ldap slapd 898 23 stream /var/run/openldap/ldapi
ldap slapd 898 24 stream /var/run/openldap/ldapi
ldap slapd 898 25 stream /var/run/openldap/ldapi
ldap slapd 898 26 stream /var/run/openldap/ldapi
ldap slapd 898 27 stream /var/run/openldap/ldapi
ldap slapd 898 28 stream /var/run/openldap/ldapi
AleStation:/usr/home/ale $ sockstat -uc |wc -l
75
This is the diff between the two outputs:
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
+ale perl5.8.8 1639 3 stream -> /var/run/openldap/ldapi
+ale perl5.8.8 1639 4 stream -> /var/run/openldap/ldapi
+ale perl5.8.8 1639 6 stream -> /var/run/openldap/ldapi
+ale perl5.8.8 1639 7 stream -> /var/run/openldap/ldapi
+ale perl5.8.8 1639 8 stream -> /var/run/openldap/ldapi
root xterm 1528 3 stream -> /tmp/.X11-unix/X0
root xterm 1464 3 stream -> /tmp/.X11-unix/X0
ale nedit 1436 3 stream -> /tmp/.X11-unix/X0
@@ -64,3 +69,10 @@
ldap slapd 898 21 stream /var/run/openldap/ldapi
ldap slapd 898 22 stream /var/run/openldap/ldapi
ldap slapd 898 23 stream /var/run/openldap/ldapi
+ldap slapd 898 24 stream /var/run/openldap/ldapi
+ldap slapd 898 25 stream /var/run/openldap/ldapi
+ldap slapd 898 26 stream /var/run/openldap/ldapi
+ldap slapd 898 27 stream /var/run/openldap/ldapi
+ldap slapd 898 28 stream /var/run/openldap/ldapi
At each call of getpwnam I have 2 new sockets opened and not closed. At the
end of the script all the sockets are close and the number return to the 65
before start the script.
The problem is when the program does no end like a daemon.
I think that this is a problem of nss_ldap when configured to access
OpenLDAP via Unix Domain Socket. I repeated this same test changing the
connection to TCP Socket at nss_ldap.conf and only 2 sockets are opened
during all execution time of the script.
Any comments ??
More information about the freebsd-stable
mailing list