-
Notifications
You must be signed in to change notification settings - Fork 235
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NSS: close files after mmap #560
NSS: close files after mmap #560
Conversation
Can one of the admins verify this patch? |
1 similar comment
Can one of the admins verify this patch? |
ok to test |
retest this please |
Firstly, sorry that I'm not going to review the patch itself (I'll leave it to someone else). What I'd like to bring up here is that a bunch of tests are failing due to the change:
Please, in order to reproduce it in your own machine, run:
|
@fidencio, |
Hi, We can not close the mmap cache file descriptor after the memory cache context is initialized. The reason why the mmap context keeps the FD open is so that it does not need to create a new FD every time when we do some operation on the mmap cache. So the fact that the sssd_nss responder is keeping the FD open in the context is by desing. I am not sure why the file is marked as deleted, but note that the mmap cache context is created when the sssd_nss responder is starting up, so when you manually delete the files (for example using the rm command) SSSD needs to be restarted, the old FD will be closed and new one opened. Not restarting SSSD after the mmap cache was removed with "rm" will make the mmap cache not working. Michal |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Closing the FD can be done, but then you have to do more than that, see comments.
@@ -185,6 +185,9 @@ static errno_t sss_nss_mc_init_ctx(const char *name, | |||
ret = 0; | |||
|
|||
done: | |||
if (ctx->fd) { | |||
close(ctx->fd); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the very least you must set ctx->fd to -1 after a close, or you'll cause trouble later (closing unrelated files if the context is freed).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you are going to always close the file, which is a fine choice, then I would expect this patch to actually remove the fd element from the struct and use a local variable instead so that no manipulation of the fd is expected in sss_nss_mc_destroy_ctx() at all.
I wonder if the caches were deleted because someone called sss_cache? |
@ChrisKowalczyk Hmm.. i thought we are using the fd in the memory cache operations, but it does not seem to be the case, so yes we do not need the fd, just the pointer to the mmaped region. Forget what I said and follow @simo5 's advice, sorry for confusion :) @jhrozek Right that is also one of the possible reasons, sss_cache can mark the cache as "recycled" and delete the file, the clients learn about this when they do next request to the cache and reload the new file. |
Thanks for all the comments and quick feedback! Sorry for sharing a closed bug report, I will prepare some better description of this scenario. I will also make sure that the tests are not failing. |
@ChrisKowalczyk, do you plan to work on this PR? |
Actually it seems we need open Also to be consistent NSS responder's handling of As I don't know original intention (what problem this PR was intended to solve) I can't amend this PR properly. Thus I will close this. Please open a new issue or PR with a better description if there is any actual problem to solve. |
The files in MC cache folder were initialized by SSSD on startup, and mapped by using mmap function. due to the fact that they weren't closed afterwards, their File descriptors were still marker alive but marked as 'Deleted'.
This was noticed by a customer of SUSE, see more details here: https://bugzilla.suse.com/show_bug.cgi?id=1080156