Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-2220

winbind leaks memory via LDAP handles

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-7.9.z
    • samba
    • None
    • Low
    • rhel-idm-sssd
    • ssg_idm
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None
    • 57,005

      Description of problem:

      The customer has reported very slow winbind memory growth which accumulates over long period of time and as result requires periodic service restarts which is of course inconvenient and unpredictable.

      Collected valgrind leaks report is attached. It looks like its leaking indirectly via LDAP handles and various small allocations associated with them on libldap part and its underlying dependencies.

      There are quite a few things in the valgrind leaks report but it appears that new LDAP handles are being continuously create, like so

      [ ..... ]
      ==23510== by 0x13571D40: ldap_int_open_connection (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x135850CC: ldap_new_connection (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x135711DE: ldap_open_defconn (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x135863D7: ldap_send_initial_request (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x1357B418: ldap_sasl_bind (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x1357B848: ldap_sasl_bind_s (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0x1357C0E4: ldap_simple_bind_s (in /usr/lib64/libldap-2.4.so.2.10.7)
      ==23510== by 0xA8D574F: ??? (in /usr/lib64/libsmbldap.so.2)
      ==23510== by 0xA8D66A4: ??? (in /usr/lib64/libsmbldap.so.2)

      ==23510== by 0xA8D6D4A: smbldap_search (in /usr/lib64/libsmbldap.so.2)
      ==23510== by 0xA8D6D96: smbldap_search_suffix (in /usr/lib64/libsmbldap.so.2)
      ==23510== by 0x2043FAC6: smbldap_search_domain_info (in /usr/lib64/samba/libsmbldaphelper-samba4.so)
      ==23510== by 0x20223949: pdb_ldapsam_init_common (in /usr/lib64/samba/pdb/ldapsam.so)
      ==23510== by 0x6A278A8: make_pdb_method_name (in /usr/lib64/libsamba-passdb.so.0.27.2)
      ==23510== by 0x6A27BA3: ??? (in /usr/lib64/libsamba-passdb.so.0.27.2)
      ==23510== by 0x6A29CB8: initialize_password_db (in /usr/lib64/libsamba-passdb.so.0.27.2)
      ==23510== by 0x12EE8B: main (in /usr/sbin/winbindd)

      In the winbind code it appears that the original intent was to cache the LDAP handle and its associated connection and only free it on LDAP_SERVER_DOWN or any sort of reconnect conditions however it looks like (I'm not familiar with related code at all) a new handle is created every time via

      pdb_ldapsam_init_common()/pdb_init_ldapsam_common() path

      and nothing ever calls libldap ldap_unbind() API (which is libldap way to discard an LDAP handle and free all resources associated with it) unless there is an error condition eg connection problem etc.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:
      1.
      2.
      3.

      Actual results:

      Expected results:

      Additional info:

        1. valgrind.log
          3.40 MB

              anschnei@redhat.com Andreas Schneider
              abobrov@redhat.com Anton Bobrov
              SSSD QE SSSD QE
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: