[SRU] Memory leak in krb5 version 1.17

Bug #2060666 reported by Ponnuvel Palaniyappan
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
In Progress
Undecided
Ponnuvel Palaniyappan

Bug Description

[ Impact ]

Commit https://github.com/krb5/krb5/commit/1cd2821c19b2b95e39d5fc2f451a035585a40fa5
altered the memory management of krb5_gss_inquire_cred(), introducing defcred to act as
an owner pointer when the function must acquire a default credential.
The commit neglected to update the code to release the default cred
along the successful path. The old code does not trigger because
cred_handle is now reassigned, so the default credential is leaked.

Resulting gradual increase in memory usage (memory leak) and eventual crash.

[ Test Plan ]

Setup 3 VMs:

1. Windows Server act as Domain controller (AD)
2. Windows machine AD Joined with Ostress installed. (Ostress is part of RML utilities https://learn.microsoft.com/en-us/troubleshoot/sql/tools/replay-markup-language-utility)
3. SQL on Linux AD Joined ( configuration steps https://learn.microsoft.com/en-us/sql/linux/sql-server-linux-ad-auth-adutil-tutorial?view=sql-server-ver16)

On the Machine with OStress create a file (name it disconnect.ini) with the following content under the same folder “C:\Program Files\Microsoft Corporation\RMLUtils” where OStress is installed.

disconnect.ini
==============

[Connection Options]
LoginTimeout=30
QuotedIdentifier=Off
AutocommitMode=On
DisconnectPct=100.0
MaxThreadErrors=0

[Query Options]
NoSQLBindCol=Off
NoResultDisplay=Off
PrepareExecute=Off
ExecuteAsync=Off
RollbackOnCancel=Off
QueryTimeout=0
QueryDelay=0
MaxRetries=0
BatchDisconnectPct=0.0
CancelPct=0.00
CancelDelay=0
CancelDelayMin=0
CursorType=
CursorConcurrency=
RowFetchDelay=0

[Replay Options]
Sequencing Options=global sequence
::Sequencing Options=global sequence, dtc replay
DTC Timeout=
DTC Machine=(local)
Playback Coordinator=(local)
StartSeqNum=
StopSeqNum=
TimeoutFactor=1.0

Run the following command to start the load using Ostress, change Server name (-S) accordingly and the number of threads (-n) as needed.

Start 4 different CMD consoles and use the following different commands for each CMD window:
1. ostress.exe -E -S<ServerName/port> -Q"select * from sys.all_objects" -q -cdisconnect.ini -n40 -r9999999 -oc:\temp\log01 -T146
2. ostress.exe -E -S<ServerName/port> -Q"select * from sys.all_views" -q -cdisconnect.ini -n40 -r9999999 -oc:\temp\log02 -T146
3. ostress.exe -E -S<ServerName/port> -Q"select * from sys.all_columns" -q -cdisconnect.ini -n40 -r9999999 -oc:\temp\log03 -T146
4. ostress.exe -E -S<ServerName/port> -Q"select * from sys.all_parameters" -q -cdisconnect.ini -n40 -r9999999 -oc:\temp\log04 -T146

After a run of about 5 hours, the memory usage for this is expected to be around 5G with the fix.
Without the fix, it was observed that it reached around ~22G in 5 hours. Hence the increase in
memory usage can be observed if the ostress.exe programs are let to run longer.

[ Where problems could occur ]

 The fix may not fix the memory leak or could result in releasing the memory
 early in a different code path, and thus resulting in crashes.

 A mitigating fact is that the fix has been in Ubuntu since at least 22.04 and
 they do not exhibit any issues.

 Likewise I've previously provided the fix in a PPA https://launchpad.net/~pponnuvel/+archive/ubuntu/krb5-focal
 to user who's been hit by this issue. They've tested and confirmed it fixes the memory leak.

[ Other Info ]

The commit https://github.com/krb5/krb5/commit/098f874f3b50dd2c46c0a574677324b5f6f3a1a8 fixes the leak.

The fix has been included in newer krb5 releases (Jammy, and Noble have the releases with the fix).

Bionic doesn't have the commit the introduced the memory leak in the first place.
So this will be a Focal-only backport.

Tags: sts
tags: added: sts
Changed in krb5 (Ubuntu Focal):
assignee: nobody → Ponnuvel Palaniyappan (pponnuvel)
Changed in krb5 (Ubuntu):
status: New → Fix Released
Changed in krb5 (Ubuntu Focal):
status: New → In Progress
description: updated
summary: - Memory leak in krb5 version 1.17
+ [SRU] Memory leak in krb5 version 1.17
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Hi Ponnuvel,

I see you prepared a debdiff to fix this issue, if you are seeking for a sponsor for you package you could use the Patch Pilot program [1]. Long story short, you could subscribe ~ubuntu-sponsors to this bug and it would go to the Patch Pilot queue.

This is in the Server team queue, and once we have time we will take a look if no one else had already done that. It may take some time.

[1] https://ubuntu.com/community/contribute/ubuntu-development/ubuntu-patch-pilots

Revision history for this message
Ponnuvel Palaniyappan (pponnuvel) wrote :

Attaching the debdiff for Focal.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.