KDCs complain about not having enough file handles for /var/lib/heimdal-kdc/heimdal
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
heimdal (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Brian Murray | ||
Quantal |
Fix Released
|
High
|
Brian Murray | ||
Raring |
Fix Released
|
High
|
Brian Murray |
Bug Description
[Impact]
When having multiple IP addresses configured, the heimdal-kdc package might become unusable under load, due to leaking of file descriptors. This means that all outstanding connections, just created or almost finished, are ignored.
[Test cases]
There's a small probing program attached that helps testing, by following these instructions:
## Install the KDC and a C compiler.
$ sudo apt-get install heimdal-kdc clang
## Add more interfaces.
$ for ip in 192.0.2.{1..32} ; do sudo ip addr add ${ip} dev eth0 ; done
## Restart the KDC so it listens on the interfaces.
$ sudo service heimdal-kdc restart
## There are no leaked sockets.
$ sudo lsof -nn -p $(pgrep kdc) | tee lsof-before.txt
## Build the test utility.
$ cc -o probe probe.c
## Hammer the KDC very briefly.
$ for ip in 192.0.2.{1..32} 127.0.0.1 ; do for i in {1..32} ; do ./probe ${ip} 88 & done & done
## We have leaked sockets, as shown by the "can't identify protocol" sockets.
$ sudo lsof -nn -p $(pgrep kdc) | tee lsof-after.txt
[Possible regressions]
No regressions expected. The patch has been in use by the original submitter's team for more than a year, and has been accepted by upstream for more than 8 months.
[Original Description]
There is a leak in the way the KDC handles file descriptors. Under load, this bug causes connections to be dropped and a lot of seemingly unrelated messages are logged: "Failed to open database: opening /var/lib/
Please pull the patch from upstream:
https:/
description: | updated |
Changed in heimdal (Ubuntu): | |
importance: | Undecided → High |
Changed in heimdal (Ubuntu Precise): | |
status: | New → Triaged |
Changed in heimdal (Ubuntu Quantal): | |
status: | New → Triaged |
Changed in heimdal (Ubuntu Raring): | |
status: | New → Triaged |
Changed in heimdal (Ubuntu Precise): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in heimdal (Ubuntu Quantal): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in heimdal (Ubuntu Raring): | |
assignee: | nobody → Louis Bouchard (louis-bouchard) |
Changed in heimdal (Ubuntu Precise): | |
importance: | Undecided → High |
Changed in heimdal (Ubuntu Quantal): | |
importance: | Undecided → High |
Changed in heimdal (Ubuntu Raring): | |
importance: | Undecided → High |
Changed in heimdal (Ubuntu Precise): | |
assignee: | Louis Bouchard (louis-bouchard) → Brian Murray (brian-murray) |
Changed in heimdal (Ubuntu Raring): | |
assignee: | Louis Bouchard (louis-bouchard) → Brian Murray (brian-murray) |
Changed in heimdal (Ubuntu Quantal): | |
assignee: | Louis Bouchard (louis-bouchard) → Brian Murray (brian-murray) |
Hi,
I've prepared the debdiffs for the package, applying the patch pointed in the previous comment. I'll attach precise here and quantal next.