From aedeade8d4572b63802fbffeba7c684930e259b4da625ec846f7d55b6219cac3 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Mon, 8 Dec 2008 14:43:13 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nfs-utils?expand=0&rev=45 --- nfs-utils.changes | 8 ++++++++ nfs-utils.spec | 9 ++++++++- svcgssd-mem-leak | 49 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 svcgssd-mem-leak diff --git a/nfs-utils.changes b/nfs-utils.changes index b83e884..3221ebe 100644 --- a/nfs-utils.changes +++ b/nfs-utils.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sun Dec 7 22:20:05 CET 2008 - nfbrown@suse.de + +- gssd-mem-leak + * set better expiry date for cached auth info + so kernel does not run out of memory + bnc#442490 + ------------------------------------------------------------------- Fri Dec 5 02:43:20 CET 2008 - nfbrown@suse.de diff --git a/nfs-utils.spec b/nfs-utils.spec index d2ac9b3..80b10e2 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -27,7 +27,7 @@ BuildRequires: libevent Url: http://nfs.sourceforge.net Summary: Support Utilities for Kernel nfsd Version: 1.1.3 -Release: 15 +Release: 16 Group: Productivity/Networking/NFS License: GPL v2 or later BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -52,6 +52,7 @@ Patch3: sm-notify-no-sync.patch Patch4: rpc.gssd-catch-signal.patch Patch5: fork-start-statd.patch Patch6: warn-nfs-udp.patch +Patch7: svcgssd-mem-leak %description This package contains the NFS utilities. You can tune the number of @@ -135,6 +136,7 @@ Authors: %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 cp %{S:6} . %build @@ -289,6 +291,11 @@ rm -rf $RPM_BUILD_ROOT %doc nfs/*.html nfs/*.ps linux-nfs/* README.NFSv4 %changelog +* Sun Dec 07 2008 nfbrown@suse.de +- gssd-mem-leak + * set better expiry date for cached auth info + so kernel does not run out of memory + bnc#442490 * Fri Dec 05 2008 nfbrown@suse.de - nfs.init * Don't signal an error if asked to stop 'nfs' diff --git a/svcgssd-mem-leak b/svcgssd-mem-leak new file mode 100644 index 0000000..b625ef4 --- /dev/null +++ b/svcgssd-mem-leak @@ -0,0 +1,49 @@ +Set a more reasonable timeout for gss auth cache. + +svcgssd gives info to the kernel to gss authentication +and encryption. +This information currently has no expiry time and is never +flushed so it will collected forever and eventually +cause a significant waste of memory. + +So set the expiry times smaller. +For session initialisation, the context info should only be needed once. +So set a timeout of one minutes. + +For ongoing context information it could be needed for some time, +so set a timeot of one hour. + +See bnc#442490 + +From: NeilBrown +Signed-off-by: NeilBrown + +--- + utils/svcgssd/svcgssd_proc.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +Index: nfs-utils-1.1.3/utils/gssd/svcgssd_proc.c +=================================================================== +--- nfs-utils-1.1.3.orig/utils/gssd/svcgssd_proc.c ++++ nfs-utils-1.1.3/utils/gssd/svcgssd_proc.c +@@ -86,7 +86,9 @@ do_svc_downcall(gss_buffer_desc *out_han + } + qword_printhex(f, out_handle->value, out_handle->length); + /* XXX are types OK for the rest of this? */ +- qword_printint(f, 0x7fffffff); /*XXX need a better timeout */ ++ ++ /* 'context' could be needed for a while. */ ++ qword_printint(f, time(0) + 60*60); + qword_printint(f, cred->cr_uid); + qword_printint(f, cred->cr_gid); + qword_printint(f, cred->cr_ngroups); +@@ -130,7 +132,8 @@ send_response(FILE *f, gss_buffer_desc * + + qword_addhex(&bp, &blen, in_handle->value, in_handle->length); + qword_addhex(&bp, &blen, in_token->value, in_token->length); +- qword_addint(&bp, &blen, 0x7fffffff); /*XXX need a better timeout */ ++ /* INIT context info will only be needed for a short while */ ++ qword_addint(&bp, &blen, time(0) + 60); + qword_adduint(&bp, &blen, maj_stat); + qword_adduint(&bp, &blen, min_stat); + qword_addhex(&bp, &blen, out_handle->value, out_handle->length);