diff --git a/0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch b/0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch new file mode 100644 index 0000000..dbb2c02 --- /dev/null +++ b/0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch @@ -0,0 +1,56 @@ +From dfcc67f54823bee15632cf52704842863e8b8a93 Mon Sep 17 00:00:00 2001 +From: Jakub Hrozek +Date: Tue, 3 Apr 2018 21:48:37 +0200 +Subject: [PATCH] Do not keep allocating external groups on a long-lived + context +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The hash table with the external groups was never freed, so the +server_mode->ext_groups context was growing over time. + +This patch keeps the new hash on the state if something failed, then +frees the previous hash and finally steals the new hash onto the server +mode. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3719 + +Signed-off-by: Sumit Bose +Reviewed-by: Fabiano FidĂȘncio +(cherry picked from commit 10213efaf1f9f587b47a82778a252d79863f665e) +--- + src/providers/ipa/ipa_subdomains_ext_groups.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c +index 9e1d6c3a9..63ff7c7d7 100644 +--- a/src/providers/ipa/ipa_subdomains_ext_groups.c ++++ b/src/providers/ipa/ipa_subdomains_ext_groups.c +@@ -583,14 +583,19 @@ static void ipa_get_ext_groups_done(struct tevent_req *subreq) + DEBUG(SSSDBG_TRACE_FUNC, "[%zu] external groups found.\n", + state->reply_count); + +- ret = process_ext_groups(state->server_mode->ext_groups, +- state->reply_count, state->reply, &ext_group_hash); ++ ret = process_ext_groups(state, ++ state->reply_count, ++ state->reply, ++ &ext_group_hash); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "process_ext_groups failed.\n"); + goto fail; + } + +- state->server_mode->ext_groups->ext_groups = ext_group_hash; ++ talloc_free(state->server_mode->ext_groups->ext_groups); ++ state->server_mode->ext_groups->ext_groups = talloc_steal( ++ state->server_mode->ext_groups, ++ ext_group_hash); + /* Do we have to make the update timeout configurable? */ + state->server_mode->ext_groups->next_update = time(NULL) + 10; + +-- +2.17.0 + diff --git a/sssd.spec b/sssd.spec index 1c2dd87..f44e77f 100644 --- a/sssd.spec +++ b/sssd.spec @@ -100,6 +100,7 @@ Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch Patch0057: 0057-AD-Warn-if-the-LDAP-schema-is-overriden-with-the-AD-.patch Patch0058: 0058-SYSDB-Only-check-non-POSIX-groups-for-GID-conflicts.patch +Patch0059: 0059-Do-not-keep-allocating-external-groups-on-a-long-liv.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch @@ -1311,6 +1312,9 @@ fi something different than 'ad'. - Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. +- Resolves: upstream#3719 - The SSSD IPA provider allocates information about + external groups on a long lived memory context, + causing memory growth of the sssd_be process * Sat May 05 2018 Fabiano FidĂȘncio - 1.16.1-4 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa