Fedora 11 slapd "too many open files": /lib64/libnspr4.so

Thu Aug 20 01:54:29 UTC 2009

El Thu, 13-08-2009 a las 07:56 +0200, Bernie Innocenti escribió:
> El Thu, 13-08-2009 a las 07:12 +0200, Bernie Innocenti escribió:
> > Ping?
> > 
> > This bug is pretty nasty: we have to restart slapd
> > 2 or 3 times a day :-/
> 
> Ok, I think I'm starting to see the light here, but perhaps
> it's just because it's already dawn.
> 
> nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c
> dlopen()s nspr4.so like so:
> 
> -----8<----------8<----------8<----------8<----------8<-----
> #define freebl_getLibrary(libName)  \
>     dlopen (libName, RTLD_LAZY|RTLD_NOLOAD)
> 
> #define freebl_releaseLibrary(lib) \
>     if (lib) dlclose(lib)
> 
> #endif
> 
> extern SECStatus
> FREEBL_InitStubs()
> {
>     SECStatus rv = SECSuccess;
> #ifdef FREEBL_NO_WEAK
>     void *nspr = NULL; 
>     void *nssutil = NULL; 
> 
>     /* NSPR should be first */
>     if (!ptr_PR_DestroyLock) {
>     nspr = freebl_getLibrary(nsprLibName);
>     if (!nspr) {
>         return SECFailure;
>     }
>     rv = freebl_InitNSPR(nspr);
>     if (rv != SECSuccess) {
>         freebl_releaseLibrary(nspr);
>         return rv;
>     }
>     }
>     /* now load NSSUTIL */
>     if (!ptr_SECITEM_ZfreeItem_Util) {
>     nssutil= freebl_getLibrary(nssutilLibName);
>     if (!nssutil) {
>         return SECFailure;
>     }
>     rv = freebl_InitNSSUtil(nssutil);
>     if (rv != SECSuccess) {
>         freebl_releaseLibrary(nssutil);
>         return rv;
>     }
>     }
> #endif
> 
>     return rv;
> }
> -----8<----------8<----------8<----------8<----------8<-----
> 
> There's no corresponding place in the code to call dlclose().
> If slapd enters this multiple times (perhaps from multiple threads),
> it might indeed leak file descriptors.
> 
> It remains to be determined what codepath in openldap does this.

Looks like the above code is being by this Fedora-specific patch carried
by the nss package:

-----8<----------8<----------8<----------8<----------8<----- 
diff -rupN nss-3.12.3.99.3-orig/mozilla/security/nss/lib/freebl/stubs.c nss-3.12.3.99.3/mozilla/security/nss/lib/freebl/stubs.c

--- ./mozilla/security/nss/lib/freebl/stubs.c	2009-03-28 19:21:50.000000000 -0700
+++ ./mozilla/security/nss/lib/freebl/stubs.c	2009-06-08 20:37:20.000000000 -0700
@@ -558,8 +558,8 @@ FREEBL_InitStubs()
 	    return SECFailure;
 	}
 	rv = freebl_InitNSPR(nspr);
-	freebl_releaseLibrary(nspr);
 	if (rv != SECSuccess) {
+	    freebl_releaseLibrary(nspr);
 	    return rv;
 	}
     }
@@ -570,8 +570,8 @@ FREEBL_InitStubs()
 	    return SECFailure;
 	}
 	rv = freebl_InitNSSUtil(nssutil);
-	freebl_releaseLibrary(nssutil);
 	if (rv != SECSuccess) {
+	    freebl_releaseLibrary(nssutil);
 	    return rv;
 	}
     }
-----8<----------8<----------8<----------8<----------8<-----

The patch was motivated by this bug:

  https://bugzilla.redhat.com/show_bug.cgi?id=502133

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/



