Re: (ITS#4780) ACL set memory leak

[ando@sys-net.it]

dhawes@vt.edu wrote:
> When using ACL sets, OpenLDAP 2.3.30 steadily uses up all the system memory
> before crashing (slapd: ch_malloc.c:57: ch_malloc: Assertion `0' failed).
>
> The system is loaded using SLAMD with 4 clients doing anonymous searches on a
> filter file of approximately 300,000 filters (taken from a typical day on a
> production server).  SLAMD reports that 2885650 entries are returned in the 30
> minutes it takes to use up all available memory (4G).
>
> The instance contains approximately 1 million entries in a bdb backend, and uses
> the following simple set of ACLs for this test:
>
> ...
> access to dn.base=""
>     by * read
>
> access to dn.base="cn=Subschema"
>     by * read
>
> access to dn.base="dc=example,dc=com"
>     by * read
>
> access to dn.base="ou=People,dc=example,dc=com"
>     by * read
>
> access to *
>     by set="[string1] & [string2]" read
>     by peername.ip=<slamd client ip 1> read
>     by peername.ip=<slamd client ip 2> read
>     by peername.ip=<slamd client ip 3> read
>     by peername.ip=<slamd client ip 4> read
>     by * none
> ...
>
> Removing the "by set=" clause and running the SLAMD job causes OpenLDAP memory
> usage to stabilize.
>
> I notice the same behavior on 2.3.27, but did not notice it with older versions
> such as 2.2.26.
>   
I can't confirm this issue neither with HEAD nor with re23; I used 
valgrind and the set string you posted verbatim, although I didn't use 
slamd.  However, right now I don't see how it may be a matter of 
concurrency.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------