11397 – vicious cycle of more and more client connections in winbindd

Bug 11397 - vicious cycle of more and more client connections in winbindd

Summary: vicious cycle of more and more client connections in winbindd

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	4.2.2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-13 09:33 UTC by Uri Simchoni
Modified:	2016-08-09 12:04 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Proposed fix (25.84 KB, patch) 2015-07-13 19:36 UTC, Uri Simchoni	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Uri Simchoni 2015-07-13 09:33:29 UTC

When the rate of requests made by winbindd clients (mostly smbd processes) exceeds winbindd's ability to service those requests, a vicious cycle is created wherein the clients re-open the connection to winbindd in order to retry, winbindd does not cancel the pending request and does not close its end of the client connection, and so more and more requests get piled and more and more client connections get open, until the file descriptor limit is exhausted.

This of course be simulated, but appears to have happened in actual customer setups, in combination with bugs 11259 and 11267 (each session setup requires an ldap query, and the query opens a new connection which involves lengthy handshake with the domain controller)

Comment 1 Uri Simchoni 2015-07-13 19:36:34 UTC

Created attachment 11253 [details]
Proposed fix

This is v6 of a fix that has been circling samba-technical for a while now.

Comment 2 Andreas Schneider 2016-08-09 12:04:16 UTC

This has been pushed upstream with 2c1c567ee1a59fa7bf09be0ed0554d2dc01cd0b9 and is in Samba 4.3.0 and newer.