Page MenuHome GnuPG

unnamed semaphore leak on AIX
Closed, ResolvedPublic

Description

Unnamed semaphore created in npth_init is never destroyed.

In version 2.2 and earlier npth_init is called when new gpg-agent was stared. gpg-agent typically is not restarted in production environment and resource leak was not detected.

Since version 2.3 npth_init (sem_init) was introduced in gpg command. Now one unnamed semaphore is leaking on each gpg execution. There is no workaround except for using version 2.2 or older. It is not possible to identify and remove orphaned semaphore from command line.

System renders unusable after IPC resources are exhausted.

Now GnuPG-2.4 is available in AIX toolbox repository.
The issue can be demonstrated by running g13 where npth_init is used:

bash-4.3$ ipcs -r -s -a
IPC status from /dev/mem as of Fri Jan 19 14:45:55 EET 2024
T        ID     KEY        MODE       OWNER    GROUP  CREATOR   CGROUP NSEMS   OTIME    CTIME  RTFLAGS NAME
Semaphores:
s   3145728 0x0101a6e2 --ra-ra-r--     root   system     root   system     1 11:49:42 11:49:42
...
s      4953 0xffffffff --ra------- buildbot     perf buildbot     perf     2 17:18:31 17:17:20
bash-4.3$ /opt/freeware/bin/g13
Warning: using insecure memory!
g13: invalid command (there is no implicit command)
bash-4.3$ ipcs -r -s -a
IPC status from /dev/mem as of Fri Jan 19 14:46:04 EET 2024
T        ID     KEY        MODE       OWNER    GROUP  CREATOR   CGROUP NSEMS   OTIME    CTIME  RTFLAGS NAME
Semaphores:
s   3145728 0x0101a6e2 --ra-ra-r--     root   system     root   system     1 11:49:42 11:49:42
...
s      4953 0xffffffff --ra------- buildbot     perf buildbot     perf     2 17:18:31 17:17:20
s         - 0xffffffff --ra-ra-ra- buildbot     perf buildbot     perf     1 14:46:01 14:46:01    -    -

Leaked unnamed semaprore un last output line.

Details

Version
2.3, 2.4

Revisions and Commits

Event Timeline

ansmiuld triaged this task as Normal priority.
ansmiuld updated the task description. (Show Details)
ansmiuld changed Version from 2.3, 2. to 2.3, 2.4.

Thank you for the report.

Perhaps, it is now good time to clean up things.

Although the workaround in nPth is not needed any more, it's in nPth 1.3 and later.

Please test this patch of nPth for newer GnuPG:

gniibe changed the task status from Open to Testing.Jan 29 2024, 5:11 AM

After applying patch to nPth 1.6 no semaphore leaks detected. Tested with GnuPG-2.3.3.
There has been positive feedback from production environment as well.

> ipcs -r |grep buildbot ; gpg-connect-agent /bye ; ipcs -r |grep buildbot ; gpg-connect-agent killagent /bye  ; sleep 1; ipcs -r |grep buildbot

gpg-connect-agent: error reading symlink '/proc/curproc/file': No such file or directory
gpg-connect-agent: no running gpg-agent - starting '/b/slaves/control_x21/work/src/cs.pkg.Level1_Infrastructure-1.21/sdk/deploy_gnupg/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to the agent established
s         - 0xffffffff --ra-ra-ra- buildbot     perf    -    -
OK closing connection