Page MenuHome GnuPG
Create Task
Maniphest T6947

unnamed semaphore leak on AIX
Closed, ResolvedPublic
Actions

Description

Unnamed semaphore created in npth_init is never destroyed.

In version 2.2 and earlier npth_init is called when new gpg-agent was stared. gpg-agent typically is not restarted in production environment and resource leak was not detected.

Since version 2.3 npth_init (sem_init) was introduced in gpg command. Now one unnamed semaphore is leaking on each gpg execution. There is no workaround except for using version 2.2 or older. It is not possible to identify and remove orphaned semaphore from command line.

System renders unusable after IPC resources are exhausted.

Now GnuPG-2.4 is available in AIX toolbox repository.
The issue can be demonstrated by running g13 where npth_init is used:

bash-4.3$ ipcs -r -s -a
IPC status from /dev/mem as of Fri Jan 19 14:45:55 EET 2024
T        ID     KEY        MODE       OWNER    GROUP  CREATOR   CGROUP NSEMS   OTIME    CTIME  RTFLAGS NAME
Semaphores:
s   3145728 0x0101a6e2 --ra-ra-r--     root   system     root   system     1 11:49:42 11:49:42
...
s      4953 0xffffffff --ra------- buildbot     perf buildbot     perf     2 17:18:31 17:17:20
bash-4.3$ /opt/freeware/bin/g13
Warning: using insecure memory!
g13: invalid command (there is no implicit command)
bash-4.3$ ipcs -r -s -a
IPC status from /dev/mem as of Fri Jan 19 14:46:04 EET 2024
T        ID     KEY        MODE       OWNER    GROUP  CREATOR   CGROUP NSEMS   OTIME    CTIME  RTFLAGS NAME
Semaphores:
s   3145728 0x0101a6e2 --ra-ra-r--     root   system     root   system     1 11:49:42 11:49:42
...
s      4953 0xffffffff --ra------- buildbot     perf buildbot     perf     2 17:18:31 17:17:20
s         - 0xffffffff --ra-ra-ra- buildbot     perf buildbot     perf     1 14:46:01 14:46:01    -    -

Leaked unnamed semaprore un last output line.

Details

Version
2.3, 2.4

Revisions and Commits

rPTH nPth
rPTH99e1174f6054 Clean up handling of unsafe semaphore.

Related Objects

Event Timeline

ansmiuld created this task.Jan 19 2024, 1:24 PM
ansmiuld assigned this task to gniibe.Jan 19 2024, 1:48 PM
ansmiuld triaged this task as Normal priority.
ansmiuld updated the task description. (Show Details)
ansmiuld changed Version from 2.3, 2. to 2.3, 2.4.
gniibe added a comment.Jan 22 2024, 4:15 AM

Thank you for the report.

Perhaps, it is now good time to clean up things.

Although the workaround in nPth is not needed any more, it's in nPth 1.3 and later.

Please test this patch of nPth for newer GnuPG:

0001-Clean-up-handling-of-unsafe-semaphore.patch4 KBDownload

gniibe added a project: npth.Jan 23 2024, 1:09 AM
gniibe merged a task: T6948: unnamed semaphores leak on AIX.
gniibe added a project: AIX.
gniibe added subscribers: raivist, gniibe.
gniibe added a commit: rPTH99e1174f6054: Clean up handling of unsafe semaphore..Jan 26 2024, 10:12 AM
gniibe changed the task status from Open to Testing.Jan 29 2024, 5:11 AM
ansmiuld added a comment.Jan 30 2024, 9:28 AM

After applying patch to nPth 1.6 no semaphore leaks detected. Tested with GnuPG-2.3.3.
There has been positive feedback from production environment as well.

> ipcs -r |grep buildbot ; gpg-connect-agent /bye ; ipcs -r |grep buildbot ; gpg-connect-agent killagent /bye  ; sleep 1; ipcs -r |grep buildbot

gpg-connect-agent: error reading symlink '/proc/curproc/file': No such file or directory
gpg-connect-agent: no running gpg-agent - starting '/b/slaves/control_x21/work/src/cs.pkg.Level1_Infrastructure-1.21/sdk/deploy_gnupg/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to the agent established
s         - 0xffffffff --ra-ra-ra- buildbot     perf    -    -
OK closing connection
werner mentioned this in T7010: Release npth 1.7.Feb 23 2024, 10:53 AM
werner closed this task as Resolved.Feb 23 2024, 11:28 AM