[OpenAFS-devel] rxkad private data eat kernel memory

Hartmut Reuter reuter@rzg.mpg.de
Thu, 15 Dec 2005 14:56:24 +0100


Hello,

we saw on our compute cluster machines where many SSH requests create 
PAGs and transfer tokens that the kernel memory is eaten up by the 
security objects.

With the older OpenAFS versions this problem was not so heavy because in 
former times MAXKTCTICKETLEN had a moderate value, but today in favour 
of Microsoft's active directory for each security object 12000 bytes are 
wasted.

Here my patch to avoid the allocation of that much space if you don't 
use AD:


--- private_data.h.orig 2003-07-16 01:16:42.717862052 +0200
+++ private_data.h      2005-12-15 09:21:33.687297200 +0100
@@ -48,15 +48,17 @@
      afs_int32 ipAddr;          /* or an approximation to it */
  };

+#define PDATA_SIZE(l) (sizeof(struct rxkad_cprivate) \
+                       - MAXKTCTICKETLEN + (l) + 8)
+
  /* private data in client-side security object */
  struct rxkad_cprivate {
      afs_int32 kvno;            /* key version of ticket */
-    afs_int32 ticketLen;       /* length of ticket */
+    afs_int16 ticketLen;       /* length of ticket */
+    rxkad_type type;           /* always client */
+    rxkad_level level;         /* minimum security level of client */
      fc_KeySchedule keysched;   /* the session key */
      fc_InitializationVector ivec;      /* initialization vector for cbc */
      char ticket[MAXKTCTICKETLEN];      /* the ticket for the server */
-    rxkad_type type;           /* always client */
-    rxkad_level level;         /* minimum security level of client */
  };

  /* Per connection client-side info */


--- rxkad_client.c.orig 2005-05-30 06:57:37.712862691 +0200
+++ rxkad_client.c      2005-12-15 09:25:33.358907923 +0100
@@ -178,7 +178,7 @@
      struct rx_securityClass *tsc;
      struct rxkad_cprivate *tcp;
      int code;
-    int size;
+    int size, psize;

      size = sizeof(struct rx_securityClass);
      tsc = (struct rx_securityClass *)rxi_Alloc(size);
@@ -186,15 +186,15 @@
      tsc->refCount = 1;         /* caller gets one for free */
      tsc->ops = &rxkad_client_ops;

-    size = sizeof(struct rxkad_cprivate);
-    tcp = (struct rxkad_cprivate *)rxi_Alloc(size);
-    memset((void *)tcp, 0, size);
+    psize = PDATA_SIZE(ticketLen);
+    tcp = (struct rxkad_cprivate *)rxi_Alloc(psize);
+    memset((void *)tcp, 0, psize);
      tsc->privateData = (char *)tcp;
      tcp->type |= rxkad_client;
      tcp->level = level;
      code = fc_keysched(sessionkey, tcp->keysched);
      if (code) {
-       rxi_Free(tcp, sizeof(struct rxkad_cprivate));
+       rxi_Free(tcp, psize);
         rxi_Free(tsc, sizeof(struct rx_securityClass));
         return 0;               /* bad key */
      }
@@ -202,7 +202,7 @@
      tcp->kvno = kvno;          /* key version number */
      tcp->ticketLen = ticketLen;        /* length of ticket */
      if (tcp->ticketLen > MAXKTCTICKETLEN) {
-       rxi_Free(tcp, sizeof(struct rxkad_cprivate));
+       rxi_Free(tcp, psize);
         rxi_Free(tsc, sizeof(struct rx_securityClass));
         return 0;               /* bad key */
      }



--- rxkad_common.c.orig 2005-05-31 23:12:59.000000000 +0200
+++ rxkad_common.c      2005-12-15 09:27:26.784981267 +0100
@@ -311,7 +311,8 @@
      tcp = (struct rxkad_cprivate *)aobj->privateData;
      rxi_Free(aobj, sizeof(struct rx_securityClass));
      if (tcp->type & rxkad_client) {
-       rxi_Free(tcp, sizeof(struct rxkad_cprivate));
+       afs_int32 psize = PDATA_SIZE(tcp->ticketLen);
+       rxi_Free(tcp, psize);
      } else if (tcp->type & rxkad_server) {
         rxi_Free(tcp, sizeof(struct rxkad_sprivate));
      } else {


Hartmut

-----------------------------------------------------------------
Hartmut Reuter                           e-mail reuter@rzg.mpg.de
					   phone +49-89-3299-1328
RZG (Rechenzentrum Garching)               fax   +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------