Ubuntu
squid package

Merge ~sergiodj/ubuntu/+source/squid:memory-leak-connect-tunnel-closed into ubuntu/+source/squid:ubuntu/jammy-devel

  1. Git
  2. lp:~sergiodj/ubuntu/+source/squid
  3. memory-leak-connect-tunnel-closed
  4. Merge into ubuntu/jammy-devel
Proposed by Sergio Durigan Junior
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: d1f45a9a3e451979516fafc71c6bf1dbe4949217
Proposed branch: ~sergiodj/ubuntu/+source/squid:memory-leak-connect-tunnel-closed
Merge into: ubuntu/+source/squid:ubuntu/jammy-devel
Diff against target: 76 lines (+54/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/close-tunnel-if-to-server-conn-closes-after-client.patch (+45/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Bryce Harrington (community) Approve
Canonical Server Reporter Pending
Review via email: mp+436158@code.launchpad.net

Description of the change

This MP fixes a memory leak that's affecting squid on Jammy.

Unfortunately, it's yet another one of those bugs that's hard to reproduce locally due to its non-determinism. I couldn't reproduce it, but fortunately the reporter has been very helpful and was able not only to make the memory leak happen consistently but also to confirm that this fix I'm proposing indeed solves the problem.

You can also check upstream's discussion and lengthy investigation here: https://bugs.squid-cache.org/show_bug.cgi?id=5132

As you can see, the patch is very simple and functionally just adds a call to retryOrBail, which acts like a destructor freeing up unneeded resources.

There's a PPA with the proposed changes here:

https://launchpad.net/~sergiodj/+archive/ubuntu/squid-bug1989380-proper

autopkgtest results:

Results: (from http://autopkgtest.ubuntu.com/results/autopkgtest-jammy-sergiodj-squid-bug1989380-proper/?format=plain)
  squid @ amd64:
    19.01.23 23:21:01 Log 🗒️ ✅ Triggers: squid/5.2-1ubuntu4.3~ppa1
  squid @ arm64:
    19.01.23 23:19:07 Log 🗒️ ✅ Triggers: squid/5.2-1ubuntu4.3~ppa1
  squid @ ppc64el:
    19.01.23 23:07:15 Log 🗒️ ✅ Triggers: squid/5.2-1ubuntu4.3~ppa1
  squid @ s390x:
    19.01.23 23:03:24 Log 🗒️ ✅ Triggers: squid/5.2-1ubuntu4.3~ppa1

I retriggered the test on armhf because it failed there due to flakiness.

To post a comment you must log in.
Revision history for this message
Bryce Harrington (bryce) wrote :

The fix in question is indeed simple - just a one-liner - but it does change behavior on server closure so side-effects could be worth looking for, as is noted in LP: #1989380.

The upstream bug report itemizes a very detailed analysis and identification of the flaw, and as mentioned in the SRU text it sounds like we can rely on them if there is indeed a regression. The LP bug reporter also appears actively involved so we can depend on them for helping with the verification.

I'm going to re-read the analysis just to understand it better, but otherwise everything looks good. Packaging is solid, as is the testing and SRU text. +1 for upload.

review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: sergiodj, bryce
Uploaders: sergiodj, bryce
MP auto-approved

review: Approve
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

On Friday, January 20 2023, Bryce Harrington wrote:

> The fix in question is indeed simple - just a one-liner - but it does
> change behavior on server closure so side-effects could be worth
> looking for, as is noted in LP: #1989380.
>
> The upstream bug report itemizes a very detailed analysis and
> identification of the flaw, and as mentioned in the SRU text it sounds
> like we can rely on them if there is indeed a regression. The LP bug
> reporter also appears actively involved so we can depend on them for
> helping with the verification.
>
> I'm going to re-read the analysis just to understand it better, but
> otherwise everything looks good. Packaging is solid, as is the
> testing and SRU text. +1 for upload.

Thanks a lot for the review, Bryce.

Uploaded:

$ dput squid_5.2-1ubuntu4.3_source.changes
Trying to upload package to ubuntu
Checking signature on .changes
gpg: /home/sergio/work/squid/squid_5.2-1ubuntu4.3_source.changes: Valid signature from 106DA1C8C3CBBF14
Checking signature on .dsc
gpg: /home/sergio/work/squid/squid_5.2-1ubuntu4.3.dsc: Valid signature from 106DA1C8C3CBBF14
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading squid_5.2-1ubuntu4.3.dsc: done.
  Uploading squid_5.2-1ubuntu4.3.debian.tar.xz: done.
  Uploading squid_5.2-1ubuntu4.3_source.buildinfo: done.
  Uploading squid_5.2-1ubuntu4.3_source.changes: done.
Successfully uploaded packages.

--
Sergio
GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index ad43ef6..4cadc22 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+squid (5.2-1ubuntu4.3) jammy; urgency=medium
7+
8+ * d/p/close-tunnel-if-to-server-conn-closes-after-client.patch:
9+ Close tunnel "job" after to-server client connection closes,
10+ fixing memory leak. (LP: #1989380)
11+
12+ -- Sergio Durigan Junior <sergio.durigan@canonical.com> Thu, 05 Jan 2023 15:50:48 -0500
13+
14 squid (5.2-1ubuntu4.2) jammy-security; urgency=medium
15
16 * SECURITY UPDATE: Exposure of Sensitive Information in Cache Manager
17diff --git a/debian/patches/close-tunnel-if-to-server-conn-closes-after-client.patch b/debian/patches/close-tunnel-if-to-server-conn-closes-after-client.patch
18new file mode 100644
19index 0000000..96b77ab
20--- /dev/null
21+++ b/debian/patches/close-tunnel-if-to-server-conn-closes-after-client.patch
22@@ -0,0 +1,45 @@
23+From: Alex Rousskov <rousskov@measurement-factory.com>
24+Date: Sun, 9 Jan 2022 10:41:24 +0000
25+Subject: Bug 5132: Close the tunnel if to-server conn closes after client
26+ (#957)
27+
28+Since commit 25d2603, blind CONNECT tunnel "jobs" (and equivalent) were
29+not destroyed upon a "lonely" to-server connection closure, leading to
30+memory leaks. And when a from-client connection was still present at the
31+time of the to-server connection closure, we did not try to reforward,
32+violating the spirit of commit 25d2603 changes. Calling retryOrBail() is
33+sufficient to handle both cases.
34+
35+Origin: upstream, https://github.com/squid-cache/squid/commit/54ad10efe146c863bdadee0d1161299ea89f5419
36+Bug: https://bugs.squid-cache.org/show_bug.cgi?id=5132
37+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/squid/+bug/1989380
38+Reviewed-By: Sergio Durigan Junior <sergiodj@ubuntu.com>
39+Last-Update: 2023-01-20
40+Applied-Upstream: 5.4
41+---
42+ src/tunnel.cc | 5 ++---
43+ 1 file changed, 2 insertions(+), 3 deletions(-)
44+
45+diff --git a/src/tunnel.cc b/src/tunnel.cc
46+index eb06544..159669b 100644
47+--- a/src/tunnel.cc
48++++ b/src/tunnel.cc
49+@@ -316,6 +316,8 @@ void
50+ TunnelStateData::serverClosed()
51+ {
52+ server.noteClosure();
53++
54++ retryOrBail(__FUNCTION__);
55+ }
56+
57+ /// TunnelStateData::clientClosed() wrapper
58+@@ -418,9 +420,6 @@ TunnelStateData::checkRetry()
59+ void
60+ TunnelStateData::retryOrBail(const char *context)
61+ {
62+- // Since no TCP payload has been passed to client or server, we may
63+- // TCP-connect to other destinations (including alternate IPs).
64+-
65+ assert(!server.conn);
66+
67+ const auto *bailDescription = checkRetry();
68diff --git a/debian/patches/series b/debian/patches/series
69index 1c4ec9e..dd4f3e8 100644
70--- a/debian/patches/series
71+++ b/debian/patches/series
72@@ -21,3 +21,4 @@ openssl3-Remove-stale-TODO-and-comment.patch
73 CVE-2021-46784.patch
74 CVE-2022-41317.patch
75 CVE-2022-41318.patch
76+close-tunnel-if-to-server-conn-closes-after-client.patch

Subscribers

People subscribed via source and target branches