Ralf Hildebrandt Ralf.Hildebrandt@charite.de wrote Tue, 1 Aug 2017 15:34:16 +0200:
Ralf is currently running with a patch that fixes this by taking a separate mutex before increasing or decreasing the reference count for a realm.
No crashes so far; I'd say we need to give this 2 more working days, but it sure seem to be crashing less than before (which was about 4 times a day)
No crashes today, either.
Thanks for the update. I think it's time for radsecproxy-1.6.9.
Two things regarding this bug though.
Why didn't we hear from this until now? The offending code is far from new. Who else besides Ralf run radsecproxy in a static configuration (ie no dynamicLookupCommand) on a multicore system and handle at least 10 requests/second? Would you mind grepping your logs for signs of crashes? 'createlistener' might be a good string to grep for.
I'm assuming that _reading_ a uint32_t without protection is going to be safe on all architectures we care about. Let me know if you think this is not true.