Re: Thread leak by LdapLoginModule
If 8217606 is your issue, then it's fixed in JDK 11.0.8 which is due for
release in mid July.
regards,
Sean.
On 09/06/2020 22:15, Mkrtchyan, Tigran wrote:
Hi all,
with Java-11 we have notice a thread leak with ldap module.
We use LDAP to authenticate users with username+pasword by
directly calling LdapLoginModule. This was ok with java 7 and
java 8. With java 11 we see threads getting accumulated. here is a
test case that demonstrates it:
```
private static final String USERNAME_KEY =
"javax.security.auth.login.name";
private static final String PASSWORD_KEY =
"javax.security.auth.login.password";
String ldapUrl = "ldap://;;
String peopleOU = "ou= ... o= ... c=...");
String user = ...;
String pass = ...;
@Test
public void threadLeakTest() throws AuthenticationException,
NoSuchPrincipalException, LoginException {
Map threadsBefore =
Thread.getAllStackTraces();
Map globalLoginOptions = Map.of(
"userProvider", ldapUrl + "/" + peopleOU,
"useSSL", "false",
"userFilter", "(uid={USERNAME})",
"useFirstPass", "true"
);
for (int i = 0; i < 10; i++) {
Map loginOptions = Map.of(
USERNAME_KEY, user,
PASSWORD_KEY, pass.toCharArray());
Subject subject = new Subject();
LdapLoginModule loginModule = new LdapLoginModule();
loginModule.initialize(subject, null, loginOptions,
globalLoginOptions);
loginModule.login();
loginModule.commit();
loginModule.logout();
}
Map threadsAfter =
Thread.getAllStackTraces();
assertEquals("Thread leak detected", threadsBefore.size() + 1,
threadsAfter.size());
}
```
The thread count difference is always equals to the number of iterations in the
loop, e.g. on each call a
thread is created and stays around. Eventually our server crashes with:
[19497.011s][warning][os,thread] Attempt to protect stack guard pages failed
(0x7fcc4c65c000-0x7fcc4c66).
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000,
16384, 0) failed; error='Not enough space' (errno=12)
The issue is not observed with java-14, thus I assume that the fix is related
to commit
http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4
As java-11 is LTS, what is the procedure to get it fix back-ported?
Regards,
Tigran.
Re: Thread leak by LdapLoginModule
Hi, found it: https://bugs.openjdk.java.net/browse/JDK-8237876 Thanks, Tigran. - Original Message - > From: "Daniel Fuchs" > To: "Sean Mullan" , "Tigran Mkrtchyan" > , "security-dev" > > Cc: "core-libs-dev" > Sent: Wednesday, June 10, 2020 4:29:36 PM > Subject: Re: Thread leak by LdapLoginModule > On 09/06/2020 23:21, Sean Mullan wrote: >>> The issue is not observed with java-14, thus I assume that the fix is >>> related to commit >>> >>> http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 >>> >>> As java-11 is LTS, what is the procedure to get it fix back-ported? > > Hi, > > AFAICS the fix has already been backported to JDK 11.0.8. > > best regards, > > -- daniel
Re: Thread leak by LdapLoginModule
On 09/06/2020 23:21, Sean Mullan wrote: The issue is not observed with java-14, thus I assume that the fix is related to commit http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 As java-11 is LTS, what is the procedure to get it fix back-ported? Hi, AFAICS the fix has already been backported to JDK 11.0.8. best regards, -- daniel
Re: Thread leak by LdapLoginModule
Adding core-libs-dev ...
--Sean
On 6/9/20 5:15 PM, Mkrtchyan, Tigran wrote:
Hi all,
with Java-11 we have notice a thread leak with ldap module.
We use LDAP to authenticate users with username+pasword by
directly calling LdapLoginModule. This was ok with java 7 and
java 8. With java 11 we see threads getting accumulated. here is a
test case that demonstrates it:
```
private static final String USERNAME_KEY =
"javax.security.auth.login.name";
private static final String PASSWORD_KEY =
"javax.security.auth.login.password";
String ldapUrl = "ldap://;;
String peopleOU = "ou= ... o= ... c=...");
String user = ...;
String pass = ...;
@Test
public void threadLeakTest() throws AuthenticationException,
NoSuchPrincipalException, LoginException {
Map threadsBefore =
Thread.getAllStackTraces();
Map globalLoginOptions = Map.of(
"userProvider", ldapUrl + "/" + peopleOU,
"useSSL", "false",
"userFilter", "(uid={USERNAME})",
"useFirstPass", "true"
);
for (int i = 0; i < 10; i++) {
Map loginOptions = Map.of(
USERNAME_KEY, user,
PASSWORD_KEY, pass.toCharArray());
Subject subject = new Subject();
LdapLoginModule loginModule = new LdapLoginModule();
loginModule.initialize(subject, null, loginOptions,
globalLoginOptions);
loginModule.login();
loginModule.commit();
loginModule.logout();
}
Map threadsAfter =
Thread.getAllStackTraces();
assertEquals("Thread leak detected", threadsBefore.size() + 1,
threadsAfter.size());
}
```
The thread count difference is always equals to the number of iterations in the
loop, e.g. on each call a
thread is created and stays around. Eventually our server crashes with:
[19497.011s][warning][os,thread] Attempt to protect stack guard pages failed
(0x7fcc4c65c000-0x7fcc4c66).
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000,
16384, 0) failed; error='Not enough space' (errno=12)
The issue is not observed with java-14, thus I assume that the fix is related
to commit
http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4
As java-11 is LTS, what is the procedure to get it fix back-ported?
Regards,
Tigran.
Thread leak by LdapLoginModule
Hi all,
with Java-11 we have notice a thread leak with ldap module.
We use LDAP to authenticate users with username+pasword by
directly calling LdapLoginModule. This was ok with java 7 and
java 8. With java 11 we see threads getting accumulated. here is a
test case that demonstrates it:
```
private static final String USERNAME_KEY = "javax.security.auth.login.name";
private static final String PASSWORD_KEY =
"javax.security.auth.login.password";
String ldapUrl = "ldap://;;
String peopleOU = "ou= ... o= ... c=...");
String user = ...;
String pass = ...;
@Test
public void threadLeakTest() throws AuthenticationException,
NoSuchPrincipalException, LoginException {
Map threadsBefore =
Thread.getAllStackTraces();
Map globalLoginOptions = Map.of(
"userProvider", ldapUrl + "/" + peopleOU,
"useSSL", "false",
"userFilter", "(uid={USERNAME})",
"useFirstPass", "true"
);
for (int i = 0; i < 10; i++) {
Map loginOptions = Map.of(
USERNAME_KEY, user,
PASSWORD_KEY, pass.toCharArray());
Subject subject = new Subject();
LdapLoginModule loginModule = new LdapLoginModule();
loginModule.initialize(subject, null, loginOptions,
globalLoginOptions);
loginModule.login();
loginModule.commit();
loginModule.logout();
}
Map threadsAfter =
Thread.getAllStackTraces();
assertEquals("Thread leak detected", threadsBefore.size() + 1,
threadsAfter.size());
}
```
The thread count difference is always equals to the number of iterations in the
loop, e.g. on each call a
thread is created and stays around. Eventually our server crashes with:
[19497.011s][warning][os,thread] Attempt to protect stack guard pages failed
(0x7fcc4c65c000-0x7fcc4c66).
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000,
16384, 0) failed; error='Not enough space' (errno=12)
The issue is not observed with java-14, thus I assume that the fix is related
to commit
http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4
As java-11 is LTS, what is the procedure to get it fix back-ported?
Regards,
Tigran.
