Re: Thread leak by LdapLoginModule
If 8217606 is your issue, then it's fixed in JDK 11.0.8 which is due for release in mid July. regards, Sean. On 09/06/2020 22:15, Mkrtchyan, Tigran wrote: Hi all, with Java-11 we have notice a thread leak with ldap module. We use LDAP to authenticate users with username+pasword by directly calling LdapLoginModule. This was ok with java 7 and java 8. With java 11 we see threads getting accumulated. here is a test case that demonstrates it: ``` private static final String USERNAME_KEY = "javax.security.auth.login.name"; private static final String PASSWORD_KEY = "javax.security.auth.login.password"; String ldapUrl = "ldap://;; String peopleOU = "ou= ... o= ... c=..."); String user = ...; String pass = ...; @Test public void threadLeakTest() throws AuthenticationException, NoSuchPrincipalException, LoginException { Map threadsBefore = Thread.getAllStackTraces(); Map globalLoginOptions = Map.of( "userProvider", ldapUrl + "/" + peopleOU, "useSSL", "false", "userFilter", "(uid={USERNAME})", "useFirstPass", "true" ); for (int i = 0; i < 10; i++) { Map loginOptions = Map.of( USERNAME_KEY, user, PASSWORD_KEY, pass.toCharArray()); Subject subject = new Subject(); LdapLoginModule loginModule = new LdapLoginModule(); loginModule.initialize(subject, null, loginOptions, globalLoginOptions); loginModule.login(); loginModule.commit(); loginModule.logout(); } Map threadsAfter = Thread.getAllStackTraces(); assertEquals("Thread leak detected", threadsBefore.size() + 1, threadsAfter.size()); } ``` The thread count difference is always equals to the number of iterations in the loop, e.g. on each call a thread is created and stays around. Eventually our server crashes with: [19497.011s][warning][os,thread] Attempt to protect stack guard pages failed (0x7fcc4c65c000-0x7fcc4c66). OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000, 16384, 0) failed; error='Not enough space' (errno=12) The issue is not observed with java-14, thus I assume that the fix is related to commit http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 As java-11 is LTS, what is the procedure to get it fix back-ported? Regards, Tigran.
Re: Thread leak by LdapLoginModule
Hi, found it: https://bugs.openjdk.java.net/browse/JDK-8237876 Thanks, Tigran. - Original Message - > From: "Daniel Fuchs" > To: "Sean Mullan" , "Tigran Mkrtchyan" > , "security-dev" > > Cc: "core-libs-dev" > Sent: Wednesday, June 10, 2020 4:29:36 PM > Subject: Re: Thread leak by LdapLoginModule > On 09/06/2020 23:21, Sean Mullan wrote: >>> The issue is not observed with java-14, thus I assume that the fix is >>> related to commit >>> >>> http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 >>> >>> As java-11 is LTS, what is the procedure to get it fix back-ported? > > Hi, > > AFAICS the fix has already been backported to JDK 11.0.8. > > best regards, > > -- daniel
Re: Thread leak by LdapLoginModule
On 09/06/2020 23:21, Sean Mullan wrote: The issue is not observed with java-14, thus I assume that the fix is related to commit http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 As java-11 is LTS, what is the procedure to get it fix back-ported? Hi, AFAICS the fix has already been backported to JDK 11.0.8. best regards, -- daniel
Re: Thread leak by LdapLoginModule
Adding core-libs-dev ... --Sean On 6/9/20 5:15 PM, Mkrtchyan, Tigran wrote: Hi all, with Java-11 we have notice a thread leak with ldap module. We use LDAP to authenticate users with username+pasword by directly calling LdapLoginModule. This was ok with java 7 and java 8. With java 11 we see threads getting accumulated. here is a test case that demonstrates it: ``` private static final String USERNAME_KEY = "javax.security.auth.login.name"; private static final String PASSWORD_KEY = "javax.security.auth.login.password"; String ldapUrl = "ldap://;; String peopleOU = "ou= ... o= ... c=..."); String user = ...; String pass = ...; @Test public void threadLeakTest() throws AuthenticationException, NoSuchPrincipalException, LoginException { Map threadsBefore = Thread.getAllStackTraces(); Map globalLoginOptions = Map.of( "userProvider", ldapUrl + "/" + peopleOU, "useSSL", "false", "userFilter", "(uid={USERNAME})", "useFirstPass", "true" ); for (int i = 0; i < 10; i++) { Map loginOptions = Map.of( USERNAME_KEY, user, PASSWORD_KEY, pass.toCharArray()); Subject subject = new Subject(); LdapLoginModule loginModule = new LdapLoginModule(); loginModule.initialize(subject, null, loginOptions, globalLoginOptions); loginModule.login(); loginModule.commit(); loginModule.logout(); } Map threadsAfter = Thread.getAllStackTraces(); assertEquals("Thread leak detected", threadsBefore.size() + 1, threadsAfter.size()); } ``` The thread count difference is always equals to the number of iterations in the loop, e.g. on each call a thread is created and stays around. Eventually our server crashes with: [19497.011s][warning][os,thread] Attempt to protect stack guard pages failed (0x7fcc4c65c000-0x7fcc4c66). OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000, 16384, 0) failed; error='Not enough space' (errno=12) The issue is not observed with java-14, thus I assume that the fix is related to commit http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 As java-11 is LTS, what is the procedure to get it fix back-ported? Regards, Tigran.
Thread leak by LdapLoginModule
Hi all, with Java-11 we have notice a thread leak with ldap module. We use LDAP to authenticate users with username+pasword by directly calling LdapLoginModule. This was ok with java 7 and java 8. With java 11 we see threads getting accumulated. here is a test case that demonstrates it: ``` private static final String USERNAME_KEY = "javax.security.auth.login.name"; private static final String PASSWORD_KEY = "javax.security.auth.login.password"; String ldapUrl = "ldap://;; String peopleOU = "ou= ... o= ... c=..."); String user = ...; String pass = ...; @Test public void threadLeakTest() throws AuthenticationException, NoSuchPrincipalException, LoginException { Map threadsBefore = Thread.getAllStackTraces(); Map globalLoginOptions = Map.of( "userProvider", ldapUrl + "/" + peopleOU, "useSSL", "false", "userFilter", "(uid={USERNAME})", "useFirstPass", "true" ); for (int i = 0; i < 10; i++) { Map loginOptions = Map.of( USERNAME_KEY, user, PASSWORD_KEY, pass.toCharArray()); Subject subject = new Subject(); LdapLoginModule loginModule = new LdapLoginModule(); loginModule.initialize(subject, null, loginOptions, globalLoginOptions); loginModule.login(); loginModule.commit(); loginModule.logout(); } Map threadsAfter = Thread.getAllStackTraces(); assertEquals("Thread leak detected", threadsBefore.size() + 1, threadsAfter.size()); } ``` The thread count difference is always equals to the number of iterations in the loop, e.g. on each call a thread is created and stays around. Eventually our server crashes with: [19497.011s][warning][os,thread] Attempt to protect stack guard pages failed (0x7fcc4c65c000-0x7fcc4c66). OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x7fcc4c55b000, 16384, 0) failed; error='Not enough space' (errno=12) The issue is not observed with java-14, thus I assume that the fix is related to commit http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4 As java-11 is LTS, what is the procedure to get it fix back-ported? Regards, Tigran.