[Issues] [mod_gnutls 0000159]: mod_gnutls is eating memory

Mantis Bug Tracker issues at outoforder.cc
Tue Jul 12 16:13:44 EDT 2011


The following issue has been CLOSED 
====================================================================== 
http://issues.outoforder.cc/view.php?id=159 
====================================================================== 
Reported By:                dashula
Assigned To:                dashula
====================================================================== 
Project:                    mod_gnutls
Issue ID:                   159
Category:                   Apache Integration
Reproducibility:            always
Severity:                   major
Priority:                   high
Status:                     closed
Target Version:             0.5.10
Apache Version:              
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             2011-07-12 22:10 EET
Last Modified:              2011-07-12 22:13 EET
====================================================================== 
Summary:                    mod_gnutls is eating memory
Description: 
Hi,

I have a small test program which does simple http requests via TLS in 
an endless loop.

On the server side memory usage is increasing while the test is running. 
  If apache is restarted, actual resource consumption gets a reset to 
its normal state.

If openssl (mod_ssl) is used, memory consumption does not increase.

I've first observed this on a patched mod_gnutls which uses TLS-PSK, so 
I thought the fault was on my side.

But after removing the PSK patches, the problem still persists with 
RSA-AES256.  So I'm now assuming, that either mod_gnutls (0.5.9) or 
gnutls (2.10.3) itself is the culprit.

This all happens on Debian (mod_gnutls compiled myself).

The test program looks like:

#!/bin/bash
cd /tmp
while true; do
   wget --proxy=off -O info.cgi.html --no-check-certificate 
'https://192.168.178.30/hardy/info.cgi'
done

Anybody else? Anybody got an idea where to start searching?

Thanks

Hardy

Additional Information: 
On 27.03.2011 22:33, Hardy Griech wrote:
:
> Anybody else? Anybody got an idea where to start searching?
:

Current findings:

in mgs_filter_output() the block with the condition 'if 
(AP_BUCKET_IS_EOC(bucket))' is never executed, because the condition 
seems to be always false.

Inside this block, gnutls_deinit() should be called...

So, there is a call to gnutls_init() without a matching gnutls_deinit() 
- or do I miss something?

Hardy
====================================================================== 

---------------------------------------------------------------------- 
 (0000275) dashula (manager) - 2011-07-12 22:12
 http://issues.outoforder.cc/view.php?id=159#c275 
---------------------------------------------------------------------- 
Hi Hardy,

Tracing through apache with gdb revealed that there seems to be no actual
memory-leaks, but some serious bugs in mgs_filter_output().

The function seems to get stuck into an infinite loop, on line 555: while
(!APR_BRIGADE_EMPTY(bb)) {...
This seems to be because when we encounter an EOC (End-Of-Connection) Bucket we
de-initialize the session (as we should) but do not terminate but instead
continue the loop.

Therefore apache tries to create more clients
(http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients) therefore
increasing Apache's memory.

IE. Because your script only uses only 1 concurrent client (same as running the
apache benchmark with -c1) , apache should not be starting new children,
     but because each child that apache tries to use gets stuck into this
infinite loop (I can confirm this by a 100% spike in my CPU usage), apache tries
to service the request using a new child, until that child also hits this loop,
and once again apache starts another child...etc. you get the idea. 

---------------------------------------------------------------------- 
 (0000276) dashula (manager) - 2011-07-12 22:13
 http://issues.outoforder.cc/view.php?id=159#c276 
---------------------------------------------------------------------- 
See Notes. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-07-12 22:10 dashula        New Issue                                    
2011-07-12 22:10 dashula        Status                   new => assigned     
2011-07-12 22:10 dashula        Assigned To               => dashula         
2011-07-12 22:12 dashula        Note Added: 0000275                          
2011-07-12 22:13 dashula        Note Added: 0000276                          
2011-07-12 22:13 dashula        Status                   assigned => closed  
======================================================================




More information about the Issues mailing list