Bug 440259 - mod_ldap high cpu usage after servicing a number of requests
mod_ldap high cpu usage after servicing a number of requests
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: httpd (Show other bugs)
5.1
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Joe Orton
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-02 10:57 EDT by John Skopis
Modified: 2009-01-20 16:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 16:07:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Skopis 2008-04-02 10:57:15 EDT
Description of problem:
If mod_ldap and mod_authnz_ldap are enabled after servicing a number of requests
get "stuck" in a loop consuming 100% of the CPU.


Version-Release number of selected component (if applicable):
httpd-2.2.3-11.el5.centos

How reproducible:
1) install apache + ldap
2) configure <Location> to be protected with a password using mod_ldap as the
backend.
3) store an index.html w/ a meta-refresh in the protected area
4) browse to protected URI and authenticate
5) let metarefresh reload the page a few thousand times
6) note the 100% cpu usage and mod_ldap blocking the page load.

Additional info:
from #apache on freenode, the instability is fixed in 2.2.8 and above. When  I
asked for the patchset this is what I got:
http://svn.apache.org/viewvc?view=rev&revision=595664

Perhaps it makes more sense to compile 2.2.8 modules against the RH httpd-2.2.3
build?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

	

(gdb) bt
#0  0x00002aaaab390794 in apr_date_parse_rfc () from /usr/lib64/libaprutil-1.so.0
#1  0x00002aaaab390f4b in apr_rmm_calloc () from /usr/lib64/libaprutil-1.so.0
#2  0x00002aaab089dd05 in util_ald_alloc () from /etc/httpd/modules/mod_ldap.so
#3  0x00002aaab089dfac in util_ald_create_cache () from
/etc/httpd/modules/mod_ldap.so
#4  0x00002aaab089e3ba in util_ald_create_caches () from
/etc/httpd/modules/mod_ldap.so
#5  0x00002aaab089c117 in ?? () from /etc/httpd/modules/mod_ldap.so
#6  0x00002aaab0aa57ad in ?? () from /etc/httpd/modules/mod_authnz_ldap.so
#7  0x00002aaaaee6ff90 in ?? () from /etc/httpd/modules/mod_auth_basic.so
#8  0x0000555555578be2 in ap_run_check_user_id () from /usr/sbin/httpd
#9  0x0000555555579df7 in ap_process_request_internal () from /usr/sbin/httpd
#10 0x000055555558b5d8 in ap_process_request () from /usr/sbin/httpd
#11 0x0000555555588870 in ap_register_input_filter () from /usr/sbin/httpd
#12 0x0000555555584a52 in ap_run_process_connection () from /usr/sbin/httpd
#13 0x000055555558f20b in ap_graceful_stop_signalled () from /usr/sbin/httpd
#14 0x000055555558f49a in ap_graceful_stop_signalled () from /usr/sbin/httpd
#15 0x000055555558f550 in ap_graceful_stop_signalled () from /usr/sbin/httpd
#16 0x0000555555590246 in ap_mpm_run () from /usr/sbin/httpd
#17 0x000055555556ae04 in main () from /usr/sbin/httpd
(gdb) The program is running.  Quit anyway (and detach it)? (y or n) y
Comment 1 Joe Orton 2008-04-03 05:20:40 EDT
Thanks for the report.  We can backport that fix for a future update.
Comment 2 Joe Orton 2008-04-03 05:22:01 EDT
(Please contact Red Hat Support if you need a supported fix for this issue in
the mean time)
Comment 3 RHEL Product and Program Management 2008-06-02 16:10:48 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 8 errata-xmlrpc 2009-01-20 16:07:58 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0185.html

Note You need to log in before you can comment on or make changes to this bug.