httpd1.exe Security Token Handle Leak (MEMLEAK)
Posted 24 July 2012 - 08:14 AM
Uniserver version I have tried: 8.5.8-Coral and 8.5.5-Coral
How to reproduce this problem:
1. Download Uniserver 8.5.5-Coral and extract it. Run apache and mysql as usual.
2. Download Process Explorer http://download.sysi...essExplorer.zip and extract it.
3. Run Process Explorer as Administrator, then View > Select Columns. In "Process Performance" tab, tick "Handle Count" > OK. After this, click View > Lower Pane View > tick "Handle"...
4. Click on httpd1.exe child processes which have around 300 handle count at startup... The lower pane will show the handle list...
5. Open your favorite browser, and go to http://127.0.0.1
Everytime you press refresh (F5) on your browser (re-request the webserver), you will notice that httpd1.exe have 1 more handle count in Process Explorer window... In the lower pane view, you will notice that 1 new security token handle is created with the name format like this: YOURCOMPUTERNAME\YOURUSERNAME:RANDOMTOKEN
This is where the problem happened. Everytime httpd1.exe server new web request, the handle is created, but NEVER closed, and will hogging system resources over time. It's okay on test server, but once you put it in production server with real websites running, the opened Handle Count of httpd1.exe will increase to a very high number...
In my server, it goes from 300 (at startup) to 1 million opened handle only in 2 days! Other process only consumes around 10 ~ 2000 handles. httpd1.exe memory consumption still remains around 20mb, but because handle consumes kernel space, your ram usage will increase around +512mb mysteriously for every 1 million handle...
In only two weeks, my server experience some slowdowns / freeze because too much handle for Windows to hold... I need to restart Uniserver Apache service every few days so the handle count reset back to around 300 after restart (and it will goes up quickly again everytime the world accessing my websites)...
If you want to mimic the behaviour of production server, after accessing http://127.0.0.1 try to hold down F5 buttons for 1 minutes... See how is the handle count now...
It only happened since I upgrade to 8.5.5-Coral (I'm sorry I forget the version before this which doesn't have this leak issues)... Maybe it's the problem on Apache or PHP compilation...
ss.jpg 170.7KB 31 downloads
Posted 24 July 2012 - 09:28 AM
I just tried 8.5.7-Coral on Windows Server 2008 32-Bit and the problem did not occur for me. After torturing the F5 button for a minute, I could see the handle count went up about 100 and then stayed there no matter how often I refreshed.
Posted 25 July 2012 - 06:38 AM
Have to restart my server periodically...
Posted 25 July 2012 - 04:28 PM
So I try open default uniserver index.php, commenting some function, then test refresh again...
Turns out that is_readable() function in line 7 of index.php was the culprit...
Try this simple script, save as index.php
it will leak handles each time this is executed. but if you change value index.php to something else (so file doesnt exist and is_readable() return false), it will not leak handles...
this is php bugs...
Posted 25 July 2012 - 05:22 PM
It seems happened since introduction of php 5.3.0. If you see in the changelogs:
Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
Revert back to UniServer 5.6a-Nano http://forum.uniform...?showtopic=1878 because it uses PHP 5.2.13. But the old apache version somehow turns me off because eaccelerator often crashes the apache. New apache seems more stable and consumes less memory.
Posted 26 July 2012 - 09:15 AM
Posted 26 July 2012 - 11:39 AM
Posted 26 July 2012 - 02:17 PM
All the best
Posted 20 August 2012 - 12:05 PM
Posted 22 November 2012 - 10:32 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users