[jboss-jira] [JBoss JIRA] (WFLY-2139) ProxyStepHandler/Controller need to check access before attempting to read information

RH Bugzilla Integration (JIRA) jira-events at lists.jboss.org
Wed Sep 25 10:00:04 EDT 2013 

    [ https://issues.jboss.org/browse/WFLY-2139?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12807315#comment-12807315 ] 

RH Bugzilla Integration commented on WFLY-2139:
-----------------------------------------------

Brian Stansberry <brian.stansberry at redhat.com> made a comment on [bug 1011994|https://bugzilla.redhat.com/show_bug.cgi?id=1011994]

Description of problem:

The fix for https://bugzilla.redhat.com/show_bug.cgi?id=1010672 introduce a per-management request leak in slave HostController processes when common requests (e.g. read-resource) are proxied to the slave from the master. I believe the same leak will occur on domain servers for requests proxied from the HostController.

Over time this will result in OOME situations due either to the memory resources used by the threads, or because user process count limites are reached. (For example, on Linux each thread counts as a process.)

Version-Release number of selected component (if applicable):

6.2.0.ER3

How reproducible:

Against the master host controller, execute a series of /host=<nameofslave>:read-resource operations. Monitor the thread count (e.g. using jconsole) on the slave HC process and watch it go up.


We have a fix for this already in the process of getting merged into WildFly master.
                
> ProxyStepHandler/Controller need to check access before attempting to read information
> --------------------------------------------------------------------------------------
>
>                 Key: WFLY-2139
>                 URL: https://issues.jboss.org/browse/WFLY-2139
>             Project: WildFly
>          Issue Type: Sub-task
>          Components: Domain Management, Security
>            Reporter: Kabir Khan
>            Assignee: Kabir Khan
>             Fix For: 8.0.0.CR1
>
>
> This affects things like recursive :read-resource(-description) :read-children-resources and so on. The problem as it stands is that if you have, say, a host scoped role scoped to host=master, and there is also a slave host controller, and you try to :read-resource(recursive=true,proxies=true), the master will list the slave host controller in its list of child addresses. It will then execute /host=slave:read-resource(recursive=true,proxies=true), which will fail and roll back the tx since the master host scoped role does not have access to that resource.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list