Memory leaks that occur when tokens are frequently updated #1228

min-sung-kwon · 2024-06-17T01:10:27Z

min-sung-kwon
Jun 17, 2024

Situation: The OIDCRefreshAccessTokenBeforeExpiry value is set to receive a refresh token once a minute.
Result: Server memory usage exceeds 80-90% every 2-3 days in version 2.4.11.3.
Action: Update to version 2.4.15.7
Progress: We thought the issue had been resolved by confirming that the increase in memory usage had decreased, but we found that the increase had only decreased but was still increasing. Currently, server memory usage exceeds 80-90% once every 2-3 weeks.

The issue is as above and I would like to resolve the issue.

zandbelt · 2024-06-20T07:29:37Z

zandbelt
Jun 20, 2024
Maintainer

I don't think mod_auth_openidc is leaking memory, our valgrind reports don't show that. How did you come to this conclusion? Using OS process memory tools may not be as reliable.

12 replies

zandbelt Jun 21, 2024
Maintainer

Currently, we do not have an environment to diagnose memory leaks using Valgrind, etc., so we are recognizing the phenomenon through the memory usage of CentOS7.

we'll try on CentOS 7 as well then, and perhaps you can try the behavior on CentOS 9; which version of cjose are you using?

Are the Valgrind diagnostic logs you showed the result of testing in an environment where tokens are updated for each request?

yes

min-sung-kwon Jun 21, 2024
Author

We are using cjose version 0.6.1.

zandbelt Jun 21, 2024
Maintainer

please also try with the latest cjose from https://github.com/OpenIDC/cjose/releases/tag/v0.6.2.3 as memory leaks have been addressed in newer versions here as well; I'd be interested to learn about your findings on CentOS 9 as CentOS 7 has proven to be more problematic for us in the past (i.e. lingering semphores, wich seems to be OS related).

min-sung-kwon Jun 21, 2024
Author

We will update the cjose version next week and share the results. Thanks for your help.

zandbelt Jun 21, 2024
Maintainer

FWIW: cjose is a long shot; our tests on CentOS 7 show no definite memory leaks in Valgrind but there are "possible leaks" that increase with the number of runs, which is what your tool may be reporting on as well; the "possible leaks" are not related to mod_auth_openidc in itself but to the old versions of libapr/libapr-util in use on CentOS 7 and OpenSSL 1.0.2; all of which should be solved by migrating to a more recent and supported OS

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Memory leaks that occur when tokens are frequently updated #1228

{{title}}

Replies: 1 comment 12 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Memory leaks that occur when tokens are frequently updated #1228

min-sung-kwon Jun 17, 2024

Replies: 1 comment · 12 replies

zandbelt Jun 20, 2024 Maintainer

zandbelt Jun 21, 2024 Maintainer

min-sung-kwon Jun 21, 2024 Author

zandbelt Jun 21, 2024 Maintainer

min-sung-kwon Jun 21, 2024 Author

zandbelt Jun 21, 2024 Maintainer

min-sung-kwon
Jun 17, 2024

Replies: 1 comment 12 replies

zandbelt
Jun 20, 2024
Maintainer

zandbelt Jun 21, 2024
Maintainer

min-sung-kwon Jun 21, 2024
Author

zandbelt Jun 21, 2024
Maintainer

min-sung-kwon Jun 21, 2024
Author

zandbelt Jun 21, 2024
Maintainer