[jira] [Comment Edited] (SSHD-846) ECDH/HDG kex retains KeyPairGenerator

Tue, 02 Oct 2018 05:41:10 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-846?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16635405#comment-16635405
 ] 

Robert Varga edited comment on SSHD-846 at 10/2/18 12:40 PM:
-------------------------------------------------------------

[~lgoldstein] thanks for the patch, two comments:
 # I think it is still useful to nullify KeyPairGenerators, as it allows them 
to be freed while the key exchange is going on – it can take some time based on 
how quickly our peer responds, during which we should be able to shed them
 # I am no expert on locking and the codepaths, but it would seem that "kex = 
null" should happen before kexState.set(KexState.DONE) – otherwise the guard 
via compareAndSet() could be ineffective:
 ## Thread A: kexState.set(KexState.DONE)
 ## Thread A is scheduled out
 ## Thread B: kexState.compareAndSwap(KexState.DONE, KexState.RUN)
 ## Thread B: kex = ...
 ## Thread B is scheduled out
 ## Thread A: kex = null
 ## Thread B is scheduled in and accesses kex (which should be valid)
 ## NullPointerException


was (Author: nite):
[~lgoldstein] thanks for the patch, two comments:
 # I think it is still useful to nullify KeyPairGenerators, as it allows them 
to be freed while the key exchange is going on – it can take some time based on 
how quickly our peer responds, during which we should be able to shed it
 # I am no expert on locking and the codepaths, but it would seem that "kex = 
null" should happen before kexState.set(KexState.DONE) – otherwise the guard 
via compareAndSet() could be ineffective:
 ## Thread A: kexState.set(KexState.DONE)
 ## Thread A is scheduled out
 ## Thread B: kexState.compareAndSwap(KexState.DONE, KexState.RUN)
 ## Thread B: kex = ...
 ## Thread B is scheduled out
 ## Thread A: kex = null
 ## Thread B is scheduled in and accesses kex (which should be valid)
 ## NullPointerException

> ECDH/HDG kex retains KeyPairGenerator
> -------------------------------------
>
>                 Key: SSHD-846
>                 URL: https://issues.apache.org/jira/browse/SSHD-846
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.6.0, 1.7.0, 2.0.0
>            Reporter: Robert Varga
>            Assignee: Goldstein Lyor
>            Priority: Major
>
> Analysis of a heap dump of running OpenDaylight with 10K concurrent NETCONF 
> sessions over SSH transport shows that around 16% of the heap is used by 
> Bouncy Castle's KeyPairGeneratorSpi$EC and related objects – accounting for 
> ~26% of OpenDaylight's per-session memory overhead.
> These objects are retained by org.apache.sshd.common.kex.ECDH's myKpairGen 
> field, which is never used once a keypair is generated.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to