https://issues.apache.org/bugzilla/show_bug.cgi?id=52856

             Bug #: 52856
           Summary: High CPU load when the underlying socket error in
                    ssl_socket_send is EAGAIN
           Product: Tomcat Native
           Version: 1.1.22
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: Library
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: dmitry.kukush...@external.telekom.de
    Classification: Unclassified


How to reproduce:
Tomcat with the APR connector, using HTTPS scheme, when a client requests for
some quite a big (~100K-200K) static file, and breaks the connection
unexpectedly.
Shell script to reproduce:
#!/bin/bash
# A way to reproduce the bug in the APR connector.
# Must be run from a different machine, the Tomcat is running on.
# Author: Andreas Florath ( andreas.florath at external.telekom.de )


for port in 17890 17891 17892 17893 17894 17895 17896 17897 17898 17899; do
     curl --local-port $port --insecure "https://<host>:<port>/<some big file>"
&
     sleep 0.1
     iptables -A OUTPUT -p tcp --sport $port -j REJECT
done


Connector enters a socket write loop, taking nearly 1 CPU core.
A snippet from the strace log:
...
[pid 32221] write(91,
"\347\2\22\36\334\222\2525g\215\342\352A\324\246\340\7\265(\205n\362\215\34az\363>\37Up\213"...,
1789 <unfinished ...>
[pid 32222] <... futex resumed> )       = 0
[pid 32221] <... write resumed> )       = -1 EAGAIN (Resource temporarily
unavailable)
[pid 32222] write(94,
"\276\275\263zN\n\20^\35\200\3.\5\n\35\300o\364\373\305\356\35\24{\302\200\242\346\22\241\256\326"...,
2812 <unfinished ...>
[pid 32221] write(91,
"\347\2\22\36\334\222\2525g\215\342\352A\324\246\340\7\265(\205n\362\215\34az\363>\37Up\213"...,
1789 <unfinished ...>
[pid 32222] <... write resumed> )       = -1 EAGAIN (Resource temporarily
unavailable)
[pid 32221] <... write resumed> )       = -1 EAGAIN (Resource temporarily
unavailable)
[pid 32222] write(94,
"\276\275\263zN\n\20^\35\200\3.\5\n\35\300o\364\373\305\356\35\24{\302\200\242\346\22\241\256\326"...,
2812 <unfinished ...>
[pid 32221] write(91,
"\347\2\22\36\334\222\2525g\215\342\352A\324\246\340\7\265(\205n\362\215\34az\363>\37Up\213"...,
1789 <unfinished ...>
[pid 32222] <... write resumed> )       = -1 EAGAIN (Resource temporarily
unavailable)
[pid 32221] <... write resumed> )       = -1 EAGAIN (Resource temporarily
unavailable)
...

Possible patch:
Add polling for writing with the timeout before the next ssl socket write
attempt in case of EAGAIN
--- tomcat-native-1.1.22-src/jni/native/src/sslnetwork.c
+++ tomcat-native-1.1.22-src/jni/native/src/sslnetwork.c
@@ -471,7 +471,7 @@
                 break;
                 case SSL_ERROR_WANT_READ:
                 case SSL_ERROR_WANT_WRITE:
-                    if (nb && i == SSL_ERROR_WANT_WRITE) {
+                    if (nb && i == SSL_ERROR_WANT_WRITE &&
!APR_STATUS_IS_EAGAIN(os) ) {
                         *len = 0;
                         return APR_SUCCESS;
                     }

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to