bpo-37193: remove thread objects which finished process its request #13893
Conversation
|
Hi and thank you for the pull request. Just one question about the change: did you test it? |
|
Hello, Thank you for your kindly comment.
I only checked that this PR fixed the problem by memory monitoring tool and sample code written on the issue (https://bugs.python.org/issue37193) and didn't write test code because I couldn't decide whether it is necessary. (of course, it passed original test, test_socketserver) |
Perhaps it's better to wait for a core-dev for reviewing. :) |
maru-n
force-pushed
the
fix-issue-37193
branch
2 times, most recently
from
b5e8368
to
41c2122
Compare
|
A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated. Once you have made the requested changes, please leave a comment on this pull request containing the phrase |
|
Hello @vstinner By the way, now it seems that source code around _threads_lock (and _threads list) is redundant and not clear for me. (especially testing if it is none or not and initialize it) How you do you feel about this? |
|
Thanks for making the requested changes! @vstinner: please review the changes made to this pull request. |
jaraco
added
the
🔨 test-with-buildbots
bedevere-bot
removed
the
🔨 test-with-buildbots
This has a memory leak in the current Python version (python/cpython#13893)
|
I've reviewed it and believe I've addressed the concerns by Victor. Given that there's been no comment after several pings, I recommend to proceed. |
…ythonGH-13893) * bpo-37193: remove the thread which finished process request from threads list * rename variable t to thread. * don't remove thread from list if it is daemon. * use lock to protect self._threads. * use finally block in case of exception from shutdown_request(). * check "not thread.daemon" before lock to avoid holding the lock if it's unnecessary. * fix the place of _threads_lock. * separate code to remove a current thread into a function. * check ValueError when removing thread. * fix wrong code which all instance shared same lock. * Extract thread management into a _Threads class to encapsulate atomic operations and separate concerns. * Replace multiple references of 'block_on_close' with one, avoiding the possibility that 'block_on_close' could change during the course of processing requests. Now, there's exactly one _threads object with behavior fixed for the duration. * Add docstrings to private classes. * Add test to ensure that a ThreadingTCPServer can be closed without serving any requests. * Use _NoThreads as the default value. Fixes AttributeError when server is closed without serving any requests. * Add blurb * Add test capturing failure. Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> (cherry picked from commit c415590) Co-authored-by: MARUYAMA Norihiro <norihiro.maruyama@gmail.com>
|
GH-23087 is a backport of this pull request to the 3.9 branch. |
…ythonGH-13893) * bpo-37193: remove the thread which finished process request from threads list * rename variable t to thread. * don't remove thread from list if it is daemon. * use lock to protect self._threads. * use finally block in case of exception from shutdown_request(). * check "not thread.daemon" before lock to avoid holding the lock if it's unnecessary. * fix the place of _threads_lock. * separate code to remove a current thread into a function. * check ValueError when removing thread. * fix wrong code which all instance shared same lock. * Extract thread management into a _Threads class to encapsulate atomic operations and separate concerns. * Replace multiple references of 'block_on_close' with one, avoiding the possibility that 'block_on_close' could change during the course of processing requests. Now, there's exactly one _threads object with behavior fixed for the duration. * Add docstrings to private classes. * Add test to ensure that a ThreadingTCPServer can be closed without serving any requests. * Use _NoThreads as the default value. Fixes AttributeError when server is closed without serving any requests. * Add blurb * Add test capturing failure. Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> (cherry picked from commit c415590) Co-authored-by: MARUYAMA Norihiro <norihiro.maruyama@gmail.com>
|
GH-23088 is a backport of this pull request to the 3.8 branch. |
bedevere-bot
removed
needs backport to 3.8
|
GH-23089 is a backport of this pull request to the 3.7 branch. |
…ythonGH-13893) * bpo-37193: remove the thread which finished process request from threads list * rename variable t to thread. * don't remove thread from list if it is daemon. * use lock to protect self._threads. * use finally block in case of exception from shutdown_request(). * check "not thread.daemon" before lock to avoid holding the lock if it's unnecessary. * fix the place of _threads_lock. * separate code to remove a current thread into a function. * check ValueError when removing thread. * fix wrong code which all instance shared same lock. * Extract thread management into a _Threads class to encapsulate atomic operations and separate concerns. * Replace multiple references of 'block_on_close' with one, avoiding the possibility that 'block_on_close' could change during the course of processing requests. Now, there's exactly one _threads object with behavior fixed for the duration. * Add docstrings to private classes. * Add test to ensure that a ThreadingTCPServer can be closed without serving any requests. * Use _NoThreads as the default value. Fixes AttributeError when server is closed without serving any requests. * Add blurb * Add test capturing failure. Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> (cherry picked from commit c415590) Co-authored-by: MARUYAMA Norihiro <norihiro.maruyama@gmail.com>
|
|
This commit has introduced reference leaks: Ran 202 tests in 21.654s Example buildbot failure: https://buildbot.python.org/all/#/builders/562/builds/79/steps/5/logs/stdio |
…ythonGH-13893) * bpo-37193: remove the thread which finished process request from threads list * rename variable t to thread. * don't remove thread from list if it is daemon. * use lock to protect self._threads. * use finally block in case of exception from shutdown_request(). * check "not thread.daemon" before lock to avoid holding the lock if it's unnecessary. * fix the place of _threads_lock. * separate code to remove a current thread into a function. * check ValueError when removing thread. * fix wrong code which all instance shared same lock. * Extract thread management into a _Threads class to encapsulate atomic operations and separate concerns. * Replace multiple references of 'block_on_close' with one, avoiding the possibility that 'block_on_close' could change during the course of processing requests. Now, there's exactly one _threads object with behavior fixed for the duration. * Add docstrings to private classes. * Add test to ensure that a ThreadingTCPServer can be closed without serving any requests. * Use _NoThreads as the default value. Fixes AttributeError when server is closed without serving any requests. * Add blurb * Add test capturing failure. Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
…equest (pythonGH-13893)" (pythonGH-23107) This reverts commit c415590.
The ThreadingMixIn class (used by
ThreadingUDPServer/ThreadingTCPServer/...) server stopped using
daemon_threads by default with Python 3.7. But the releasing of the threads
is only done by Threading*Server when the server closes. So in the
meantime, all threads are gathered in the server object and thus we "leak"
memory over the lifetime of the server.
An attacker can therefore cause an OOM based DOS by just requesting some
resources again and again:
import socket
while True:
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(bytes("GET statistic", "utf-8"), ("127.0.0.1", 1001))
sock.close()
To work around this, the server can be forced back to used daemon_threads.
An actual fix for this problem has to be integrated by upstream. Like the
patches already started in PR python/cpython#13893
In ThreadingMixIn class, it hold child processes on list (self._threads variable) to join it when server is closed.
This list also contain thread objects which finished its process.
And it will be extended eternally.
So Memory usage keep increasing while running server until server_close() called in spite of all threads finished to process request in real time and computer resource is enough to process all request.
This PR remove thread objects after finished to avoid it.
https://bugs.python.org/issue37193