PK12045: CONTROL REGION OPI MEMORY LEAKS OCCUR IN SMALL SUBSET OF REQUESTS THAT RUN IN THE CR | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
![]() APAR status Closed as program error. Error description The server control region (CR) will grow in size. Analysis of a CR dump will show OPI records in the growing areas. This problem is specific to requests that run only within the CR, not the servant region (SR). The following trace can be used to help determine what is happening: F <server_name>,tracedetail=(3,4,E) F <server_name>,tracejava='com.ibm.ws.security.*=all=enabled' F <server_name>,tracejava='com.ibm.ws390.orb.*=all=enabled' This can be dynmically enabled to capture just a few requests rather than leaving itenable for long periods of time. In the trace entries look for this pattern of entries: Trace: 2005/09/04 09:57:24.995 01 t=9CF598 c=UNK key=S2 (13007002) FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl Category: ENTRY ExtendedMessage: connectReceivedCredential, with NSC: 1219977952 and UserID: XXYY and identityType nn . Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2 (13007002) FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl Category: DEBUG ExtendedMessage: built WS390CredentialToken . Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2 (13007002) FunctionName: com.ibm.ws.security.auth.WS390CredentialToken SourceId: com.ibm.ws.security.auth.WS390CredentialToken Category: DEBUG ExtendedMessage: Clone for Controller Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01B16C) Description: Entry to EJBRUNAS::cloneNSCToken input NSC token: : 1219977952 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01A12C) Description: Entry to RUNAS::cloneNSCToken input NSC token: : 1219977952 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01A131) Description: Exit from RUNAS::cloneNSCToken output NSC token: : 1219992512 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01B176) Description: Exit from EJBRUNAS::cloneNSCToken output NSC token: : 1219992512Local fix Problem summary **************************************************************** * USERS AFFECTED: All users of WebSphere Application Server * * V5.0 for z/OS * **************************************************************** * PROBLEM DESCRIPTION: Memory leak in the controller region * * for requests that only run within the * * controller region. Security OPI records * * are filling the growing areas of * * storage subpool 2 with key 2. The * * subpool is an area of virtual storage * * created by MVS. * **************************************************************** * RECOMMENDATION: * **************************************************************** Requests dispatched in the controller region cause an increase in memory usage due to unreleased Security OPI structures in that region. During a JAAS login, the credential token would be cloned, but the cloned token was not being classified as such. As a result, Security OPI structures were not being released from subpool storage. For a request that only gets dispatched in the controller region, a trace like the following one is displayed if debug tracing is enabled for com.ibm.ws.security.*: Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2 (13007002) FunctionName: com.ibm.ws.security.localOSORB.SecurityORBImpl SourceId: com.ibm.ws.security.localOSORB.SecurityORBImpl Category: DEBUG ExtendedMessage: built WS390CredentialToken Trace: 2005/09/04 09:57:24.996 01 t=9CF598 c=UNK key=S2 (13007002) FunctionName: com.ibm.ws.security.auth.WS390CredentialToken SourceId: com.ibm.ws.security.auth.WS390CredentialToken Category: DEBUG ExtendedMessage: Clone for Controller Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01B16C) Description: Entry to EJBRUNAS::cloneNSCToken input NSC token: : 1219977952 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01A12C) Description: Entry to RUNAS::cloneNSCToken input NSC token: : 1219977952 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01A131) Description: Exit from RUNAS::cloneNSCToken output NSC token: : 1219992512 Trace: 2005/09/04 09:57:24.997 01 t=9CF598 c=UNK key=S2 (0E01B176) Description: Exit from EJBRUNAS::cloneNSCToken output NSC token: : 1219992512Problem conclusion Properly classified the cloned credential token during a JAAS login and modified the WS390CredentialToken to correctly copy the classification of a credential token to be cloned. This allows the Security OPI structures to be released from subpool storage and eliminates the memory leak. APAR PK12045 is associated with SERVICE LEVEL W502039 of WebSphere Application Server V5.0 for z/OS.Temporary fix Comments
APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: UK12774 Modules/Macros
Publications Referenced
|
Document Information |
Current web document: swg1PK12045.html
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server for z/OS
Operating system(s):
Software version: 500
Software edition:
Reference #: PK12045
IBM Group: Software Group
Modified date: Apr 5, 2006
(C) Copyright IBM Corporation 2000, 2009. All Rights Reserved.