Database ( 'FileSize' * 'PageSize' = 840M ) function in "memory-constrained environments": Windows 7 32-bit & 4G RAM:
After the upgrade to 4178, we started getting the following errors:
Unfortunately, changing server option (from -c 15% to -cl 700M & -ch 1G) and unload/reload database do not resolve the errors. Does this mean a "memory leak" in 4178? asked 30 Jul '15, 08:19 Ilia63 |
19.08.2015 - 17:57:39 CET - Info for Customer by SAP answered 25 Aug '15, 12:38 Ilia63 Volker Barth
Is that supposed to be 12.0.1.4301? ...I only ask because 12.0.1.4301 just got released, and because...
...will not ever exist (there will never, ever, be a 16.0.1.anything :)
(25 Aug '15, 13:51)
Breck Carter
Replies hidden
1
12.0.1.4301 does not contain such a CR fix (or at least it is not contained in the EBF readme), and the binaries are from 2015-07-31, so this seems to be a newer fix and 12.0.1.4310 seems reasonable. FWIW, the according CR note lists an empty entry in the (old) Sybase CR system - in my experience, these entries are still used/filled generally.
(25 Aug '15, 15:54)
Volker Barth
Makes sense... so the reference to 16.0.1 is just a typo and not a sign of deeper confusion :) Don't you wish that all references to future build numbers would come with a disclaimer to that effect? i.e. "don't bother to go hunting for 12.0.1.4310 because it ain't there yet". ...ah, heck, we're just steenking end users, our time don't mean nuthin :)
(25 Aug '15, 16:23)
Breck Carter
For EBF 25376: 16.0 SP42 Build 2178 13.10.2015 - OK (No memory leaks)
(20 Oct '15, 07:50)
Ilia63
Replies hidden
So feel free to accept your answer as "accepted":)
(20 Oct '15, 08:07)
Volker Barth
FWIW, 12.0.1.4314 for Windows x86 has been released on 2015-10-23:)
(26 Oct '15, 03:47)
Volker Barth
For EBF 25390: 12.0.1 SP95 Build 4314 23.10.2015 - OK: No memory leaks :)
(26 Oct '15, 04:29)
Ilia63
|
I don't recognize this pattern myself. If this information does not help do open up a support call to help drill into this deeper. One factor to be aware of is that the encryption libraries changed from Certicom to OpenSSL between those builds. So, this issue could be related to the conditions on that machine in relationship with the latter library. But it is hard to ascribe that assertion to this scenario. Is this constant error for all connection attempts? Intermittent? Just rare? FWIW If this turns out to be just an issue with encrypted connections, you should be able to run unencrypted or with just simple encryption until this is resolved. The assertion itself is not so much a leak but related to address map allocation. It is related to an attempt access a large contiguous block of addresses (which itself makes less sense). How that is being caused by a new connection attempt is not so clear. Given it is a TLS handshake error, we do sometimes see a few issues with stale/incompatible certificates that Certicom would pass but no longer fly with OpenSSL. I would look there next myself; starting with the newer ViewCert utilty. A number of older certificates that used to just work with Certicom are not current/compliant enough to work with OpenSSL. Look for some of the changes introduced Strong encryption in FIPS, TLS, and HTTPS now achieved using OpenSSL as well as the KBA on a known pattern "TLS handshake failure" or "Server certificate not trusted" Best of luck answered 30 Jul '15, 12:26 Nick Elson S... Error occurs approximately once a day.
From the point of view of ASA12 error is as follows:
(30 Jul '15, 13:01)
Ilia63
Use certificate chain:
Do you need more information? Best regards
(30 Jul '15, 13:03)
Ilia63
I would like to clarify once again: Error occurs approximately once a day.
(31 Jul '15, 08:31)
Ilia63
To test the hypothesis about memory leaks I use Resource Monitor.
(13 Aug '15, 12:14)
Ilia63
|
I guess there is always a chance you are hitting a vulnerability CVE-2015-0205 According to the OpenSSL site "... A memory leak can occur in . . . under certain conditions. . . . The memory leak could be exploited by an attacker in a Denial of Service attack through memory exhaustion. ... " •Fixed in OpenSSL 1.0.1k We started shipping EBFs / SPs with OpenSSL 1.0.1k (or higher) for Windows as of EBF#4183 / SP82; so you should retest with one of those. I don't believe you have described a vulnerability to this ... but I am also uncertain if your -xs logging would show such a denial of service attack if you are exposed to that possibility. ... but again ... if this does not help we would need to reproduce this happening answered 18 Aug '15, 21:20 Nick Elson S... |