Page MenuHomePhabricator
Create Task
Maniphest T384197

Memory exhausted when $wgBlockDisablesLogin=true
Closed, ResolvedPublicBUG REPORT
Actions

Description

What is the problem?

If I have GlobalBlocking installed, $wgBlockDisablesLogin = true and I am logged in as a locally unblocked user, if I load any page on my wiki it will time out with an exception of the form (the PHP file isn't always the same):

PHP Fatal Error from line 190 of /var/www/html/w/includes/Permissions/GroupPermissionsLookup.php: Allowed memory size of 134217728 bytes exhausted (tried to allocate 12288 bytes)

In the web logs I see thousands of the same line repeated:

...
[BlockManager] Block cache miss with key BlockCacheKey{request=none,user=#1051,replica}
[rdbms] Wikimedia\Rdbms\LoadBalancer::reuseOrOpenConnectionForNewRef: reusing connection for 0/enwiki
[rdbms] MediaWiki\Block\DatabaseBlockStore::newLoad [0.315ms] mariadb-main: SELECT  bl_id,bt_address,bt_user,bt_user_text,bl_timestamp,bt_auto,bl_anon_only,bl_create_account,bl_enable_autoblock,bl_expiry,bl_deleted,bl_block_email,bl_allow_usertalk,bl_parent_block_id,bl_sitewide,bl_by_actor,block_by_actor.actor_user AS `bl_by`,block_by_actor.actor_name AS `bl_by_text`,comment_bl_reason.comment_text AS `bl_reason_text`,comment_bl_reason.comment_data AS `bl_reason_data`,comment_bl_reason.comment_id AS `bl_reason_cid`  FROM `block` JOIN `block_target` ON ((bt_id=bl_target)) JOIN `actor` `block_by_actor` ON ((actor_id=bl_by_actor)) JOIN `comment` `comment_bl_reason` ON ((comment_bl_reason.comment_id = bl_reason_id))   WHERE ((bt_user = 15233))  
[BlockManager] Block cache miss with key BlockCacheKey{request=none,user=#1051,replica}
[rdbms] Wikimedia\Rdbms\LoadBalancer::reuseOrOpenConnectionForNewRef: reusing connection for 0/enwiki
[rdbms] MediaWiki\Block\DatabaseBlockStore::newLoad [0.289ms] mariadb-main: SELECT  bl_id,bt_address,bt_user,bt_user_text,bl_timestamp,bt_auto,bl_anon_only,bl_create_account,bl_enable_autoblock,bl_expiry,bl_deleted,bl_block_email,bl_allow_usertalk,bl_parent_block_id,bl_sitewide,bl_by_actor,block_by_actor.actor_user AS `bl_by`,block_by_actor.actor_name AS `bl_by_text`,comment_bl_reason.comment_text AS `bl_reason_text`,comment_bl_reason.comment_data AS `bl_reason_data`,comment_bl_reason.comment_id AS `bl_reason_cid`  FROM `block` JOIN `block_target` ON ((bt_id=bl_target)) JOIN `actor` `block_by_actor` ON ((actor_id=bl_by_actor)) JOIN `comment` `comment_bl_reason` ON ((comment_bl_reason.comment_id = bl_reason_id))   WHERE ((bt_user = 15233))  
...

It seemed to start happening after https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GlobalBlocking/+/1005621 change for T358155.

I have reproduced it on:

  • a CentralAuth connected local docker environment with MariaDB
  • a completely new local docker development environment with SQLite3, only GlobalBlocking installed and no blocks
Steps to reproduce problem
  1. On a wiki with GlobalBlocking installed and $wgBlockDisablesLogin = true;
  2. Login as a user who is not locally blocked (whether they are globally blocked does not seem to matter)

Expected behaviour: You login successfully and the page loads
Observed behaviour: It times out

Environment

Wiki(s): local docker MediaWiki 1.44.0-alpha (891bce1) 08:15, 20 January 2025. GlobalBlocking – (f06f561) 07:23, 20 January 2025.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
permissions: Avoid potential infinite loop if BlockDisablesLogin = truemediawiki/coreREL1_43+75 -0
permissions: Avoid potential infinite loop if BlockDisablesLogin = truemediawiki/coreREL1_42+75 -0
permissions: Avoid potential infinite loop if BlockDisablesLogin = truemediawiki/coremaster+75 -0
Customize query in gerrit

Related Objects

Event Timeline

dom_walden created this task.Jan 20 2025, 11:09 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 20 2025, 11:09 AM
Dreamy_Jazz added a project: Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).Feb 28 2025, 6:16 PM
Dreamy_Jazz subscribed.EditedFeb 28 2025, 6:28 PM

Found the cause:

  1. A call to BlockManager::getBlock is made
  2. This runs the GetUserBlock hook
  3. This calls the GlobalBlocking implementation of the hook
  4. This leads to a call to GlobalBlockLookup::getUserBlock
  5. Then, to a private helper method , which calls Authority::isAllowedAny
  6. When this is a UserAuthority instance, this calls PermissionManager::userHasAnyRight
  7. Which then calls PermissionManager::getUserPermissions
  8. When $wgBlockDisablesLogin = true;, this causes a check to be made if the user is currently blocked
  9. Which then calls BlockManager::getBlock

We should be able to break the loop somewhere in GlobalBlockLookup, in a similar way to how it is done in core.

Dreamy_Jazz added a comment.Feb 28 2025, 6:41 PM

To support this we need to:

  1. Update GetUserBlock to pass the $request passed to BlockManager::getBlock to handlers of the hook
  2. Update GlobalBlockLookup::getUserBlock to accept the $request and pass it through
  3. Update the private helper method ::getUserBlockDetails to accept the $request and if it is null then do not call Authority::isAllowed

Per the docs for BlockManager::getBlock, the $request would be null if the user has IP block exempt or IP blocks are not being checked.

mszabo changed the task status from Open to In Progress.Mar 5 2025, 11:47 AM
mszabo claimed this task.
mszabo triaged this task as Medium priority.
mszabo edited projects, added Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)); removed Trust and Safety Product Sprint (Sprint Chocolate Cake (March 24 - April 11)).
gerritbot added a comment.Mar 5 2025, 11:47 AM

Change #1124753 had a related patch set uploaded (by Máté Szabó; author: Máté Szabó):

[mediawiki/core@master] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1124753

gerritbot added a project: Patch-For-Review.Mar 5 2025, 11:47 AM
mszabo moved this task from Priority Backlog to Needs Review on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.Mar 5 2025, 11:48 AM
gerritbot added a comment.Mar 5 2025, 12:26 PM

Change #1124753 merged by jenkins-bot:

[mediawiki/core@master] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1124753

Maintenance_bot removed a project: Patch-For-Review.Mar 5 2025, 12:31 PM
mszabo moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.Mar 5 2025, 12:43 PM
ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.20; 2025-03-11).Mar 5 2025, 1:00 PM
gerritbot added a comment.Mar 13 2025, 12:43 AM

Change #1127179 had a related patch set uploaded (by Reedy; author: Máté Szabó):

[mediawiki/core@REL1_43] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1127179

gerritbot added a project: Patch-For-Review.Mar 13 2025, 12:43 AM
gerritbot added a comment.Mar 13 2025, 12:46 AM

Change #1127180 had a related patch set uploaded (by Reedy; author: Máté Szabó):

[mediawiki/core@REL1_42] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1127180

Reedy added projects: MW-1.42-release, MW-1.43-release.Mar 13 2025, 12:47 AM
Bugreporter added a project: Vuln-DoS.Mar 13 2025, 12:49 AM
gerritbot added a comment.Mar 13 2025, 1:01 AM

Change #1127180 merged by jenkins-bot:

[mediawiki/core@REL1_42] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1127180

gerritbot added a comment.Mar 13 2025, 1:03 AM

Change #1127179 merged by jenkins-bot:

[mediawiki/core@REL1_43] permissions: Avoid potential infinite loop if BlockDisablesLogin = true

https://gerrit.wikimedia.org/r/1127179

Maintenance_bot removed a project: Patch-For-Review.Mar 13 2025, 1:31 AM
ReleaseTaggerBot added projects: MW-1.43-notes, MW-1.42-notes.Mar 13 2025, 2:00 AM
Djackson-ctr moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Lemon Meringue (March 3 - 21)) board.Mar 13 2025, 6:32 AM
Djackson-ctr subscribed.

QA is completed, I have verified the new code has been implemented and is functioning as expected (With GlobalBlocking extension installed, and using the LocalSettings.php configuration setting $wgBlockDisablesLogin = true, all pages that are accessed by the blocked-but-not-locally-blocked user will now load successfully without timing-out).

Reedy closed this task as Resolved.Mar 19 2025, 12:53 AM
matmarex mentioned this in T218608: OAuth doesn't work when $wgBlockDisablesLogin is true.Apr 14 2026, 5:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits