mpm_winnt.c revision 6d62bc22f8f22a43e66e2e4d8860a5a144316b1a
* We keep a hard maximum number of servers, for two reasons --- first off, * in case something goes seriously wrong, we want to stop the fork bomb * short of actually crashing the machine we're running on by filling some * kernel table. Secondly, it keeps the size of the scoreboard file small * enough that we can read the whole thing without worrying too much about /* scoreboard.c does the heavy lifting; all we do is create the child * score by moving a handle down the pipe into the child's stdin. /* Definitions of WINNT MPM specific config globals */ /* ap_my_generation are used by the scoreboard code */ /* Queue for managing the passing of COMP_CONTEXTs between * the accept and worker threads. /* Stub functions until this MPM supports the connection status API */ "WARNING: ThreadsPerChild of %d exceeds compile time" " lowering ThreadsPerChild to %d. To increase, please" " see the HARD_THREAD_LIMIT define in %s.",
"WARNING: Require ThreadsPerChild > 0, setting to 1");
"Number of threads each child creates" },
/* Recycle the completion context. * - clear the ptrans pool * - put the context on the queue to be consumed by the accept thread * context->accept_socket may be in a disconnected but reusable * state so -don't- close it. /* Grab a context off the queue */ /* If we failed to grab a context off the queue, alloc one out of * the child pool. There may be up to ap_threads_per_child contexts "Server ran out of threads to serve requests. Consider " "raising the ThreadsPerChild setting");
* Multiple failures in the next two steps will cause the pchild pool * to 'leak' storage. I don't think this is worth fixing... /* Hopefully this is a temporary condition ... */ "mpm_get_completion_context: CreateEvent failed.");
/* Create the tranaction pool */ "mpm_get_completion_context: Failed to create the transaction pool.");
/* This is the helper code to resolve late bound entry points * missing from one or more releases of the Win32 API... * but it sure would be nice if we didn't duplicate this code "kernel32",
"advapi32",
"mswsock",
"ws2_32" };
/* To share the semaphores with other processes, we need a NULL ACL * Code from MS KB Q106387 * The Win32 call WaitForMultipleObjects will only allow you to wait for * a maximum of MAXIMUM_WAIT_OBJECTS (current 64). Since the threading * model in the multithreaded version of apache wants to use this call, * we are restricted to a maximum of 64 threads. This is a simplistic * routine that will increase this size. * Signalling Apache on NT. * Under Unix, Apache can be told to shutdown or restart by sending various * signals (HUP, USR, TERM). On NT we don't have easy access to signals, so * we use "events" instead. The parent apache process goes into a loop * where it waits forever for a set of events. Two of those events are * (where PID is the PID of the apache parent process). When one of these * is signalled, the Apache parent performs the appropriate action. The events * can become signalled through internal Apache methods (e.g. if the child * finds a fatal error and needs to kill its parent), via the service * control manager (the control thread will signal the shutdown event when * requested to stop the Apache service), from the -k Apache command line, * or from any external program which finds the Apache PID from the * The signal_parent() function, below, is used to signal one of these events. * It can be called by any child or parent process, since it does not * rely on global variables. * On entry, type gives the event to signal. 0 means shutdown, 1 means * Initialise the signal names, in the global variables signal_name_prefix, * signal_restart_name and signal_shutdown_name. #
define MAX_SIGNAL_NAME 30 /* Long enough for apPID_shutdown, where PID is an int */ /* This MPM supports only graceful restarts right now */ /* This MPM supports only graceful restarts right now */ /* Um, problem, can't signal the parent, which means we can't * signal ourselves to die. Ignore for now... /* Same problem as above */ /* set_listeners_noninheritable() * Make the listening socket handles noninheritable by processes * started out of this process. "set_listeners_noninheritable: DuplicateHandle failed.");
/* A different approach. Many users report errors such as * (32538)An operation was attempted on something that is not * a socket. : Parent: WSADuplicateSocket failed... * This appears that the duplicated handle is no longer recognized * as a socket handle. SetHandleInformation should overcome that * problem by not altering the handle identifier. But this won't * work on 9x - it's unsupported. "set_listeners_noninheritable: SetHandleInformation failed.");
"Parent: Marked listeners as not inheritable.");
"Child %d: Marked listeners as not inheritable.",
my_pid);
* Only used by Win9* and should go away when the win9*_accept() function is * reimplemented using apr_poll(). "Child %d: Unable to retrieve the exit event from the parent",
my_pid);
"Child %d: Unable to retrieve the scoreboard from the parent",
my_pid);
"Child %d: Unable to access the scoreboard from the parent",
my_pid);
"Child %d: Unable to reopen the scoreboard from the parent",
my_pid);
/* We must 'initialize' the scoreboard to relink all the * process-local pointer arrays into the shared memory block. "Child %d: Retrieved our scoreboard from the parent.",
my_pid);
* get_listeners_from_parent() * The listen sockets are opened in the parent. This function, which runs * exclusively in the child process, receives them from the parent and * makes them availeble in the child. /* Set up a default listener if necessary */ /* Open the pipe to the parent process to receive the inherited socket * data. The sockets have been set to listening in the parent process. "setup_inherited_listeners: Unable to read socket data from parent");
"Child %d: setup_inherited_listeners(), WSASocket failed to open the inherited socket.",
my_pid);
"Child %d: retrieved %d listeners from parent",
my_pid,
lcnt);
/* Windows 9x specific code... * model. A single thread accepts connections and queues the accepted socket * to the accept queue for consumption by a pool of worker threads. * The accept threads runs this function, which accepts connections off * the network and calls add_job() to queue jobs to the accept_queue. * Add or remove an accepted socket from the list of sockets * connected to clients. allowed_globals.jobmutex protects * against multiple concurrent access to the linked list of jobs. * Calls remove_job() to pull a job from the accept queue. All the worker * threads block on remove_job. "Ouch! Out of memory in add_job()!");
/* A "real" error occurred, log it and increment the count of * select errors. This count is used to ensure we don't go into * a busy loop of continuous errors. "Too many errors in select loop. Child process exiting.");
/* fetch the native socket descriptor */ "accept: (client socket)");
/* allocate the completion context and the transaction pool */ /* Windows NT/2000 specific code... * model. An accept thread accepts connections off the network then issues * PostQueuedCompletionStatus() to awake a thread blocked on the ThreadDispatch * One or more accept threads run in this function, each of which accepts * connections off the network and calls PostQueuedCompletionStatus() to * queue an io completion packet to the ThreadDispatch IOCompletionPort. * Worker threads block on the ThreadDispatch IOCompletionPort awaiting * connections to service. /* Hopefully whatever is preventing us from getting a * completion context is a temporary resource constraint. * Yield the rest of our time slice. /* Create and initialize the accept socket */ /* Another temporary condition? */ "winnt_accept: Failed to allocate an accept socket. " "Temporary resource constraint? Try again.");
/* AcceptEx on the completion context. The completion context will be * signaled when a connection is accepted. /* Hack alert. Occasionally, TransmitFile will not recycle the * accept socket (usually when the client disconnects early). * Get a new socket and try the call again. "winnt_accept: AcceptEx failed due to early client " "disconnect. Reallocate the accept socket and try again.");
"winnt_accept: AcceptEx failed. Attempting to recover.");
/* Wait for pending i/o */ /* ### There is a race condition here. The mainline may hit * WSATerminate before this thread reawakens. Look First. /* Inherit the listen socket settings. Required for "setsockopt(SO_UPDATE_ACCEPT_CONTEXT) failed.");
/* Not a failure condition. Keep running. */ /* Get the local & remote address */ /* When a connection is received, send an io completion notification to * the ThreadDispatchIOCP. This function could be replaced by * mpm_post_completion_context(), but why do an extra function call... /* Yow, hit an irrecoverable error! Tell the child to die. */ "Child %d: GetQueuedComplationStatus returned %d",
my_pid,
rc);
* Main entry point for the worker threads. Worker threads block in * win*_get_connection() awaiting a connection to service. /* Grab a connection off the network */ /* Time for the thread to exit */ /* Have we hit MaxRequestPerChild connections? */ /* ap_run_create_connection closes the socket on failure */ "Child %d: Thread exiting.",
my_pid);
* Entry point for the main control thread for the child process. * This thread creates the accept thread, worker threads and * monitors the child process for maintenance and shutdown /* Start an accept thread per listener */ SOCKET nlsd;
/* native listening sock descriptor */ /* Initialize the child_events */ "Child %d: Failed to create a max_requests event.",
my_pid);
* Wait until we have permission to start accepting connections. * start_mutex is used to ensure that only one child ever "Child %d: Failed to acquire the start_mutex. Process will exit.",
my_pid);
"Child %d: Acquired the start mutex.",
my_pid);
* Create the worker thread dispatch IOCompletionPort /* Create the worker thread dispatch IOCP */ 0);
/* CONCURRENT ACTIVE THREADS */ * Create the pool of worker threads /* ToDo: Check for error */ "Child %d: _beginthreadex failed. Unable to create all worker threads. " "Created %d of the %d threads requested with the ThreadsPerChild configuration directive.",
/* Save the score board index in ht keyed to the thread handle. We need this * when cleaning up threads down below... /* Start the listener only when workers are available */ /* Check to see if the child has been told to exit */ /* wait for previous generation to clean up an entry in the scoreboard */ /* Wait for one of three events: * The exit_event is signaled by the parent process to notify * the child that it is time to exit. * max_requests_per_child_event: * This event is signaled by the worker threads to indicate that * the process has handled MaxRequestsPerChild connections. * To do periodic maintenance on the server (check for thread exits, * number of completion contexts, etc.) /* Something serious is wrong */ "Child %d: WAIT_FAILED -- shutting down server");
/* Exit event was signaled */ "Child %d: Exit event signaled. Child process is ending.",
my_pid);
/* MaxRequestsPerChild event set by the worker threads. * Signal the parent to restart "Child %d: Process exiting because it reached " "MaxRequestsPerChild. Signaling the parent to " "restart a new child process.",
my_pid);
* Time to shutdown the child process /* Setting is_graceful will cause keep-alive connections to be closed * rather than block on the next network read. /* Setting shutdown_in_progress prevents new connections from * being accepted but allows the worker threads to continue * handling connections that have already been accepted. /* Tell the worker threads they may exit when done handling /* Close the listening sockets. */ /* Release the start_mutex to let the new process (in the restart * scenario) a chance to begin accepting and servicing requests "Child %d: Released the start mutex",
my_pid);
"Child %d: Failure releasing the start mutex",
my_pid);
/* Shutdown the worker threads */ else {
/* Windows NT/2000 */ /* Post worker threads blocked on the ThreadDispatch IOCompletion port */ /* Empty the accept queue of completion contexts */ /* Give busy worker threads a chance to service their connections */ /* Kill remaining threads off the hard way */ "Child %d: Terminating %d threads that failed to exit.",
my_pid);
/* Reset the scoreboard entry for the thread we just whacked */ "Child %d: All worker threads have exited.",
my_pid);
"Parent: Unable to duplicate the exit event handle for the child");
"Parent: Unable to send the exit event handle to the child");
"Parent: Unable to retrieve the scoreboard handle for the child");
"Parent: Unable to duplicate the scoreboard handle to the child");
"Parent: Unable to send the scoreboard handle to the child");
"Parent: Sent the scoreboard to the child");
/* Run the chain of open sockets. For each socket, duplicate it * for the target process then send the WSAPROTOCOL_INFO * (returned by dup socket) to the child. "Parent: Duplicating socket %d and sending it to child process %d",
"Parent: WSADuplicateSocket failed for socket %d. Check the FAQ.",
lr->
sd );
"Parent: Unable to write duplicated socket %d to the child.",
lr->
sd );
/* Build the command line. Should look something like this: * First, get the path to the executable... "Parent: Path to Apache process too long");
"Parent: GetModuleFileName() returned NULL for current process.");
/* Build the command line */ /* Create a pipe to send socket info to the child */ "Parent: Unable to create pipe to child process.");
/* Make our end of the handle non-inherited */ "Parent: Unable to duplicate pipe to child.\n");
/* Open a null handle to soak info from the child */ "Parent: Unable to create null output pipe for child process.\n");
/* Child's initial stderr -> our main server error log (or, failing that, stderr) */ "Parent: Unable to share error log with child.\n");
"Parent: Failed to share error log with child.\n");
/* Create the child_exit_event */ "Parent: Could not create exit event for child process");
* Win32's CreateProcess call requires that the environment * be passed in an environment block, a null terminated block of * null terminated strings. /* Give the read end of the pipe (hPipeRead) to the child as stdin. The * parent will write the socket data to the child on this pipe. TRUE,
/* Inherit handles */ /* Undo everything created for the child alone /* Handles opened with GetStdHandle are psuedo handles * and should not be closed else bad things will happen. "Parent: Failed to create the child process.");
* This error is fatal, mop up the child and move on * We toggle the child's exit event to cause this child * to quit even as it is attempting to start. * Give the child process a chance to run before dup'ing the sockets. * We have already set the listening sockets noninheritable, but if * WSADuplicateSocket runs before the child process initializes * the listeners will be inherited anyway. * XXX: This is badness; needs some mutex interlocking * This error is fatal, mop up the child and move on * We toggle the child's exit event to cause this child * to quit even as it is attempting to start. /*********************************************************************** * master_main() runs in the parent process. It creates the child * process which handles HTTP requests then waits on one of three * The restart event causes master_main to start a new child process and * tells the old child process to exit (by setting the child_exit_event). * The restart event is set as a result of one of the following: * 1. An apache -k restart command on the command line * 2. A command received from Windows service manager which gets * translated into an ap_signal_parent(SIGNAL_PARENT_RESTART) * 3. The child process calling ap_signal_parent(SIGNAL_PARENT_RESTART) * as a result of hitting MaxRequestsPerChild. * The shutdown event causes master_main to tell the child process to * exit and that the server is shutting down. The shutdown event is * set as a result of one of the following: * 1. An apache -k shutdown command on the command line * 2. A command received from Windows service manager which gets * translated into an ap_signal_parent(SIGNAL_PARENT_SHUTDOWN) * The child process handle will be signaled if the child process * exits for any reason. In a normal running server, the signaling * of this event means that the child process has exited prematurely * due to a seg fault or other irrecoverable error. For server * robustness, master_main will restart the child process under this * master_main uses the child_exit_event to signal the child process **********************************************************************/ /* Create a single child process */ "master_main: create child process failed. Exiting.");
/* Update the scoreboard. Note that there is only a single active /* Wait for shutdown or restart events or for child death */ /* Something serious is wrong */ "master_main: WaitForMultipeObjects WAIT_FAILED -- doing server shutdown");
/* Hey, this cannot happen */ "master_main: WaitForMultipeObjects with INFINITE wait exited with WAIT_TIMEOUT");
/* shutdown_event signalled */ "Parent: Received shutdown signal -- Shutting down the server.");
"ResetEvent(shutdown_event)");
/* Received a restart event. Prepare the restart_event to be reused * then signal the child process to exit. "Parent: Received restart signal -- Restarting the server.");
"Parent: ResetEvent(restart_event) failed.");
"Parent: SetEvent for child process %d failed.",
/* Don't wait to verify that the child process really exits, * just move on with the restart. /* The child process exited prematurely due to a fatal error. */ /* HUH? We did exit, didn't we? */ "Parent: child process exited with status %u -- Aborting.",
exitcode);
"Parent: child process exited with status %u -- Restarting.",
exitcode);
int timeout =
30000;
/* Timeout is milliseconds */ /* This shutdown is only marginally graceful. We will give the * child a bit of time to exit gracefully. If the time expires, * the child will be wacked. /* Signal the child processes to exit */ "Parent: Child process exited successfully.");
return 0;
/* Tell the caller we do not want to restart */ return 1;
/* Tell the caller we want a restart */ /* service_nt_main_fn needs to append the StartService() args * outside of our call stack and thread as the service starts... /* Remember service_to_start failures to log and fail in pre_config. * Remember inst_argc and inst_argv for installing or starting the * service after we preflight the config. /* Handle the following SCM aspects in this phase: * -k runservice [transition for WinNT, nothing for Win9x] * -k (!)install [error out if name is not installed] * -k shutdown (same as -k stop). Maintained for backward compatability. * We can't leave this phase until we know our identity * and modify the command arguments appropriately. * We do not care if the .conf file exists or is parsable when * attempting to stop or uninstall a service. /* AP_PARENT_PID is only valid in the child */ /* The parent is responsible for providing the * COMPLETE ARGUMENTS REQUIRED to the child. * No further argument parsing is needed, but * for good measure we will provide a simple * signal string for later testing. /* This is the parent, we have a long way to go :-) */ /* Rewrite process->argv[]; * strip out -k signal into signal_arg * strip out -n servicename and set the names * add default -d serverroot from the path of this executable * The end result will look like: * The invocation command (%0) * The -d serverroot default from the running executable * The requested service's (-n) registry ConfigArgs * The WinNT SCM's StartService() args "Failed to get the path of Apache.exe");
/* WARNING: There is an implict assumption here that the * executable resides in ServerRoot or ServerRoot\bin /* Use process->pool so that the rewritten argv * lasts for the lifetime of the server process, * because pconf will be destroyed after the * initial pre-flight of the config parser. /* Fall through so the Apache main() handles the 'E' arg */ /* back up to capture the bad argument */ /* Track the number of args actually entered by the user */ /* Provide a default 'run' -k arg to simplify signal_arg tests */ /* Start the NT Service _NOW_ because the WinNT SCM is * expecting us to rapidly assume control of our own * process, the SCM will tell us our service name, and * may have extra StartService() command arguments to * Any other process has a console, so we don't to begin * a Win9x service until the configuration is parsed and * any command line errors are reported. * We hold the return value so that we can die in pre_config * after logging begins, and the failure can land in the log. /* Get the default for any -k option, except run */ /* Attempt to Uninstall, or stop, before * we can read the arguments or .conf files "Using ConfigArgs of the installed service " "No installed ConfigArgs for the service " /* Track the args actually entered by the user. * These will be used for the -k install parameters, as well as * for the -k start service override arguments. /* Handle the following SCM aspects in this phase: * -k runservice [WinNT errors logged from rewrite_args] "%s: Unable to start the service manager.",
/* Initialize shared static objects. /* Handle the following SCM aspects in this phase: * -k runservice [Win95, only once - after we parsed the config] * because all of these signals are useful _only_ if there * is a valid conf\httpd.conf environment to start. * We reached this phase by avoiding errors that would cause * these options to fail unexpectedly in another process. /* Close the listening sockets. */ /* This code should be run once in the parent and not run /* Create shutdown event, apPID_shutdown, where PID is the parent * Apache process ID. Shutdown is signaled by 'apache -k shutdown'. /* Create restart event, apPID_restart, where PID is the parent * Apache process ID. Restart is signaled by 'apache -k restart'. /* Now that we are flying at 15000 feet... * wipe out the Win95 service console, * signal the SCM the WinNT service started, or * if not a service, setup console handlers instead. "%s: Unable to start the service manager.",
else /* ! -k runservice */ /* Create the start mutex, apPID, where PID is the parent Apache process ID. * Ths start mutex is used during a restart to prevent more than one * child process from entering the accept loop at once. "%s: Unable to create the start_mutex.",
else /* parent_pid != my_pid */ /* This really should be a post_config hook, but the error log is already * redirected by that point, so we need to do this in the open_logs phase. /* We cannot initialize our listeners if we are restarting * (the parent process already has glomed on to them) * nor should we do so for service reconfiguration * (since the service may already be running.) NULL,
"no listening sockets available, shutting down");
/* This is a child process, not in single process mode */ /* Set up events and the scoreboard */ /* Set up the listeners */ /* Single process mode - this lock doesn't even need to exist */ /* Borrow the shutdown_even as our _child_ loop exit event */ "%s child %d: Unable to init the start_mutex.",
static int restart = 0;
/* Default is "not a restart" */ /* ### If non-graceful restarts are ever introduced - we need to rerun * the pre_mpm hook on subsequent non-graceful restarts. But Win32 * has only graceful style restarts - and we need this hook to act * the same on Win32 as on Unix. /* Set up the scoreboard. */ /* The child process or in one_process (debug) mode "Child %d: Child process is running",
my_pid);
"Child %d: Child process is exiting",
my_pid);
/* A real-honest to goodness parent */ /* Shutting down. Clean up... */ /* The prefork open_logs phase must run before the core's, or stderr * will be redirected to a file, and the messages won't print to the NULL,
/* create per-directory config structure */ NULL,
/* merge per-directory config structures */ NULL,
/* create per-server config structure */ NULL,
/* merge per-server config structures */