mpm_common.c revision 836d6aa72d33f9bfc8e277577824d4103fc10173
2N/A/* ====================================================================
2N/A * The Apache Software License, Version 1.1
2N/A *
2N/A * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
2N/A * reserved.
2N/A *
2N/A * Redistribution and use in source and binary forms, with or without
2N/A * modification, are permitted provided that the following conditions
2N/A * are met:
2N/A *
2N/A * 1. Redistributions of source code must retain the above copyright
2N/A * notice, this list of conditions and the following disclaimer.
2N/A *
2N/A * 2. Redistributions in binary form must reproduce the above copyright
2N/A * notice, this list of conditions and the following disclaimer in
2N/A * the documentation and/or other materials provided with the
2N/A * distribution.
2N/A *
2N/A * 3. The end-user documentation included with the redistribution,
2N/A * if any, must include the following acknowledgment:
59N/A * "This product includes software developed by the
2N/A * Apache Software Foundation (http://www.apache.org/)."
2N/A * Alternately, this acknowledgment may appear in the software itself,
2N/A * if and wherever such third-party acknowledgments normally appear.
2N/A *
2N/A * 4. The names "Apache" and "Apache Software Foundation" must
2N/A * not be used to endorse or promote products derived from this
2N/A * software without prior written permission. For written
2N/A * permission, please contact apache@apache.org.
2N/A *
2N/A * 5. Products derived from this software may not be called "Apache",
59N/A * nor may "Apache" appear in their name, without prior written
59N/A * permission of the Apache Software Foundation.
2N/A *
2N/A * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
2N/A * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
2N/A * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
26N/A * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
26N/A * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
2N/A * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26N/A * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
38N/A * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
181N/A * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
26N/A * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
26N/A * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26N/A * SUCH DAMAGE.
26N/A * ====================================================================
26N/A *
26N/A * This software consists of voluntary contributions made by many
26N/A * individuals on behalf of the Apache Software Foundation. For more
26N/A * information on the Apache Software Foundation, please see
26N/A * <http://www.apache.org/>.
26N/A *
26N/A * Portions of this software are based upon public domain software
26N/A * originally written at the National Center for Supercomputing Applications,
151N/A * University of Illinois, Urbana-Champaign.
206N/A */
26N/A
26N/A/* The purpose of this file is to store the code that MOST mpm's will need
26N/A * this does not mean a function only goes into this file if every MPM needs
26N/A * it. It means that if a function is needed by more than one MPM, and
26N/A * future maintenance would be served by making the code common, then the
26N/A * function belongs here.
26N/A *
2N/A * This is going in src/main because it is not platform specific, it is
26N/A * specific to multi-process servers, but NOT to Unix. Which is why it
26N/A * does not belong in src/os/unix
26N/A */
26N/A
26N/A#include "apr.h"
26N/A#include "apr_thread_proc.h"
26N/A#include "apr_signal.h"
26N/A#include "apr_strings.h"
26N/A#include "apr_lock.h"
93N/A#define APR_WANT_STRFUNC
166N/A#include "apr_want.h"
26N/A
2N/A#include "httpd.h"
26N/A#include "http_config.h"
26N/A#include "http_log.h"
181N/A#include "http_main.h"
181N/A#include "mpm.h"
181N/A#include "mpm_common.h"
99N/A#include "ap_mpm.h"
59N/A#include "ap_listen.h"
12N/A#include "mpm_default.h"
30N/A
26N/A#ifdef AP_MPM_WANT_SET_SCOREBOARD
26N/A#include "scoreboard.h"
26N/A#endif
2N/A
26N/A#ifdef HAVE_PWD_H
185N/A#include <pwd.h>
185N/A#endif
185N/A#ifdef HAVE_GRP_H
2N/A#include <grp.h>
7N/A#endif
145N/A
7N/A#ifdef AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
26N/Avoid ap_reclaim_child_processes(int terminate)
26N/A{
38N/A int i;
26N/A long int waittime = 1024 * 16; /* in usecs */
197N/A apr_status_t waitret;
197N/A int tries;
197N/A int not_dead_yet;
197N/A int max_daemons;
197N/A
26N/A ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
30N/A MPM_SYNC_CHILD_TABLE();
26N/A
46N/A for (tries = terminate ? 4 : 1; tries <= 9; ++tries) {
46N/A /* don't want to hold up progress any more than
46N/A * necessary, but we need to allow children a few moments to exit.
64N/A * Set delay with an exponential backoff.
64N/A */
26N/A apr_sleep(waittime);
46N/A waittime = waittime * 4;
46N/A
46N/A /* now see who is done */
2N/A not_dead_yet = 0;
46N/A for (i = 0; i < max_daemons; ++i) {
53N/A pid_t pid = MPM_CHILD_PID(i);
53N/A apr_proc_t proc;
46N/A
46N/A if (pid == 0)
26N/A continue;
181N/A
181N/A proc.pid = pid;
181N/A waitret = apr_proc_wait(&proc, NULL, NULL, APR_NOWAIT);
181N/A if (waitret != APR_CHILD_NOTDONE) {
181N/A MPM_NOTE_CHILD_KILLED(i);
181N/A continue;
181N/A }
181N/A
76N/A ++not_dead_yet;
99N/A switch (tries) {
181N/A case 1: /* 16ms */
99N/A case 2: /* 82ms */
26N/A case 3: /* 344ms */
185N/A case 4: /* 16ms */
185N/A break;
185N/A
145N/A case 5: /* 82ms */
145N/A case 6: /* 344ms */
145N/A case 7: /* 1.4sec */
145N/A /* ok, now it's being annoying */
145N/A ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING,
117N/A 0, ap_server_conf,
84N/A "child process %ld still did not exit, "
145N/A "sending a SIGTERM",
145N/A (long)pid);
145N/A kill(pid, SIGTERM);
38N/A break;
46N/A
99N/A case 8: /* 6 sec */
99N/A /* die child scum */
196N/A ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
185N/A 0, ap_server_conf,
99N/A "child process %ld still did not exit, "
46N/A "sending a SIGKILL",
2N/A (long)pid);
145N/A#ifndef BEOS
26N/A kill(pid, SIGKILL);
2N/A#else
32N/A /* sending a SIGKILL kills the entire team on BeOS, and as
32N/A * httpd thread is part of that team it removes any chance
32N/A * of ever doing a restart. To counter this I'm changing to
32N/A * use a kinder, gentler way of killing a specific thread
32N/A * that is just as effective.
32N/A */
32N/A kill_thread(pid);
32N/A#endif
32N/A break;
32N/A
38N/A case 9: /* 14 sec */
38N/A /* gave it our best shot, but alas... If this really
38N/A * is a child we are trying to kill and it really hasn't
38N/A * exited, we will likely fail to bind to the port
38N/A * after the restart.
38N/A */
38N/A ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
38N/A 0, ap_server_conf,
38N/A "could not make child process %ld exit, "
38N/A "attempting to continue anyway",
145N/A (long)pid);
38N/A break;
38N/A }
26N/A }
26N/A
26N/A#if APR_HAS_OTHER_CHILD
26N/A apr_proc_other_child_check();
26N/A#endif
26N/A
26N/A if (!not_dead_yet) {
26N/A /* nothing left to wait for */
26N/A break;
32N/A }
32N/A }
32N/A}
32N/A#endif /* AP_MPM_WANT_RECLAIM_CHILD_PROCESSES */
32N/A
32N/A#ifdef AP_MPM_WANT_WAIT_OR_TIMEOUT
32N/A
32N/A/* number of calls to wait_or_timeout between writable probes */
38N/A#ifndef INTERVAL_OF_WRITABLE_PROBES
38N/A#define INTERVAL_OF_WRITABLE_PROBES 10
38N/A#endif
32N/Astatic int wait_or_timeout_counter;
void ap_wait_or_timeout(apr_exit_why_e *status, int *exitcode, apr_proc_t *ret,
apr_pool_t *p)
{
apr_status_t rv;
++wait_or_timeout_counter;
if (wait_or_timeout_counter == INTERVAL_OF_WRITABLE_PROBES) {
wait_or_timeout_counter = 0;
}
rv = apr_proc_wait_all_procs(ret, exitcode, status, APR_NOWAIT, p);
if (APR_STATUS_IS_EINTR(rv)) {
ret->pid = -1;
return;
}
if (APR_STATUS_IS_CHILD_DONE(rv)) {
return;
}
#ifdef NEED_WAITPID
if ((ret = reap_children(exitcode, status)) > 0) {
return;
}
#endif
apr_sleep(SCOREBOARD_MAINTENANCE_INTERVAL);
ret->pid = -1;
return;
}
#endif /* AP_MPM_WANT_WAIT_OR_TIMEOUT */
#ifdef AP_MPM_WANT_PROCESS_CHILD_STATUS
int ap_process_child_status(apr_proc_t *pid, apr_exit_why_e why, int status)
{
int signum = status;
const char *sigdesc = apr_signal_get_description(signum);
/* Child died... if it died due to a fatal error,
* we should simply bail out. The caller needs to
* check for bad rc from us and exit, running any
* appropriate cleanups.
*
* If the child died due to a resource shortage,
* the parent should limit the rate of forking
*/
if (APR_PROC_CHECK_EXIT(why)) {
if (status == APEXIT_CHILDSICK) {
return status;
}
if (status == APEXIT_CHILDFATAL) {
ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO,
0, ap_server_conf,
"Child %" APR_PID_T_FMT
" returned a Fatal error..." APR_EOL_STR
"Apache is exiting!",
pid->pid);
return APEXIT_CHILDFATAL;
}
return 0;
}
if (APR_PROC_CHECK_SIGNALED(why)) {
switch (signum) {
case SIGTERM:
case SIGHUP:
case AP_SIG_GRACEFUL:
case SIGKILL:
break;
default:
if (APR_PROC_CHECK_CORE_DUMP(why)) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
0, ap_server_conf,
"child pid %ld exit signal %s (%d), "
"possible coredump in %s",
(long)pid->pid, sigdesc, signum,
ap_coredump_dir);
}
else {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_NOTICE,
0, ap_server_conf,
"child pid %ld exit signal %s (%d)",
(long)pid->pid, sigdesc, signum);
}
}
}
return 0;
}
#endif /* AP_MPM_WANT_PROCESS_CHILD_STATUS */
#if defined(TCP_NODELAY) && !defined(MPE) && !defined(TPF) && !defined(WIN32)
void ap_sock_disable_nagle(apr_socket_t *s)
{
/* The Nagle algorithm says that we should delay sending partial
* packets in hopes of getting more data. We don't want to do
* this; we are not telnet. There are bad interactions between
* persistent connections and Nagle's algorithm that have very severe
* performance penalties. (Failing to disable Nagle is not much of a
* problem with simple HTTP.)
*
* In spite of these problems, failure here is not a shooting offense.
*/
apr_status_t status = apr_setsocketopt(s, APR_TCP_NODELAY, 1);
if (status != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, status, ap_server_conf,
"setsockopt: (TCP_NODELAY)");
}
}
#endif
#ifdef HAVE_GETPWNAM
AP_DECLARE(uid_t) ap_uname2id(const char *name)
{
struct passwd *ent;
if (name[0] == '#')
return (atoi(&name[1]));
if (!(ent = getpwnam(name))) {
ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, NULL,
"%s: bad user name %s", ap_server_argv0, name);
exit(1);
}
return (ent->pw_uid);
}
#endif
#ifdef HAVE_GETGRNAM
AP_DECLARE(gid_t) ap_gname2id(const char *name)
{
struct group *ent;
if (name[0] == '#')
return (atoi(&name[1]));
if (!(ent = getgrnam(name))) {
ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_NOERRNO, 0, NULL,
"%s: bad group name %s", ap_server_argv0, name);
exit(1);
}
return (ent->gr_gid);
}
#endif
#ifndef HAVE_INITGROUPS
int initgroups(const char *name, gid_t basegid)
{
#if defined(QNX) || defined(MPE) || defined(BEOS) || defined(_OSD_POSIX) || defined(TPF) || defined(__TANDEM) || defined(OS2) || defined(WIN32) || defined(NETWARE)
/* QNX, MPE and BeOS do not appear to support supplementary groups. */
return 0;
#else /* ndef QNX */
gid_t groups[NGROUPS_MAX];
struct group *g;
int index = 0;
setgrent();
groups[index++] = basegid;
while (index < NGROUPS_MAX && ((g = getgrent()) != NULL)) {
if (g->gr_gid != basegid) {
char **names;
for (names = g->gr_mem; *names != NULL; ++names) {
if (!strcmp(*names, name))
groups[index++] = g->gr_gid;
}
}
}
endgrent();
return setgroups(index, groups);
#endif /* def QNX */
}
#endif /* def NEED_INITGROUPS */
#ifdef AP_MPM_USES_POD
AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
{
apr_status_t rv;
*pod = apr_palloc(p, sizeof(**pod));
rv = apr_file_pipe_create(&((*pod)->pod_in), &((*pod)->pod_out), p);
if (rv != APR_SUCCESS) {
return rv;
}
apr_file_pipe_timeout_set((*pod)->pod_in, 0);
(*pod)->p = p;
apr_sockaddr_info_get(&(*pod)->sa, ap_listeners->bind_addr->hostname,
APR_UNSPEC, ap_listeners->bind_addr->port, 0, p);
return APR_SUCCESS;
}
AP_DECLARE(apr_status_t) ap_mpm_pod_check(ap_pod_t *pod)
{
char c;
apr_size_t len = 1;
apr_status_t rv;
rv = apr_file_read(pod->pod_in, &c, &len);
if ((rv == APR_SUCCESS) && (len == 1)) {
return APR_SUCCESS;
}
if (rv != APR_SUCCESS) {
return rv;
}
return AP_NORESTART;
}
AP_DECLARE(apr_status_t) ap_mpm_pod_close(ap_pod_t *pod)
{
apr_status_t rv;
rv = apr_file_close(pod->pod_out);
if (rv != APR_SUCCESS) {
return rv;
}
rv = apr_file_close(pod->pod_in);
if (rv != APR_SUCCESS) {
return rv;
}
return APR_SUCCESS;
}
static apr_status_t pod_signal_internal(ap_pod_t *pod)
{
apr_status_t rv;
char char_of_death = '!';
apr_size_t one = 1;
rv = apr_file_write(pod->pod_out, &char_of_death, &one);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"write pipe_of_death");
}
return rv;
}
/* This function connects to the server, then immediately closes the connection.
* This permits the MPM to skip the poll when there is only one listening
* socket, because it provides a alternate way to unblock an accept() when
* the pod is used.
*/
static apr_status_t dummy_connection(ap_pod_t *pod)
{
apr_status_t rv;
apr_socket_t *sock;
apr_pool_t *p;
/* create a temporary pool for the socket. pconf stays around too long */
rv = apr_pool_create(&p, pod->p);
if (rv != APR_SUCCESS) {
return rv;
}
rv = apr_socket_create(&sock, pod->sa->family, SOCK_STREAM, p);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"get socket to connect to listener");
return rv;
}
/* on some platforms (e.g., FreeBSD), the kernel won't accept many
* queued connections before it starts blocking local connects...
* we need to keep from blocking too long and instead return an error,
* because the MPM won't want to hold up a graceful restart for a
* long time
*/
rv = apr_setsocketopt(sock, APR_SO_TIMEOUT, 3 * APR_USEC_PER_SEC);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
"set timeout on socket to connect to listener");
apr_socket_close(sock);
return rv;
}
rv = apr_connect(sock, pod->sa);
if (rv != APR_SUCCESS) {
int log_level = APLOG_WARNING;
if (APR_STATUS_IS_TIMEUP(rv)) {
/* probably some server processes bailed out already and there
* is nobody around to call accept and clear out the kernel
* connection queue; usually this is not worth logging
*/
log_level = APLOG_DEBUG;
}
ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
"connect to listener");
}
apr_socket_close(sock);
apr_pool_destroy(p);
return rv;
}
AP_DECLARE(apr_status_t) ap_mpm_pod_signal(ap_pod_t *pod)
{
apr_status_t rv;
rv = pod_signal_internal(pod);
if (rv != APR_SUCCESS) {
return rv;
}
return dummy_connection(pod);
}
void ap_mpm_pod_killpg(ap_pod_t *pod, int num)
{
int i;
apr_status_t rv = APR_SUCCESS;
/* we don't write anything to the pod here... we assume
* that the would-be reader of the pod has another way to
* see that it is time to die once we wake it up
*
* writing lots of things to the pod at once is very
* problematic... we can fill the kernel pipe buffer and
* be blocked until somebody consumes some bytes or
* we hit a timeout... if we hit a timeout we can't just
* keep trying because maybe we'll never successfully
* write again... but then maybe we'll leave would-be
* readers stranded (a number of them could be tied up for
* a while serving time-consuming requests)
*/
for (i = 0; i < num && rv == APR_SUCCESS; i++) {
rv = dummy_connection(pod);
}
}
#endif /* #ifdef AP_MPM_USES_POD */
/* standard mpm configuration handling */
#ifdef AP_MPM_WANT_SET_PIDFILE
const char *ap_pid_fname = NULL;
const char *ap_mpm_set_pidfile(cmd_parms *cmd, void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
if (cmd->server->is_virtual) {
return "PidFile directive not allowed in <VirtualHost>";
}
ap_pid_fname = arg;
return NULL;
}
#endif
#ifdef AP_MPM_WANT_SET_SCOREBOARD
const char * ap_mpm_set_scoreboard(cmd_parms *cmd, void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
ap_scoreboard_fname = arg;
return NULL;
}
#endif
#ifdef AP_MPM_WANT_SET_LOCKFILE
const char *ap_lock_fname = NULL;
const char *ap_mpm_set_lockfile(cmd_parms *cmd, void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
ap_lock_fname = arg;
return NULL;
}
#endif
#ifdef AP_MPM_WANT_SET_MAX_REQUESTS
int ap_max_requests_per_child = 0;
const char *ap_mpm_set_max_requests(cmd_parms *cmd, void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
ap_max_requests_per_child = atoi(arg);
return NULL;
}
#endif
#ifdef AP_MPM_WANT_SET_COREDUMPDIR
char ap_coredump_dir[MAX_STRING_LEN];
const char *ap_mpm_set_coredumpdir(cmd_parms *cmd, void *dummy,
const char *arg)
{
apr_status_t rv;
apr_finfo_t finfo;
const char *fname;
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
fname = ap_server_root_relative(cmd->pool, arg);
if (!fname) {
return apr_pstrcat(cmd->pool, "Invalid CoreDumpDirectory path ",
arg, NULL);
}
if ((rv = apr_stat(&finfo, fname, APR_FINFO_TYPE, cmd->pool)) != APR_SUCCESS) {
return apr_pstrcat(cmd->pool, "CoreDumpDirectory ", fname,
" does not exist", NULL);
}
if (finfo.filetype != APR_DIR) {
return apr_pstrcat(cmd->pool, "CoreDumpDirectory ", fname,
" is not a directory", NULL);
}
apr_cpystrn(ap_coredump_dir, fname, sizeof(ap_coredump_dir));
return NULL;
}
#endif
#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
apr_lockmech_e ap_accept_lock_mech = APR_LOCK_DEFAULT;
const char ap_valid_accept_mutex_string[] =
"Valid accept mutexes for this platform and MPM are: default"
#if APR_HAS_FLOCK_SERIALIZE
", flock"
#endif
#if APR_HAS_FCNTL_SERIALIZE
", fcntl"
#endif
#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
", sysvsem"
#endif
#if APR_HAS_PROC_PTHREAD_SERIALIZE
", pthread"
#endif
".";
AP_DECLARE(const char *) ap_mpm_set_accept_lock_mech(cmd_parms *cmd,
void *dummy,
const char *arg)
{
const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
if (err != NULL) {
return err;
}
if (!strcasecmp(arg, "default")) {
ap_accept_lock_mech = APR_LOCK_DEFAULT;
}
#if APR_HAS_FLOCK_SERIALIZE
else if (!strcasecmp(arg, "flock")) {
ap_accept_lock_mech = APR_LOCK_FLOCK;
}
#endif
#if APR_HAS_FCNTL_SERIALIZE
else if (!strcasecmp(arg, "fcntl")) {
ap_accept_lock_mech = APR_LOCK_FCNTL;
}
#endif
/* perchild can't use SysV sems because the permissions on the accept
* mutex can't be set to allow all processes to use the mutex and
* at the same time keep all users from being able to dink with the
* mutex
*/
#if APR_HAS_SYSVSEM_SERIALIZE && !defined(PERCHILD_MPM)
else if (!strcasecmp(arg, "sysvsem")) {
ap_accept_lock_mech = APR_LOCK_SYSVSEM;
}
#endif
#if APR_HAS_PROC_PTHREAD_SERIALIZE
else if (!strcasecmp(arg, "pthread")) {
ap_accept_lock_mech = APR_LOCK_PROC_PTHREAD;
}
#endif
else {
return apr_pstrcat(cmd->pool, arg, " is an invalid mutex mechanism; ",
ap_valid_accept_mutex_string, NULL);
}
return NULL;
}
#endif