1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
59 /* The purpose of this MPM is to fix the design flaws in the threaded
60 * model. Because of the way that pthreads and mutex locks interact,
61 * it is basically impossible to cleanly gracefully shutdown a child
62 * process if multiple threads are all blocked in accept. This model
63 * fixes those problems.
67 #include "apr_portable.h"
68 #include "apr_strings.h"
69 #include "apr_file_io.h"
70 #include "apr_thread_proc.h"
71 #include "apr_signal.h"
72 #include "apr_thread_mutex.h"
73 #include "apr_proc_mutex.h"
75 #define APR_WANT_STRFUNC
81 #if APR_HAVE_SYS_SOCKET_H
82 #include <sys/socket.h>
84 #if APR_HAVE_SYS_WAIT_H
87 #ifdef HAVE_SYS_PROCESSOR_H
88 #include <sys/processor.h> /* for bindprocessor() */
92 #error The Worker MPM requires APR threads, but they are unavailable.
97 #include "ap_config.h"
99 #include "http_main.h"
100 #include "http_log.h"
101 #include "http_config.h" /* for read_config */
102 #include "http_core.h" /* for get_remote_host */
103 #include "http_connection.h"
106 #include "mpm_common.h"
107 #include "ap_listen.h"
108 #include "scoreboard.h"
110 #include "mpm_default.h"
113 #include <limits.h> /* for INT_MAX */
115 /* Limit on the total --- clients will be locked out if more servers than
116 * this are needed. It is intended solely to keep the server from crashing
117 * when things get out of hand.
119 * We keep a hard maximum number of servers, for two reasons --- first off,
120 * in case something goes seriously wrong, we want to stop the fork bomb
121 * short of actually crashing the machine we're running on by filling some
122 * kernel table. Secondly, it keeps the size of the scoreboard file small
123 * enough that we can read the whole thing without worrying too much about
126 #ifndef DEFAULT_SERVER_LIMIT
127 #define DEFAULT_SERVER_LIMIT 16
130 /* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT. We want
131 * some sort of compile-time limit to help catch typos.
133 #ifndef MAX_SERVER_LIMIT
134 #define MAX_SERVER_LIMIT 20000
137 /* Limit on the threads per process. Clients will be locked out if more than
138 * this * server_limit are needed.
140 * We keep this for one reason it keeps the size of the scoreboard file small
141 * enough that we can read the whole thing without worrying too much about
144 #ifndef DEFAULT_THREAD_LIMIT
145 #define DEFAULT_THREAD_LIMIT 64
148 /* Admin can't tune ThreadLimit beyond MAX_THREAD_LIMIT. We want
149 * some sort of compile-time limit to help catch typos.
151 #ifndef MAX_THREAD_LIMIT
152 #define MAX_THREAD_LIMIT 20000
156 * Actual definitions of config globals
159 int ap_threads_per_child = 0; /* Worker threads per child */
160 static int ap_daemons_to_start = 0;
161 static int min_spare_threads = 0;
162 static int max_spare_threads = 0;
163 static int ap_daemons_limit = 0;
164 static int server_limit = DEFAULT_SERVER_LIMIT;
165 static int first_server_limit;
166 static int thread_limit = DEFAULT_THREAD_LIMIT;
167 static int first_thread_limit;
168 static int changed_limit_at_restart;
169 static int dying = 0;
170 static int workers_may_exit = 0;
171 static int start_thread_may_exit = 0;
172 static int listener_may_exit = 0;
173 static int requests_this_child;
174 static int num_listensocks = 0;
175 static int resource_shortage = 0;
176 static fd_queue_t *worker_queue;
177 static fd_queue_info_t *worker_queue_info;
179 /* The structure used to pass unique initialization info to each thread */
186 /* Structure used to pass information to the thread responsible for
187 * creating the rest of the threads.
190 apr_thread_t **threads;
191 apr_thread_t *listener;
193 apr_threadattr_t *threadattr;
196 #define ID_FROM_CHILD_THREAD(c, t) ((c * thread_limit) + t)
199 * The max child slot ever assigned, preserved across restarts. Necessary
200 * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We
201 * use this value to optimize routines that have to scan the entire
204 int ap_max_daemons_limit = -1;
206 static ap_pod_t *pod;
208 /* *Non*-shared http_main globals... */
210 server_rec *ap_server_conf;
212 /* The worker MPM respects a couple of runtime flags that can aid
213 * in debugging. Setting the -DNO_DETACH flag will prevent the root process
214 * from detaching from its controlling terminal. Additionally, setting
215 * the -DONE_PROCESS flag (which implies -DNO_DETACH) will get you the
216 * child_main loop running in the process which originally started up.
217 * This gives you a pretty nice debugging environment. (You'll get a SIGHUP
218 * early in standalone_main; just continue through. This is the server
219 * trying to kill off any child processes which it might have lying
220 * around --- Apache doesn't keep track of their pids, it just sends
221 * SIGHUP to the process group, ignoring it in the root process.
222 * Continue through and you'll be fine.).
225 static int one_process = 0;
228 int raise_sigstop_flags;
231 static apr_pool_t *pconf; /* Pool for config stuff */
232 static apr_pool_t *pchild; /* Pool for httpd child stuff */
234 static pid_t ap_my_pid; /* Linux getpid() doesn't work except in main
235 thread. Use this instead */
236 static pid_t parent_pid;
237 static apr_os_thread_t *listener_os_thread;
239 /* Locks for accept serialization */
240 static apr_proc_mutex_t *accept_mutex;
242 #ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT
243 #define SAFE_ACCEPT(stmt) (ap_listeners->next ? (stmt) : APR_SUCCESS)
245 #define SAFE_ACCEPT(stmt) (stmt)
248 /* The LISTENER_SIGNAL signal will be sent from the main thread to the
249 * listener thread to wake it up for graceful termination (what a child
250 * process from an old generation does when the admin does "apachectl
251 * graceful"). This signal will be blocked in all threads of a child
252 * process except for the listener thread.
254 #define LISTENER_SIGNAL SIGHUP
256 /* An array of socket descriptors in use by each thread used to
257 * perform a non-graceful (forced) shutdown of the server. */
258 static apr_socket_t **worker_sockets;
260 static void close_worker_sockets(void)
263 for (i = 0; i < ap_threads_per_child; i++) {
264 if (worker_sockets[i]) {
265 apr_socket_close(worker_sockets[i]);
266 worker_sockets[i] = NULL;
271 static void wakeup_listener(void)
273 listener_may_exit = 1;
274 if (!listener_os_thread) {
275 /* XXX there is an obscure path that this doesn't handle perfectly:
276 * right after listener thread is created but before
277 * listener_os_thread is set, the first worker thread hits an
278 * error and starts graceful termination
283 * we should just be able to "kill(ap_my_pid, LISTENER_SIGNAL)" on all
284 * platforms and wake up the listener thread since it is the only thread
285 * with SIGHUP unblocked, but that doesn't work on Linux
287 #ifdef HAVE_PTHREAD_KILL
288 pthread_kill(*listener_os_thread, LISTENER_SIGNAL);
290 kill(ap_my_pid, LISTENER_SIGNAL);
295 #define ST_GRACEFUL 1
296 #define ST_UNGRACEFUL 2
298 static int terminate_mode = ST_INIT;
300 static void signal_threads(int mode)
302 if (terminate_mode == mode) {
305 terminate_mode = mode;
307 /* in case we weren't called from the listener thread, wake up the
312 /* for ungraceful termination, let the workers exit now;
313 * for graceful termination, the listener thread will notify the
314 * workers to exit once it has stopped accepting new connections
316 if (mode == ST_UNGRACEFUL) {
317 workers_may_exit = 1;
318 ap_queue_interrupt_all(worker_queue);
319 ap_queue_info_term(worker_queue_info);
320 close_worker_sockets(); /* forcefully kill all current connections */
324 AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result)
327 case AP_MPMQ_MAX_DAEMON_USED:
328 *result = ap_max_daemons_limit;
330 case AP_MPMQ_IS_THREADED:
331 *result = AP_MPMQ_STATIC;
333 case AP_MPMQ_IS_FORKED:
334 *result = AP_MPMQ_DYNAMIC;
336 case AP_MPMQ_HARD_LIMIT_DAEMONS:
337 *result = server_limit;
339 case AP_MPMQ_HARD_LIMIT_THREADS:
340 *result = thread_limit;
342 case AP_MPMQ_MAX_THREADS:
343 *result = ap_threads_per_child;
345 case AP_MPMQ_MIN_SPARE_DAEMONS:
348 case AP_MPMQ_MIN_SPARE_THREADS:
349 *result = min_spare_threads;
351 case AP_MPMQ_MAX_SPARE_DAEMONS:
354 case AP_MPMQ_MAX_SPARE_THREADS:
355 *result = max_spare_threads;
357 case AP_MPMQ_MAX_REQUESTS_DAEMON:
358 *result = ap_max_requests_per_child;
360 case AP_MPMQ_MAX_DAEMONS:
361 *result = ap_daemons_limit;
367 /* a clean exit from a child with proper cleanup */
368 static void clean_child_exit(int code) __attribute__ ((noreturn));
369 static void clean_child_exit(int code)
372 apr_pool_destroy(pchild);
377 static void just_die(int sig)
382 /*****************************************************************
383 * Connection structures and accounting...
386 /* volatile just in case */
387 static int volatile shutdown_pending;
388 static int volatile restart_pending;
389 static int volatile is_graceful;
390 static volatile int child_fatal;
391 ap_generation_t volatile ap_my_generation;
394 * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
395 * functions to initiate shutdown or restart without relying on signals.
396 * Previously this was initiated in sig_term() and restart() signal handlers,
397 * but we want to be able to start a shutdown/restart from other sources --
398 * e.g. on Win32, from the service manager. Now the service manager can
399 * call ap_start_shutdown() or ap_start_restart() as appropiate. Note that
400 * these functions can also be called by the child processes, since global
401 * variables are no longer used to pass on the required action to the parent.
403 * These should only be called from the parent process itself, since the
404 * parent process will use the shutdown_pending and restart_pending variables
405 * to determine whether to shutdown or restart. The child process should
406 * call signal_parent() directly to tell the parent to die -- this will
407 * cause neither of those variable to be set, which the parent will
408 * assume means something serious is wrong (which it will be, for the
409 * child to force an exit) and so do an exit anyway.
412 static void ap_start_shutdown(void)
414 if (shutdown_pending == 1) {
415 /* Um, is this _probably_ not an error, if the user has
416 * tried to do a shutdown twice quickly, so we won't
417 * worry about reporting it.
421 shutdown_pending = 1;
424 /* do a graceful restart if graceful == 1 */
425 static void ap_start_restart(int graceful)
428 if (restart_pending == 1) {
429 /* Probably not an error - don't bother reporting it */
433 is_graceful = graceful;
436 static void sig_term(int sig)
441 static void restart(int sig)
443 ap_start_restart(sig == AP_SIG_GRACEFUL);
446 static void set_signals(void)
448 #ifndef NO_USE_SIGACTION
453 ap_fatal_signal_setup(ap_server_conf, pconf);
456 #ifndef NO_USE_SIGACTION
457 sigemptyset(&sa.sa_mask);
460 sa.sa_handler = sig_term;
461 if (sigaction(SIGTERM, &sa, NULL) < 0)
462 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
463 "sigaction(SIGTERM)");
465 if (sigaction(SIGINT, &sa, NULL) < 0)
466 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
467 "sigaction(SIGINT)");
470 sa.sa_handler = SIG_DFL;
471 if (sigaction(SIGXCPU, &sa, NULL) < 0)
472 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
473 "sigaction(SIGXCPU)");
476 sa.sa_handler = SIG_DFL;
477 if (sigaction(SIGXFSZ, &sa, NULL) < 0)
478 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
479 "sigaction(SIGXFSZ)");
482 sa.sa_handler = SIG_IGN;
483 if (sigaction(SIGPIPE, &sa, NULL) < 0)
484 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
485 "sigaction(SIGPIPE)");
488 /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy
490 sigaddset(&sa.sa_mask, SIGHUP);
491 sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL);
492 sa.sa_handler = restart;
493 if (sigaction(SIGHUP, &sa, NULL) < 0)
494 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
495 "sigaction(SIGHUP)");
496 if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0)
497 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
498 "sigaction(" AP_SIG_GRACEFUL_STRING ")");
502 apr_signal(SIGXCPU, SIG_DFL);
505 apr_signal(SIGXFSZ, SIG_DFL);
509 apr_signal(SIGTERM, sig_term);
511 apr_signal(SIGHUP, restart);
513 #ifdef AP_SIG_GRACEFUL
514 apr_signal(AP_SIG_GRACEFUL, restart);
515 #endif /* AP_SIG_GRACEFUL */
517 apr_signal(SIGPIPE, SIG_IGN);
523 /*****************************************************************
524 * Here follows a long bunch of generic server bookkeeping stuff...
527 int ap_graceful_stop_signalled(void)
528 /* XXX this is really a bad confusing obsolete name
529 * maybe it should be ap_mpm_process_exiting?
532 /* note: for a graceful termination, listener_may_exit will be set before
533 * workers_may_exit, so check listener_may_exit
535 return listener_may_exit;
538 /*****************************************************************
539 * Child process main loop.
542 static void process_socket(apr_pool_t *p, apr_socket_t *sock, int my_child_num,
543 int my_thread_num, apr_bucket_alloc_t *bucket_alloc)
545 conn_rec *current_conn;
546 long conn_id = ID_FROM_CHILD_THREAD(my_child_num, my_thread_num);
550 ap_create_sb_handle(&sbh, p, my_child_num, my_thread_num);
551 apr_os_sock_get(&csd, sock);
553 if (csd >= FD_SETSIZE) {
554 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
555 "new file descriptor %d is too large; you probably need "
556 "to rebuild Apache with a larger FD_SETSIZE "
559 apr_socket_close(sock);
563 current_conn = ap_run_create_connection(p, ap_server_conf, sock,
564 conn_id, sbh, bucket_alloc);
566 ap_process_connection(current_conn, sock);
567 ap_lingering_close(current_conn);
571 /* requests_this_child has gone to zero or below. See if the admin coded
572 "MaxRequestsPerChild 0", and keep going in that case. Doing it this way
573 simplifies the hot path in worker_thread */
574 static void check_infinite_requests(void)
576 if (ap_max_requests_per_child) {
577 signal_threads(ST_GRACEFUL);
580 /* wow! if you're executing this code, you may have set a record.
581 * either this child process has served over 2 billion requests, or
582 * you're running a threaded 2.0 on a 16 bit machine.
584 * I'll buy pizza and beers at Apachecon for the first person to do
585 * the former without cheating (dorking with INT_MAX, or running with
586 * uncommitted performance patches, for example).
588 * for the latter case, you probably deserve a beer too. Greg Ames
591 requests_this_child = INT_MAX; /* keep going */
595 static void unblock_signal(int sig)
599 sigemptyset(&sig_mask);
600 sigaddset(&sig_mask, sig);
601 #if defined(SIGPROCMASK_SETS_THREAD_MASK)
602 sigprocmask(SIG_UNBLOCK, &sig_mask, NULL);
604 pthread_sigmask(SIG_UNBLOCK, &sig_mask, NULL);
608 static void dummy_signal_handler(int sig)
610 /* XXX If specifying SIG_IGN is guaranteed to unblock a syscall,
611 * then we don't need this goofy function.
615 static void *listener_thread(apr_thread_t *thd, void * dummy)
617 proc_info * ti = dummy;
618 int process_slot = ti->pid;
619 apr_pool_t *tpool = apr_thread_pool_get(thd);
621 apr_pool_t *ptrans; /* Pool for per-transaction stuff */
622 apr_pool_t *recycled_pool = NULL;
624 apr_pollfd_t *pollset;
626 ap_listen_rec *lr, *last_lr = ap_listeners;
627 int have_idle_worker = 0;
631 apr_poll_setup(&pollset, num_listensocks, tpool);
632 for(lr = ap_listeners ; lr != NULL ; lr = lr->next)
633 apr_poll_socket_add(pollset, lr->sd, APR_POLLIN);
635 /* Unblock the signal used to wake this thread up, and set a handler for
638 unblock_signal(LISTENER_SIGNAL);
639 apr_signal(LISTENER_SIGNAL, dummy_signal_handler);
641 /* TODO: Switch to a system where threads reuse the results from earlier
642 poll calls - manoj */
644 /* TODO: requests_this_child should be synchronized - aaron */
645 if (requests_this_child <= 0) {
646 check_infinite_requests();
648 if (listener_may_exit) break;
650 if (!have_idle_worker) {
651 rv = ap_queue_info_wait_for_idler(worker_queue_info,
653 if (APR_STATUS_IS_EOF(rv)) {
654 break; /* we've been signaled to die now */
656 else if (rv != APR_SUCCESS) {
657 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
658 "apr_queue_info_wait failed. Attempting to "
659 " shutdown process gracefully.");
660 signal_threads(ST_GRACEFUL);
663 have_idle_worker = 1;
666 /* We've already decremented the idle worker count inside
667 * ap_queue_info_wait_for_idler. */
669 if ((rv = SAFE_ACCEPT(apr_proc_mutex_lock(accept_mutex)))
671 int level = APLOG_EMERG;
673 if (listener_may_exit) {
676 if (ap_scoreboard_image->parent[process_slot].generation !=
677 ap_scoreboard_image->global->running_generation) {
678 level = APLOG_DEBUG; /* common to get these at restart time */
680 ap_log_error(APLOG_MARK, level, rv, ap_server_conf,
681 "apr_proc_mutex_lock failed. Attempting to shutdown "
682 "process gracefully.");
683 signal_threads(ST_GRACEFUL);
684 break; /* skip the lock release */
687 if (!ap_listeners->next) {
688 /* Only one listener, so skip the poll */
692 while (!listener_may_exit) {
696 ret = apr_poll(pollset, num_listensocks, &n, -1);
697 if (ret != APR_SUCCESS) {
698 if (APR_STATUS_IS_EINTR(ret)) {
702 /* apr_poll() will only return errors in catastrophic
703 * circumstances. Let's try exiting gracefully, for now. */
704 ap_log_error(APLOG_MARK, APLOG_ERR, ret, (const server_rec *)
705 ap_server_conf, "apr_poll: (listen)");
706 signal_threads(ST_GRACEFUL);
709 if (listener_may_exit) break;
711 /* find a listener */
718 /* XXX: Should we check for POLLERR? */
719 apr_poll_revents_get(&event, lr->sd, pollset);
720 if (event & APR_POLLIN) {
724 } while (lr != last_lr);
728 if (!listener_may_exit) {
729 /* create a new transaction pool for each accepted socket */
730 if (recycled_pool == NULL) {
731 apr_allocator_t *allocator;
733 apr_allocator_create(&allocator);
734 apr_allocator_max_free_set(allocator, ap_max_mem_free);
735 apr_pool_create_ex(&ptrans, NULL, NULL, allocator);
736 apr_allocator_owner_set(allocator, ptrans);
739 ptrans = recycled_pool;
741 apr_pool_tag(ptrans, "transaction");
742 rv = lr->accept_func(&csd, lr, ptrans);
743 /* later we trash rv and rely on csd to indicate success/failure */
744 AP_DEBUG_ASSERT(rv == APR_SUCCESS || !csd);
746 if (rv == APR_EGENERAL) {
747 /* E[NM]FILE, ENOMEM, etc */
748 resource_shortage = 1;
749 signal_threads(ST_GRACEFUL);
751 if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(accept_mutex)))
753 int level = APLOG_EMERG;
755 if (listener_may_exit) {
758 if (ap_scoreboard_image->parent[process_slot].generation !=
759 ap_scoreboard_image->global->running_generation) {
760 level = APLOG_DEBUG; /* common to get these at restart time */
762 ap_log_error(APLOG_MARK, level, rv, ap_server_conf,
763 "apr_proc_mutex_unlock failed. Attempting to "
764 "shutdown process gracefully.");
765 signal_threads(ST_GRACEFUL);
768 rv = ap_queue_push(worker_queue, csd, ptrans);
770 /* trash the connection; we couldn't queue the connected
773 apr_socket_close(csd);
774 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
775 "ap_queue_push failed");
778 have_idle_worker = 0;
783 if ((rv = SAFE_ACCEPT(apr_proc_mutex_unlock(accept_mutex)))
785 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
786 "apr_proc_mutex_unlock failed. Attempting to "
787 "shutdown process gracefully.");
788 signal_threads(ST_GRACEFUL);
794 ap_queue_term(worker_queue);
796 ap_scoreboard_image->parent[process_slot].quiescing = 1;
798 /* wake up the main thread */
799 kill(ap_my_pid, SIGTERM);
801 apr_thread_exit(thd, APR_SUCCESS);
805 /* XXX For ungraceful termination/restart, we definitely don't want to
806 * wait for active connections to finish but we may want to wait
807 * for idle workers to get out of the queue code and release mutexes,
808 * since those mutexes are cleaned up pretty soon and some systems
809 * may not react favorably (i.e., segfault) if operations are attempted
810 * on cleaned-up mutexes.
812 static void * APR_THREAD_FUNC worker_thread(apr_thread_t *thd, void * dummy)
814 proc_info * ti = dummy;
815 int process_slot = ti->pid;
816 int thread_slot = ti->tid;
817 apr_socket_t *csd = NULL;
818 apr_bucket_alloc_t *bucket_alloc;
819 apr_pool_t *last_ptrans = NULL;
820 apr_pool_t *ptrans; /* Pool for per-transaction stuff */
826 ap_update_child_status_from_indexes(process_slot, thread_slot, SERVER_STARTING, NULL);
828 bucket_alloc = apr_bucket_alloc_create(apr_thread_pool_get(thd));
830 while (!workers_may_exit) {
832 rv = ap_queue_info_set_idle(worker_queue_info, last_ptrans);
834 if (rv != APR_SUCCESS) {
835 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
836 "ap_queue_info_set_idle failed. Attempting to "
837 "shutdown process gracefully.");
838 signal_threads(ST_GRACEFUL);
844 ap_update_child_status_from_indexes(process_slot, thread_slot, SERVER_READY, NULL);
846 if (workers_may_exit) {
849 rv = ap_queue_pop(worker_queue, &csd, &ptrans);
851 if (rv != APR_SUCCESS) {
852 /* We get APR_EOF during a graceful shutdown once all the connections
853 * accepted by this server process have been handled.
855 if (APR_STATUS_IS_EOF(rv)) {
858 /* We get APR_EINTR whenever ap_queue_pop() has been interrupted
859 * from an explicit call to ap_queue_interrupt_all(). This allows
860 * us to unblock threads stuck in ap_queue_pop() when a shutdown
863 * If workers_may_exit is set and this is ungraceful termination/
864 * restart, we are bound to get an error on some systems (e.g.,
865 * AIX, which sanity-checks mutex operations) since the queue
866 * may have already been cleaned up. Don't log the "error" if
867 * workers_may_exit is set.
869 else if (APR_STATUS_IS_EINTR(rv)) {
872 /* We got some other error. */
873 else if (!workers_may_exit) {
874 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
875 "ap_queue_pop failed");
880 worker_sockets[thread_slot] = csd;
881 process_socket(ptrans, csd, process_slot, thread_slot, bucket_alloc);
882 worker_sockets[thread_slot] = NULL;
883 requests_this_child--; /* FIXME: should be synchronized - aaron */
884 apr_pool_clear(ptrans);
885 last_ptrans = ptrans;
888 ap_update_child_status_from_indexes(process_slot, thread_slot,
889 (dying) ? SERVER_DEAD : SERVER_GRACEFUL, (request_rec *) NULL);
891 apr_bucket_alloc_destroy(bucket_alloc);
893 apr_thread_exit(thd, APR_SUCCESS);
897 static int check_signal(int signum)
907 static void create_listener_thread(thread_starter *ts)
909 int my_child_num = ts->child_num_arg;
910 apr_threadattr_t *thread_attr = ts->threadattr;
914 my_info = (proc_info *)malloc(sizeof(proc_info));
915 my_info->pid = my_child_num;
916 my_info->tid = -1; /* listener thread doesn't have a thread slot */
918 rv = apr_thread_create(&ts->listener, thread_attr, listener_thread,
920 if (rv != APR_SUCCESS) {
921 ap_log_error(APLOG_MARK, APLOG_ALERT, rv, ap_server_conf,
922 "apr_thread_create: unable to create listener thread");
923 /* In case system resources are maxxed out, we don't want
924 * Apache running away with the CPU trying to fork over and
925 * over and over again if we exit.
926 * XXX Jeff doesn't see how Apache is going to try to fork again since
927 * the exit code is APEXIT_CHILDFATAL
929 apr_sleep(apr_time_from_sec(10));
930 clean_child_exit(APEXIT_CHILDFATAL);
932 apr_os_thread_get(&listener_os_thread, ts->listener);
935 /* XXX under some circumstances not understood, children can get stuck
936 * in start_threads forever trying to take over slots which will
937 * never be cleaned up; for now there is an APLOG_DEBUG message issued
938 * every so often when this condition occurs
940 static void * APR_THREAD_FUNC start_threads(apr_thread_t *thd, void *dummy)
942 thread_starter *ts = dummy;
943 apr_thread_t **threads = ts->threads;
944 apr_threadattr_t *thread_attr = ts->threadattr;
945 int child_num_arg = ts->child_num_arg;
946 int my_child_num = child_num_arg;
950 int threads_created = 0;
951 int listener_started = 0;
953 int prev_threads_created;
955 /* We must create the fd queues before we start up the listener
956 * and worker threads. */
957 worker_queue = apr_pcalloc(pchild, sizeof(*worker_queue));
958 rv = ap_queue_init(worker_queue, ap_threads_per_child, pchild);
959 if (rv != APR_SUCCESS) {
960 ap_log_error(APLOG_MARK, APLOG_ALERT, rv, ap_server_conf,
961 "ap_queue_init() failed");
962 clean_child_exit(APEXIT_CHILDFATAL);
965 rv = ap_queue_info_create(&worker_queue_info, pchild,
966 ap_threads_per_child);
967 if (rv != APR_SUCCESS) {
968 ap_log_error(APLOG_MARK, APLOG_ALERT, rv, ap_server_conf,
969 "ap_queue_info_create() failed");
970 clean_child_exit(APEXIT_CHILDFATAL);
973 worker_sockets = apr_pcalloc(pchild, ap_threads_per_child
974 * sizeof(apr_socket_t *));
976 loops = prev_threads_created = 0;
978 /* ap_threads_per_child does not include the listener thread */
979 for (i = 0; i < ap_threads_per_child; i++) {
980 int status = ap_scoreboard_image->servers[child_num_arg][i].status;
982 if (status != SERVER_GRACEFUL && status != SERVER_DEAD) {
986 my_info = (proc_info *)malloc(sizeof(proc_info));
987 if (my_info == NULL) {
988 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, ap_server_conf,
989 "malloc: out of memory");
990 clean_child_exit(APEXIT_CHILDFATAL);
992 my_info->pid = my_child_num;
996 /* We are creating threads right now */
997 ap_update_child_status_from_indexes(my_child_num, i,
998 SERVER_STARTING, NULL);
999 /* We let each thread update its own scoreboard entry. This is
1000 * done because it lets us deal with tid better.
1002 rv = apr_thread_create(&threads[i], thread_attr,
1003 worker_thread, my_info, pchild);
1004 if (rv != APR_SUCCESS) {
1005 ap_log_error(APLOG_MARK, APLOG_ALERT, rv, ap_server_conf,
1006 "apr_thread_create: unable to create worker thread");
1007 /* In case system resources are maxxed out, we don't want
1008 Apache running away with the CPU trying to fork over and
1009 over and over again if we exit. */
1010 apr_sleep(apr_time_from_sec(10));
1011 clean_child_exit(APEXIT_CHILDFATAL);
1015 /* Start the listener only when there are workers available */
1016 if (!listener_started && threads_created) {
1017 create_listener_thread(ts);
1018 listener_started = 1;
1020 if (start_thread_may_exit || threads_created == ap_threads_per_child) {
1023 /* wait for previous generation to clean up an entry */
1024 apr_sleep(apr_time_from_sec(1));
1026 if (loops % 120 == 0) { /* every couple of minutes */
1027 if (prev_threads_created == threads_created) {
1028 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
1029 "child %" APR_PID_T_FMT " isn't taking over "
1030 "slots very quickly (%d of %d)",
1031 ap_my_pid, threads_created, ap_threads_per_child);
1033 prev_threads_created = threads_created;
1037 /* What state should this child_main process be listed as in the
1039 * ap_update_child_status_from_indexes(my_child_num, i, SERVER_STARTING,
1040 * (request_rec *) NULL);
1042 * This state should be listed separately in the scoreboard, in some kind
1043 * of process_status, not mixed in with the worker threads' status.
1044 * "life_status" is almost right, but it's in the worker's structure, and
1045 * the name could be clearer. gla
1047 apr_thread_exit(thd, APR_SUCCESS);
1051 static void join_workers(apr_thread_t *listener, apr_thread_t **threads)
1054 apr_status_t rv, thread_rv;
1059 /* deal with a rare timing window which affects waking up the
1060 * listener thread... if the signal sent to the listener thread
1061 * is delivered between the time it verifies that the
1062 * listener_may_exit flag is clear and the time it enters a
1063 * blocking syscall, the signal didn't do any good... work around
1064 * that by sleeping briefly and sending it again
1069 #ifdef HAVE_PTHREAD_KILL
1070 pthread_kill(*listener_os_thread, 0)
1075 /* listener not dead yet */
1076 apr_sleep(apr_time_make(0, 500000));
1081 ap_log_error(APLOG_MARK, APLOG_CRIT, 0, ap_server_conf,
1082 "the listener thread didn't exit");
1085 rv = apr_thread_join(&thread_rv, listener);
1086 if (rv != APR_SUCCESS) {
1087 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
1088 "apr_thread_join: unable to join listener thread");
1093 for (i = 0; i < ap_threads_per_child; i++) {
1094 if (threads[i]) { /* if we ever created this thread */
1095 rv = apr_thread_join(&thread_rv, threads[i]);
1096 if (rv != APR_SUCCESS) {
1097 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
1098 "apr_thread_join: unable to join worker "
1106 static void join_start_thread(apr_thread_t *start_thread_id)
1108 apr_status_t rv, thread_rv;
1110 start_thread_may_exit = 1; /* tell it to give up in case it is still
1111 * trying to take over slots from a
1112 * previous generation
1114 rv = apr_thread_join(&thread_rv, start_thread_id);
1115 if (rv != APR_SUCCESS) {
1116 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
1117 "apr_thread_join: unable to join the start "
1122 static void child_main(int child_num_arg)
1124 apr_thread_t **threads;
1127 apr_threadattr_t *thread_attr;
1128 apr_thread_t *start_thread_id;
1130 ap_my_pid = getpid();
1131 ap_fatal_signal_child_setup(ap_server_conf);
1132 apr_pool_create(&pchild, pconf);
1134 /*stuff to do before we switch id's, so we have permissions.*/
1135 ap_reopen_scoreboard(pchild, NULL, 0);
1137 rv = SAFE_ACCEPT(apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname,
1139 if (rv != APR_SUCCESS) {
1140 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
1141 "Couldn't initialize cross-process lock in child");
1142 clean_child_exit(APEXIT_CHILDFATAL);
1145 if (unixd_setup_child()) {
1146 clean_child_exit(APEXIT_CHILDFATAL);
1149 ap_run_child_init(pchild, ap_server_conf);
1151 /* done with init critical section */
1153 /* Just use the standard apr_setup_signal_thread to block all signals
1154 * from being received. The child processes no longer use signals for
1155 * any communication with the parent process.
1157 rv = apr_setup_signal_thread();
1158 if (rv != APR_SUCCESS) {
1159 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
1160 "Couldn't initialize signal thread");
1161 clean_child_exit(APEXIT_CHILDFATAL);
1164 if (ap_max_requests_per_child) {
1165 requests_this_child = ap_max_requests_per_child;
1168 /* coding a value of zero means infinity */
1169 requests_this_child = INT_MAX;
1172 /* Setup worker threads */
1174 /* clear the storage; we may not create all our threads immediately,
1175 * and we want a 0 entry to indicate a thread which was not created
1177 threads = (apr_thread_t **)calloc(1,
1178 sizeof(apr_thread_t *) * ap_threads_per_child);
1179 if (threads == NULL) {
1180 ap_log_error(APLOG_MARK, APLOG_ALERT, errno, ap_server_conf,
1181 "malloc: out of memory");
1182 clean_child_exit(APEXIT_CHILDFATAL);
1185 ts = (thread_starter *)apr_palloc(pchild, sizeof(*ts));
1187 apr_threadattr_create(&thread_attr, pchild);
1188 /* 0 means PTHREAD_CREATE_JOINABLE */
1189 apr_threadattr_detach_set(thread_attr, 0);
1191 ts->threads = threads;
1192 ts->listener = NULL;
1193 ts->child_num_arg = child_num_arg;
1194 ts->threadattr = thread_attr;
1196 rv = apr_thread_create(&start_thread_id, thread_attr, start_threads,
1198 if (rv != APR_SUCCESS) {
1199 ap_log_error(APLOG_MARK, APLOG_ALERT, rv, ap_server_conf,
1200 "apr_thread_create: unable to create worker thread");
1201 /* In case system resources are maxxed out, we don't want
1202 Apache running away with the CPU trying to fork over and
1203 over and over again if we exit. */
1204 apr_sleep(apr_time_from_sec(10));
1205 clean_child_exit(APEXIT_CHILDFATAL);
1208 /* If we are only running in one_process mode, we will want to
1209 * still handle signals. */
1211 /* Block until we get a terminating signal. */
1212 apr_signal_thread(check_signal);
1213 /* make sure the start thread has finished; signal_threads()
1214 * and join_workers() depend on that
1216 /* XXX join_start_thread() won't be awakened if one of our
1217 * threads encounters a critical error and attempts to
1218 * shutdown this child
1220 join_start_thread(start_thread_id);
1221 signal_threads(ST_UNGRACEFUL); /* helps us terminate a little more
1222 * quickly than the dispatch of the signal thread
1223 * beats the Pipe of Death and the browsers
1225 /* A terminating signal was received. Now join each of the
1226 * workers to clean them up.
1227 * If the worker already exited, then the join frees
1228 * their resources and returns.
1229 * If the worker hasn't exited, then this blocks until
1230 * they have (then cleans up).
1232 join_workers(ts->listener, threads);
1234 else { /* !one_process */
1235 /* remove SIGTERM from the set of blocked signals... if one of
1236 * the other threads in the process needs to take us down
1237 * (e.g., for MaxRequestsPerChild) it will send us SIGTERM
1239 unblock_signal(SIGTERM);
1240 apr_signal(SIGTERM, dummy_signal_handler);
1241 /* Watch for any messages from the parent over the POD */
1243 rv = ap_mpm_pod_check(pod);
1244 if (rv == AP_NORESTART) {
1245 /* see if termination was triggered while we slept */
1246 switch(terminate_mode) {
1255 if (rv == AP_GRACEFUL || rv == AP_RESTART) {
1256 /* make sure the start thread has finished;
1257 * signal_threads() and join_workers depend on that
1259 join_start_thread(start_thread_id);
1260 signal_threads(rv == AP_GRACEFUL ? ST_GRACEFUL : ST_UNGRACEFUL);
1265 /* A terminating signal was received. Now join each of the
1266 * workers to clean them up.
1267 * If the worker already exited, then the join frees
1268 * their resources and returns.
1269 * If the worker hasn't exited, then this blocks until
1270 * they have (then cleans up).
1272 join_workers(ts->listener, threads);
1277 clean_child_exit(resource_shortage ? APEXIT_CHILDSICK : 0);
1280 static int make_child(server_rec *s, int slot)
1284 if (slot + 1 > ap_max_daemons_limit) {
1285 ap_max_daemons_limit = slot + 1;
1290 ap_scoreboard_image->parent[slot].pid = getpid();
1294 if ((pid = fork()) == -1) {
1295 ap_log_error(APLOG_MARK, APLOG_ERR, errno, s,
1296 "fork: Unable to fork new process");
1298 /* fork didn't succeed. Fix the scoreboard or else
1299 * it will say SERVER_STARTING forever and ever
1301 ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD, NULL);
1303 /* In case system resources are maxxed out, we don't want
1304 Apache running away with the CPU trying to fork over and
1305 over and over again. */
1306 apr_sleep(apr_time_from_sec(10));
1312 #ifdef HAVE_BINDPROCESSOR
1313 /* By default, AIX binds to a single processor. This bit unbinds
1314 * children which will then bind to another CPU.
1316 int status = bindprocessor(BINDPROCESS, (int)getpid(),
1317 PROCESSOR_CLASS_ANY);
1319 ap_log_error(APLOG_MARK, APLOG_WARNING, errno,
1321 "processor unbind failed %d", status);
1323 RAISE_SIGSTOP(MAKE_CHILD);
1325 apr_signal(SIGTERM, just_die);
1328 clean_child_exit(0);
1331 ap_scoreboard_image->parent[slot].quiescing = 0;
1332 ap_scoreboard_image->parent[slot].pid = pid;
1336 /* start up a bunch of children */
1337 static void startup_children(int number_to_start)
1341 for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
1342 if (ap_scoreboard_image->parent[i].pid != 0) {
1345 if (make_child(ap_server_conf, i) < 0) {
1354 * idle_spawn_rate is the number of children that will be spawned on the
1355 * next maintenance cycle if there aren't enough idle servers. It is
1356 * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
1357 * without the need to spawn.
1359 static int idle_spawn_rate = 1;
1360 #ifndef MAX_SPAWN_RATE
1361 #define MAX_SPAWN_RATE (32)
1363 static int hold_off_on_exponential_spawning;
1365 static void perform_idle_server_maintenance(void)
1368 int idle_thread_count;
1372 int totally_free_length = 0;
1373 int free_slots[MAX_SPAWN_RATE];
1377 /* initialize the free_list */
1380 idle_thread_count = 0;
1384 for (i = 0; i < ap_daemons_limit; ++i) {
1385 /* Initialization to satisfy the compiler. It doesn't know
1386 * that ap_threads_per_child is always > 0 */
1387 int status = SERVER_DEAD;
1388 int any_dying_threads = 0;
1389 int any_dead_threads = 0;
1390 int all_dead_threads = 1;
1392 if (i >= ap_max_daemons_limit && totally_free_length == idle_spawn_rate)
1394 ps = &ap_scoreboard_image->parent[i];
1395 for (j = 0; j < ap_threads_per_child; j++) {
1396 ws = &ap_scoreboard_image->servers[i][j];
1397 status = ws->status;
1399 /* XXX any_dying_threads is probably no longer needed GLA */
1400 any_dying_threads = any_dying_threads ||
1401 (status == SERVER_GRACEFUL);
1402 any_dead_threads = any_dead_threads || (status == SERVER_DEAD);
1403 all_dead_threads = all_dead_threads &&
1404 (status == SERVER_DEAD ||
1405 status == SERVER_GRACEFUL);
1407 /* We consider a starting server as idle because we started it
1408 * at least a cycle ago, and if it still hasn't finished starting
1409 * then we're just going to swamp things worse by forking more.
1410 * So we hopefully won't need to fork more if we count it.
1411 * This depends on the ordering of SERVER_READY and SERVER_STARTING.
1413 if (status <= SERVER_READY && status != SERVER_DEAD &&
1415 ps->generation == ap_my_generation &&
1416 /* XXX the following shouldn't be necessary if we clean up
1417 * properly after seg faults, but we're not yet GLA
1420 ++idle_thread_count;
1423 if (any_dead_threads && totally_free_length < idle_spawn_rate
1424 && (!ps->pid /* no process in the slot */
1425 || ps->quiescing)) { /* or at least one is going away */
1426 if (all_dead_threads) {
1427 /* great! we prefer these, because the new process can
1428 * start more threads sooner. So prioritize this slot
1429 * by putting it ahead of any slots with active threads.
1431 * first, make room by moving a slot that's potentially still
1432 * in use to the end of the array
1434 free_slots[free_length] = free_slots[totally_free_length];
1435 free_slots[totally_free_length++] = i;
1438 /* slot is still in use - back of the bus
1440 free_slots[free_length] = i;
1444 /* XXX if (!ps->quiescing) is probably more reliable GLA */
1445 if (!any_dying_threads) {
1450 ap_max_daemons_limit = last_non_dead + 1;
1452 if (idle_thread_count > max_spare_threads) {
1453 /* Kill off one child */
1454 ap_mpm_pod_signal(pod, TRUE);
1455 idle_spawn_rate = 1;
1457 else if (idle_thread_count < min_spare_threads) {
1458 /* terminate the free list */
1459 if (free_length == 0) {
1460 /* only report this condition once */
1461 static int reported = 0;
1464 ap_log_error(APLOG_MARK, APLOG_ERR, 0,
1466 "server reached MaxClients setting, consider"
1467 " raising the MaxClients setting");
1470 idle_spawn_rate = 1;
1473 if (free_length > idle_spawn_rate) {
1474 free_length = idle_spawn_rate;
1476 if (idle_spawn_rate >= 8) {
1477 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
1479 "server seems busy, (you may need "
1480 "to increase StartServers, ThreadsPerChild "
1481 "or Min/MaxSpareThreads), "
1482 "spawning %d children, there are around %d idle "
1483 "threads, and %d total children", free_length,
1484 idle_thread_count, total_non_dead);
1486 for (i = 0; i < free_length; ++i) {
1487 make_child(ap_server_conf, free_slots[i]);
1489 /* the next time around we want to spawn twice as many if this
1490 * wasn't good enough, but not if we've just done a graceful
1492 if (hold_off_on_exponential_spawning) {
1493 --hold_off_on_exponential_spawning;
1495 else if (idle_spawn_rate < MAX_SPAWN_RATE) {
1496 idle_spawn_rate *= 2;
1501 idle_spawn_rate = 1;
1505 static void server_main_loop(int remaining_children_to_start)
1508 apr_exit_why_e exitwhy;
1509 int status, processed_status;
1513 while (!restart_pending && !shutdown_pending) {
1514 ap_wait_or_timeout(&exitwhy, &status, &pid, pconf);
1516 if (pid.pid != -1) {
1517 processed_status = ap_process_child_status(&pid, exitwhy, status);
1518 if (processed_status == APEXIT_CHILDFATAL) {
1519 shutdown_pending = 1;
1523 /* non-fatal death... note that it's gone in the scoreboard. */
1524 child_slot = find_child_by_pid(&pid);
1525 if (child_slot >= 0) {
1526 for (i = 0; i < ap_threads_per_child; i++)
1527 ap_update_child_status_from_indexes(child_slot, i, SERVER_DEAD,
1528 (request_rec *) NULL);
1530 ap_scoreboard_image->parent[child_slot].pid = 0;
1531 ap_scoreboard_image->parent[child_slot].quiescing = 0;
1532 if (processed_status == APEXIT_CHILDSICK) {
1533 /* resource shortage, minimize the fork rate */
1534 idle_spawn_rate = 1;
1536 else if (remaining_children_to_start
1537 && child_slot < ap_daemons_limit) {
1538 /* we're still doing a 1-for-1 replacement of dead
1539 * children with new children
1541 make_child(ap_server_conf, child_slot);
1542 --remaining_children_to_start;
1544 #if APR_HAS_OTHER_CHILD
1546 else if (apr_proc_other_child_read(&pid, status) == 0) {
1550 else if (is_graceful) {
1551 /* Great, we've probably just lost a slot in the
1552 * scoreboard. Somehow we don't know about this child.
1554 ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
1556 "long lost child came home! (pid %ld)",
1559 /* Don't perform idle maintenance when a child dies,
1560 * only do it when there's a timeout. Remember only a
1561 * finite number of children can die, and it's pretty
1562 * pathological for a lot to die suddenly.
1566 else if (remaining_children_to_start) {
1567 /* we hit a 1 second timeout in which none of the previous
1568 * generation of children needed to be reaped... so assume
1569 * they're all done, and pick up the slack if any is left.
1571 startup_children(remaining_children_to_start);
1572 remaining_children_to_start = 0;
1573 /* In any event we really shouldn't do the code below because
1574 * few of the servers we just started are in the IDLE state
1575 * yet, so we'd mistakenly create an extra server.
1580 perform_idle_server_maintenance();
1584 int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
1586 int remaining_children_to_start;
1589 ap_log_pid(pconf, ap_pid_fname);
1591 first_server_limit = server_limit;
1592 first_thread_limit = thread_limit;
1593 if (changed_limit_at_restart) {
1594 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
1595 "WARNING: Attempt to change ServerLimit or ThreadLimit "
1596 "ignored during restart");
1597 changed_limit_at_restart = 0;
1600 /* Initialize cross-process accept lock */
1601 ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT,
1602 ap_server_root_relative(_pconf, ap_lock_fname),
1605 rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname,
1606 ap_accept_lock_mech, _pconf);
1607 if (rv != APR_SUCCESS) {
1608 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
1609 "Couldn't create accept lock");
1613 #if APR_USE_SYSVSEM_SERIALIZE
1614 if (ap_accept_lock_mech == APR_LOCK_DEFAULT ||
1615 ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
1617 if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
1619 rv = unixd_set_proc_mutex_perms(accept_mutex);
1620 if (rv != APR_SUCCESS) {
1621 ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
1622 "Couldn't set permissions on cross-process lock; "
1623 "check User and Group directives");
1629 if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) {
1632 /* fix the generation number in the global score; we just got a new,
1633 * cleared scoreboard
1635 ap_scoreboard_image->global->running_generation = ap_my_generation;
1639 /* Don't thrash... */
1640 if (max_spare_threads < min_spare_threads + ap_threads_per_child)
1641 max_spare_threads = min_spare_threads + ap_threads_per_child;
1643 /* If we're doing a graceful_restart then we're going to see a lot
1644 * of children exiting immediately when we get into the main loop
1645 * below (because we just sent them AP_SIG_GRACEFUL). This happens pretty
1646 * rapidly... and for each one that exits we'll start a new one until
1647 * we reach at least daemons_min_free. But we may be permitted to
1648 * start more than that, so we'll just keep track of how many we're
1649 * supposed to start up without the 1 second penalty between each fork.
1651 remaining_children_to_start = ap_daemons_to_start;
1652 if (remaining_children_to_start > ap_daemons_limit) {
1653 remaining_children_to_start = ap_daemons_limit;
1656 startup_children(remaining_children_to_start);
1657 remaining_children_to_start = 0;
1660 /* give the system some time to recover before kicking into
1661 * exponential mode */
1662 hold_off_on_exponential_spawning = 10;
1665 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
1666 "%s configured -- resuming normal operations",
1667 ap_get_server_version());
1668 ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
1669 "Server built: %s", ap_get_server_built());
1670 #ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
1671 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
1672 "AcceptMutex: %s (default: %s)",
1673 apr_proc_mutex_name(accept_mutex),
1674 apr_proc_mutex_defname());
1676 restart_pending = shutdown_pending = 0;
1678 server_main_loop(remaining_children_to_start);
1680 if (shutdown_pending) {
1681 /* Time to gracefully shut down:
1682 * Kill child processes, tell them to call child_exit, etc...
1683 * (By "gracefully" we don't mean graceful in the same sense as
1684 * "apachectl graceful" where we allow old connections to finish.)
1686 ap_mpm_pod_killpg(pod, ap_daemons_limit, FALSE);
1687 ap_reclaim_child_processes(1); /* Start with SIGTERM */
1690 /* cleanup pid file on normal shutdown */
1691 const char *pidfile = NULL;
1692 pidfile = ap_server_root_relative (pconf, ap_pid_fname);
1693 if ( pidfile != NULL && unlink(pidfile) == 0)
1694 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
1696 "removed PID file %s (pid=%ld)",
1697 pidfile, (long)getpid());
1699 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0,
1700 ap_server_conf, "caught SIGTERM, shutting down");
1705 /* we've been told to restart */
1706 apr_signal(SIGHUP, SIG_IGN);
1709 /* not worth thinking about */
1713 /* advance to the next generation */
1714 /* XXX: we really need to make sure this new generation number isn't in
1715 * use by any of the children.
1718 ap_scoreboard_image->global->running_generation = ap_my_generation;
1721 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
1722 AP_SIG_GRACEFUL_STRING " received. Doing graceful restart");
1723 /* wake up the children...time to die. But we'll have more soon */
1724 ap_mpm_pod_killpg(pod, ap_daemons_limit, TRUE);
1727 /* This is mostly for debugging... so that we know what is still
1728 * gracefully dealing with existing request.
1733 /* Kill 'em all. Since the child acts the same on the parents SIGTERM
1734 * and a SIGHUP, we may as well use the same signal, because some user
1735 * pthreads are stealing signals from us left and right.
1737 ap_mpm_pod_killpg(pod, ap_daemons_limit, FALSE);
1739 ap_reclaim_child_processes(1); /* Start with SIGTERM */
1740 ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
1741 "SIGHUP received. Attempting to restart");
1747 /* This really should be a post_config hook, but the error log is already
1748 * redirected by that point, so we need to do this in the open_logs phase.
1750 static int worker_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
1757 if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) {
1758 ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0,
1759 NULL, "no listening sockets available, shutting down");
1764 if ((rv = ap_mpm_pod_open(pconf, &pod))) {
1765 ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL,
1766 "Could not open pipe-of-death.");
1773 static int worker_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
1776 static int restart_num = 0;
1777 int no_detach, debug, foreground;
1778 ap_directive_t *pdir;
1779 ap_directive_t *max_clients = NULL;
1782 /* make sure that "ThreadsPerChild" gets set before "MaxClients" */
1783 for (pdir = ap_conftree; pdir != NULL; pdir = pdir->next) {
1784 if (strncasecmp(pdir->directive, "ThreadsPerChild", 15) == 0) {
1786 break; /* we're in the clear, got ThreadsPerChild first */
1789 /* now to swap the data */
1790 ap_directive_t temp;
1792 temp.directive = pdir->directive;
1793 temp.args = pdir->args;
1794 /* Make sure you don't change 'next', or you may get loops! */
1795 /* XXX: first_child, parent, and data can never be set
1796 * for these directives, right? -aaron */
1797 temp.filename = pdir->filename;
1798 temp.line_num = pdir->line_num;
1800 pdir->directive = max_clients->directive;
1801 pdir->args = max_clients->args;
1802 pdir->filename = max_clients->filename;
1803 pdir->line_num = max_clients->line_num;
1805 max_clients->directive = temp.directive;
1806 max_clients->args = temp.args;
1807 max_clients->filename = temp.filename;
1808 max_clients->line_num = temp.line_num;
1812 else if (!max_clients
1813 && strncasecmp(pdir->directive, "MaxClients", 10) == 0) {
1818 debug = ap_exists_config_define("DEBUG");
1821 foreground = one_process = 1;
1825 one_process = ap_exists_config_define("ONE_PROCESS");
1826 no_detach = ap_exists_config_define("NO_DETACH");
1827 foreground = ap_exists_config_define("FOREGROUND");
1830 /* sigh, want this only the second time around */
1831 if (restart_num++ == 1) {
1834 if (!one_process && !foreground) {
1835 rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND
1836 : APR_PROC_DETACH_DAEMONIZE);
1837 if (rv != APR_SUCCESS) {
1838 ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
1839 "apr_proc_detach failed");
1840 return HTTP_INTERNAL_SERVER_ERROR;
1843 parent_pid = ap_my_pid = getpid();
1846 unixd_pre_config(ptemp);
1847 ap_listen_pre_config();
1848 ap_daemons_to_start = DEFAULT_START_DAEMON;
1849 min_spare_threads = DEFAULT_MIN_FREE_DAEMON * DEFAULT_THREADS_PER_CHILD;
1850 max_spare_threads = DEFAULT_MAX_FREE_DAEMON * DEFAULT_THREADS_PER_CHILD;
1851 ap_daemons_limit = server_limit;
1852 ap_threads_per_child = DEFAULT_THREADS_PER_CHILD;
1853 ap_pid_fname = DEFAULT_PIDLOG;
1854 ap_lock_fname = DEFAULT_LOCKFILE;
1855 ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
1856 ap_extended_status = 0;
1858 apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
1863 static void worker_hooks(apr_pool_t *p)
1865 /* The worker open_logs phase must run before the core's, or stderr
1866 * will be redirected to a file, and the messages won't print to the
1869 static const char *const aszSucc[] = {"core.c", NULL};
1872 ap_hook_open_logs(worker_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE);
1873 ap_hook_pre_config(worker_pre_config, NULL, NULL, APR_HOOK_MIDDLE);
1876 static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy,
1879 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1884 ap_daemons_to_start = atoi(arg);
1888 static const char *set_min_spare_threads(cmd_parms *cmd, void *dummy,
1891 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1896 min_spare_threads = atoi(arg);
1897 if (min_spare_threads <= 0) {
1898 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1899 "WARNING: detected MinSpareThreads set to non-positive.");
1900 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1901 "Resetting to 1 to avoid almost certain Apache failure.");
1902 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1903 "Please read the documentation.");
1904 min_spare_threads = 1;
1910 static const char *set_max_spare_threads(cmd_parms *cmd, void *dummy,
1913 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1918 max_spare_threads = atoi(arg);
1922 static const char *set_max_clients (cmd_parms *cmd, void *dummy,
1926 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1931 /* It is ok to use ap_threads_per_child here because we are
1932 * sure that it gets set before MaxClients in the pre_config stage. */
1933 max_clients = atoi(arg);
1934 if (max_clients < ap_threads_per_child) {
1935 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1936 "WARNING: MaxClients (%d) must be at least as large",
1938 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1939 " as ThreadsPerChild (%d). Automatically",
1940 ap_threads_per_child);
1941 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1942 " increasing MaxClients to %d.",
1943 ap_threads_per_child);
1944 max_clients = ap_threads_per_child;
1946 ap_daemons_limit = max_clients / ap_threads_per_child;
1947 if ((max_clients > 0) && (max_clients % ap_threads_per_child)) {
1948 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1949 "WARNING: MaxClients (%d) is not an integer multiple",
1951 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1952 " of ThreadsPerChild (%d), lowering MaxClients to %d",
1953 ap_threads_per_child,
1954 ap_daemons_limit * ap_threads_per_child);
1955 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1956 " for a maximum of %d child processes,",
1958 max_clients = ap_daemons_limit * ap_threads_per_child;
1960 if (ap_daemons_limit > server_limit) {
1961 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1962 "WARNING: MaxClients of %d would require %d servers,",
1963 max_clients, ap_daemons_limit);
1964 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1965 " and would exceed the ServerLimit value of %d.",
1967 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1968 " Automatically lowering MaxClients to %d. To increase,",
1970 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1971 " please see the ServerLimit directive.");
1972 ap_daemons_limit = server_limit;
1974 else if (ap_daemons_limit < 1) {
1975 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1976 "WARNING: Require MaxClients > 0, setting to 1");
1977 ap_daemons_limit = 1;
1982 static const char *set_threads_per_child (cmd_parms *cmd, void *dummy,
1985 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
1990 ap_threads_per_child = atoi(arg);
1991 if (ap_threads_per_child > thread_limit) {
1992 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1993 "WARNING: ThreadsPerChild of %d exceeds ThreadLimit "
1994 "value of %d", ap_threads_per_child,
1996 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
1997 "threads, lowering ThreadsPerChild to %d. To increase, please"
1998 " see the", thread_limit);
1999 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2000 " ThreadLimit directive.");
2001 ap_threads_per_child = thread_limit;
2003 else if (ap_threads_per_child < 1) {
2004 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2005 "WARNING: Require ThreadsPerChild > 0, setting to 1");
2006 ap_threads_per_child = 1;
2011 static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg)
2013 int tmp_server_limit;
2015 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
2020 tmp_server_limit = atoi(arg);
2021 /* you cannot change ServerLimit across a restart; ignore
2024 if (first_server_limit &&
2025 tmp_server_limit != server_limit) {
2026 /* how do we log a message? the error log is a bit bucket at this
2027 * point; we'll just have to set a flag so that ap_mpm_run()
2028 * logs a warning later
2030 changed_limit_at_restart = 1;
2033 server_limit = tmp_server_limit;
2035 if (server_limit > MAX_SERVER_LIMIT) {
2036 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2037 "WARNING: ServerLimit of %d exceeds compile time limit "
2038 "of %d servers,", server_limit, MAX_SERVER_LIMIT);
2039 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2040 " lowering ServerLimit to %d.", MAX_SERVER_LIMIT);
2041 server_limit = MAX_SERVER_LIMIT;
2043 else if (server_limit < 1) {
2044 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2045 "WARNING: Require ServerLimit > 0, setting to 1");
2051 static const char *set_thread_limit (cmd_parms *cmd, void *dummy, const char *arg)
2053 int tmp_thread_limit;
2055 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
2060 tmp_thread_limit = atoi(arg);
2061 /* you cannot change ThreadLimit across a restart; ignore
2064 if (first_thread_limit &&
2065 tmp_thread_limit != thread_limit) {
2066 /* how do we log a message? the error log is a bit bucket at this
2067 * point; we'll just have to set a flag so that ap_mpm_run()
2068 * logs a warning later
2070 changed_limit_at_restart = 1;
2073 thread_limit = tmp_thread_limit;
2075 if (thread_limit > MAX_THREAD_LIMIT) {
2076 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2077 "WARNING: ThreadLimit of %d exceeds compile time limit "
2078 "of %d servers,", thread_limit, MAX_THREAD_LIMIT);
2079 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2080 " lowering ThreadLimit to %d.", MAX_THREAD_LIMIT);
2081 thread_limit = MAX_THREAD_LIMIT;
2083 else if (thread_limit < 1) {
2084 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
2085 "WARNING: Require ThreadLimit > 0, setting to 1");
2091 static const command_rec worker_cmds[] = {
2092 UNIX_DAEMON_COMMANDS,
2094 AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
2095 "Number of child processes launched at server startup"),
2096 AP_INIT_TAKE1("MinSpareThreads", set_min_spare_threads, NULL, RSRC_CONF,
2097 "Minimum number of idle threads, to handle request spikes"),
2098 AP_INIT_TAKE1("MaxSpareThreads", set_max_spare_threads, NULL, RSRC_CONF,
2099 "Maximum number of idle threads"),
2100 AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF,
2101 "Maximum number of threads alive at the same time"),
2102 AP_INIT_TAKE1("ThreadsPerChild", set_threads_per_child, NULL, RSRC_CONF,
2103 "Number of threads each child creates"),
2104 AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
2105 "Maximum number of child processes for this run of Apache"),
2106 AP_INIT_TAKE1("ThreadLimit", set_thread_limit, NULL, RSRC_CONF,
2107 "Maximum number of worker threads per child process for this run of Apache - Upper limit for ThreadsPerChild"),
2111 module AP_MODULE_DECLARE_DATA mpm_worker_module = {
2113 ap_mpm_rewrite_args, /* hook to run before apache parses args */
2114 NULL, /* create per-directory config structure */
2115 NULL, /* merge per-directory config structures */
2116 NULL, /* create per-server config structure */
2117 NULL, /* merge per-server config structures */
2118 worker_cmds, /* command apr_table_t */
2119 worker_hooks /* register_hooks */
projects / apache / blob