1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* The purpose of this file is to store the code that MOST mpm's will need
18 * this does not mean a function only goes into this file if every MPM needs
19 * it. It means that if a function is needed by more than one MPM, and
20 * future maintenance would be served by making the code common, then the
21 * function belongs here.
23 * This is going in src/main because it is not platform specific, it is
24 * specific to multi-process servers, but NOT to Unix. Which is why it
25 * does not belong in src/os/unix
31 #include "apr_thread_proc.h"
32 #include "apr_signal.h"
33 #include "apr_strings.h"
34 #define APR_WANT_STRFUNC
36 #include "apr_getopt.h"
37 #include "apr_optional.h"
38 #include "apr_allocator.h"
41 #include "http_config.h"
43 #include "http_main.h"
44 #include "mpm_common.h"
46 #include "ap_listen.h"
47 #include "scoreboard.h"
48 #include "util_mutex.h"
61 APLOG_USE_MODULE(core);
63 typedef enum {DO_NOTHING, SEND_SIGTERM, SEND_SIGKILL, GIVEUP} action_t;
65 typedef struct extra_process_t {
66 struct extra_process_t *next;
71 static extra_process_t *extras;
73 void ap_register_extra_mpm_process(pid_t pid, ap_generation_t gen)
75 extra_process_t *p = (extra_process_t *)malloc(sizeof(extra_process_t));
83 int ap_unregister_extra_mpm_process(pid_t pid, ap_generation_t *gen)
85 extra_process_t *cur = extras;
86 extra_process_t *prev = NULL;
88 while (cur && cur->pid != pid) {
95 prev->next = cur->next;
102 return 1; /* found */
105 /* we don't know about any such process */
110 static int reclaim_one_pid(pid_t pid, action_t action)
113 apr_status_t waitret;
117 /* Ensure pid sanity. */
123 waitret = apr_proc_wait(&proc, &status, &why, APR_NOWAIT);
124 if (waitret != APR_CHILD_NOTDONE) {
125 if (waitret == APR_CHILD_DONE)
126 ap_process_child_status(&proc, why, status);
135 /* ok, now it's being annoying */
136 ap_log_error(APLOG_MARK, APLOG_WARNING,
138 "child process %" APR_PID_T_FMT
139 " still did not exit, "
146 ap_log_error(APLOG_MARK, APLOG_ERR,
148 "child process %" APR_PID_T_FMT
149 " still did not exit, "
156 /* gave it our best shot, but alas... If this really
157 * is a child we are trying to kill and it really hasn't
158 * exited, we will likely fail to bind to the port
161 ap_log_error(APLOG_MARK, APLOG_ERR,
163 "could not make child process %" APR_PID_T_FMT
165 "attempting to continue anyway",
173 void ap_reclaim_child_processes(int terminate,
174 ap_reclaim_callback_fn_t *mpm_callback)
176 apr_time_t waittime = 1024 * 16;
178 extra_process_t *cur_extra;
181 apr_time_t starttime = apr_time_now();
182 /* this table of actions and elapsed times tells what action is taken
183 * at which elapsed time from starting the reclaim
187 apr_time_t action_time;
189 {DO_NOTHING, 0}, /* dummy entry for iterations where we reap
190 * children but take no action against
193 {SEND_SIGTERM, apr_time_from_sec(3)},
194 {SEND_SIGTERM, apr_time_from_sec(5)},
195 {SEND_SIGTERM, apr_time_from_sec(7)},
196 {SEND_SIGKILL, apr_time_from_sec(9)},
197 {GIVEUP, apr_time_from_sec(10)}
199 int cur_action; /* index of action we decided to take this
202 int next_action = 1; /* index of first real action */
204 ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
208 /* don't let waittime get longer than 1 second; otherwise, we don't
209 * react quickly to the last child exiting, and taking action can
212 waittime = waittime * 4;
213 if (waittime > apr_time_from_sec(1)) {
214 waittime = apr_time_from_sec(1);
217 /* see what action to take, if any */
218 if (action_table[next_action].action_time <= apr_time_now() - starttime) {
219 cur_action = next_action;
223 cur_action = 0; /* nothing to do */
226 /* now see who is done */
228 for (i = 0; i < max_daemons; ++i) {
229 process_score *ps = ap_get_scoreboard_process(i);
233 continue; /* not every scoreboard entry is in use */
236 if (reclaim_one_pid(pid, action_table[cur_action].action)) {
237 mpm_callback(i, 0, 0);
246 ap_generation_t old_gen;
247 extra_process_t *next = cur_extra->next;
249 if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
250 if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
251 mpm_callback(-1, cur_extra->pid, old_gen);
254 AP_DEBUG_ASSERT(1 == 0);
262 #if APR_HAS_OTHER_CHILD
263 apr_proc_other_child_refresh_all(APR_OC_REASON_RESTART);
266 } while (not_dead_yet > 0 &&
267 action_table[cur_action].action != GIVEUP);
270 void ap_relieve_child_processes(ap_reclaim_callback_fn_t *mpm_callback)
273 extra_process_t *cur_extra;
276 ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
278 /* now see who is done */
279 for (i = 0; i < max_daemons; ++i) {
280 process_score *ps = ap_get_scoreboard_process(i);
284 continue; /* not every scoreboard entry is in use */
287 if (reclaim_one_pid(pid, DO_NOTHING)) {
288 mpm_callback(i, 0, 0);
294 ap_generation_t old_gen;
295 extra_process_t *next = cur_extra->next;
297 if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
298 if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
299 mpm_callback(-1, cur_extra->pid, old_gen);
302 AP_DEBUG_ASSERT(1 == 0);
309 /* Before sending the signal to the pid this function verifies that
310 * the pid is a member of the current process group; either using
311 * apr_proc_wait(), where waitpid() guarantees to fail for non-child
312 * processes; or by using getpgid() directly, if available. */
313 apr_status_t ap_mpm_safe_kill(pid_t pid, int sig)
321 /* Ensure pid sanity */
327 rv = apr_proc_wait(&proc, &status, &why, APR_NOWAIT);
328 if (rv == APR_CHILD_DONE) {
329 /* The child already died - log the termination status if
331 ap_process_child_status(&proc, why, status);
334 else if (rv != APR_CHILD_NOTDONE) {
335 /* The child is already dead and reaped, or was a bogus pid -
336 * log this either way. */
337 ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, ap_server_conf,
338 "cannot send signal %d to pid %ld (non-child or "
339 "already dead)", sig, (long)pid);
345 /* Ensure pid sanity. */
352 /* Process already dead... */
356 if (pg != getpgrp()) {
357 ap_log_error(APLOG_MARK, APLOG_ALERT, 0, ap_server_conf,
358 "refusing to send signal %d to pid %ld outside "
359 "process group", sig, (long)pid);
364 return kill(pid, sig) ? errno : APR_SUCCESS;
368 int ap_process_child_status(apr_proc_t *pid, apr_exit_why_e why, int status)
373 /* Child died... if it died due to a fatal error,
374 * we should simply bail out. The caller needs to
375 * check for bad rc from us and exit, running any
376 * appropriate cleanups.
378 * If the child died due to a resource shortage,
379 * the parent should limit the rate of forking
381 if (APR_PROC_CHECK_EXIT(why)) {
382 if (status == APEXIT_CHILDSICK) {
386 if (status == APEXIT_CHILDFATAL) {
387 ap_log_error(APLOG_MARK, APLOG_ALERT,
389 "Child %" APR_PID_T_FMT
390 " returned a Fatal error... Apache is exiting!",
392 return APEXIT_CHILDFATAL;
398 if (APR_PROC_CHECK_SIGNALED(why)) {
399 sigdesc = apr_signal_description_get(signum);
404 case AP_SIG_GRACEFUL:
409 if (APR_PROC_CHECK_CORE_DUMP(why)) {
410 ap_log_error(APLOG_MARK, APLOG_NOTICE,
412 "child pid %ld exit signal %s (%d), "
413 "possible coredump in %s",
414 (long)pid->pid, sigdesc, signum,
418 ap_log_error(APLOG_MARK, APLOG_NOTICE,
420 "child pid %ld exit signal %s (%d)",
421 (long)pid->pid, sigdesc, signum);
428 AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
432 *pod = apr_palloc(p, sizeof(**pod));
433 rv = apr_file_pipe_create_ex(&((*pod)->pod_in), &((*pod)->pod_out),
435 if (rv != APR_SUCCESS) {
439 apr_file_pipe_timeout_set((*pod)->pod_in, 0);
442 /* close these before exec. */
443 apr_file_inherit_unset((*pod)->pod_in);
444 apr_file_inherit_unset((*pod)->pod_out);
449 AP_DECLARE(apr_status_t) ap_mpm_pod_check(ap_pod_t *pod)
455 rv = apr_file_read(pod->pod_in, &c, &len);
457 if ((rv == APR_SUCCESS) && (len == 1)) {
461 if (rv != APR_SUCCESS) {
468 AP_DECLARE(apr_status_t) ap_mpm_pod_close(ap_pod_t *pod)
472 rv = apr_file_close(pod->pod_out);
473 if (rv != APR_SUCCESS) {
477 rv = apr_file_close(pod->pod_in);
478 if (rv != APR_SUCCESS) {
485 static apr_status_t pod_signal_internal(ap_pod_t *pod)
488 char char_of_death = '!';
491 rv = apr_file_write(pod->pod_out, &char_of_death, &one);
492 if (rv != APR_SUCCESS) {
493 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
494 "write pipe_of_death");
500 /* This function connects to the server, then immediately closes the connection.
501 * This permits the MPM to skip the poll when there is only one listening
502 * socket, because it provides a alternate way to unblock an accept() when
505 static apr_status_t dummy_connection(ap_pod_t *pod)
514 /* create a temporary pool for the socket. pconf stays around too long */
515 rv = apr_pool_create(&p, pod->p);
516 if (rv != APR_SUCCESS) {
520 /* If possible, find a listener which is configured for
521 * plain-HTTP, not SSL; using an SSL port would either be
522 * expensive to do correctly (performing a complete SSL handshake)
523 * or cause log spam by doing incorrectly (simply sending EOF). */
525 while (lp && lp->protocol && strcasecmp(lp->protocol, "http") != 0) {
532 rv = apr_socket_create(&sock, lp->bind_addr->family, SOCK_STREAM, 0, p);
533 if (rv != APR_SUCCESS) {
534 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
535 "get socket to connect to listener");
540 /* on some platforms (e.g., FreeBSD), the kernel won't accept many
541 * queued connections before it starts blocking local connects...
542 * we need to keep from blocking too long and instead return an error,
543 * because the MPM won't want to hold up a graceful restart for a
546 rv = apr_socket_timeout_set(sock, apr_time_from_sec(3));
547 if (rv != APR_SUCCESS) {
548 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
549 "set timeout on socket to connect to listener");
550 apr_socket_close(sock);
555 rv = apr_socket_connect(sock, lp->bind_addr);
556 if (rv != APR_SUCCESS) {
557 int log_level = APLOG_WARNING;
559 if (APR_STATUS_IS_TIMEUP(rv)) {
560 /* probably some server processes bailed out already and there
561 * is nobody around to call accept and clear out the kernel
562 * connection queue; usually this is not worth logging
564 log_level = APLOG_DEBUG;
567 ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
568 "connect to listener on %pI", lp->bind_addr);
571 /* Create the request string. We include a User-Agent so that
572 * adminstrators can track down the cause of the odd-looking
573 * requests in their logs.
575 srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
576 ap_get_server_description(),
577 " (internal dummy connection)\r\n\r\n", NULL);
579 /* Since some operating systems support buffering of data or entire
580 * requests in the kernel, we send a simple request, to make sure
581 * the server pops out of a blocking accept().
583 /* XXX: This is HTTP specific. We should look at the Protocol for each
584 * listener, and send the correct type of request to trigger any Accept
587 len = strlen(srequest);
588 apr_socket_send(sock, srequest, &len);
589 apr_socket_close(sock);
595 AP_DECLARE(apr_status_t) ap_mpm_pod_signal(ap_pod_t *pod)
599 rv = pod_signal_internal(pod);
600 if (rv != APR_SUCCESS) {
604 return dummy_connection(pod);
607 void ap_mpm_pod_killpg(ap_pod_t *pod, int num)
610 apr_status_t rv = APR_SUCCESS;
612 /* we don't write anything to the pod here... we assume
613 * that the would-be reader of the pod has another way to
614 * see that it is time to die once we wake it up
616 * writing lots of things to the pod at once is very
617 * problematic... we can fill the kernel pipe buffer and
618 * be blocked until somebody consumes some bytes or
619 * we hit a timeout... if we hit a timeout we can't just
620 * keep trying because maybe we'll never successfully
621 * write again... but then maybe we'll leave would-be
622 * readers stranded (a number of them could be tied up for
623 * a while serving time-consuming requests)
625 for (i = 0; i < num && rv == APR_SUCCESS; i++) {
626 rv = dummy_connection(pod);
630 static const char *dash_k_arg = NULL;
631 static const char *dash_k_arg_noarg = "noarg";
633 static int send_signal(pid_t pid, int sig)
635 if (kill(pid, sig) < 0) {
636 ap_log_error(APLOG_MARK, APLOG_STARTUP, errno, NULL,
637 "sending signal to server");
643 int ap_signal_server(int *exit_status, apr_pool_t *pconf)
652 rv = ap_read_pid(pconf, ap_pid_fname, &otherpid);
653 if (rv != APR_SUCCESS) {
654 if (!APR_STATUS_IS_ENOENT(rv)) {
655 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, NULL,
656 "Error retrieving pid file %s", ap_pid_fname);
657 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
658 "Remove it before continuing if it is corrupted.");
662 status = "httpd (no pid file) not running";
665 if (kill(otherpid, 0) == 0) {
667 status = apr_psprintf(pconf,
668 "httpd (pid %" APR_PID_T_FMT ") already "
669 "running", otherpid);
672 status = apr_psprintf(pconf,
673 "httpd (pid %" APR_PID_T_FMT "?) not running",
678 if (!strcmp(dash_k_arg, "start") || dash_k_arg == dash_k_arg_noarg) {
680 printf("%s\n", status);
685 if (!strcmp(dash_k_arg, "stop")) {
687 printf("%s\n", status);
690 send_signal(otherpid, SIGTERM);
695 if (!strcmp(dash_k_arg, "restart")) {
697 printf("httpd not running, trying to start\n");
700 *exit_status = send_signal(otherpid, SIGHUP);
705 if (!strcmp(dash_k_arg, "graceful")) {
707 printf("httpd not running, trying to start\n");
710 *exit_status = send_signal(otherpid, AP_SIG_GRACEFUL);
715 if (!strcmp(dash_k_arg, "graceful-stop")) {
717 printf("%s\n", status);
720 *exit_status = send_signal(otherpid, AP_SIG_GRACEFUL_STOP);
728 void ap_mpm_rewrite_args(process_rec *process)
730 apr_array_header_t *mpm_new_argv;
736 mpm_new_argv = apr_array_make(process->pool, process->argc,
737 sizeof(const char **));
738 *(const char **)apr_array_push(mpm_new_argv) = process->argv[0];
739 apr_getopt_init(&opt, process->pool, process->argc, process->argv);
742 /* option char returned by apr_getopt() will be stored in optbuf[1] */
744 while ((rv = apr_getopt(opt, "k:" AP_SERVER_BASEARGS,
745 optbuf + 1, &optarg)) == APR_SUCCESS) {
749 if (!strcmp(optarg, "start") || !strcmp(optarg, "stop") ||
750 !strcmp(optarg, "restart") || !strcmp(optarg, "graceful") ||
751 !strcmp(optarg, "graceful-stop")) {
757 *(const char **)apr_array_push(mpm_new_argv) =
758 apr_pstrdup(process->pool, optbuf);
760 *(const char **)apr_array_push(mpm_new_argv) = optarg;
765 /* back up to capture the bad argument */
766 if (rv == APR_BADCH || rv == APR_BADARG) {
770 while (opt->ind < opt->argc) {
771 *(const char **)apr_array_push(mpm_new_argv) =
772 apr_pstrdup(process->pool, opt->argv[opt->ind++]);
775 process->argc = mpm_new_argv->nelts;
776 process->argv = (const char * const *)mpm_new_argv->elts;
778 if (NULL == dash_k_arg) {
779 dash_k_arg = dash_k_arg_noarg;
782 APR_REGISTER_OPTIONAL_FN(ap_signal_server);
785 static pid_t parent_pid, my_pid;
786 static apr_pool_t *pconf;
788 #if AP_ENABLE_EXCEPTION_HOOK
790 static int exception_hook_enabled;
792 const char *ap_mpm_set_exception_hook(cmd_parms *cmd, void *dummy,
795 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
800 if (cmd->server->is_virtual) {
801 return "EnableExceptionHook directive not allowed in <VirtualHost>";
804 if (strcasecmp(arg, "on") == 0) {
805 exception_hook_enabled = 1;
807 else if (strcasecmp(arg, "off") == 0) {
808 exception_hook_enabled = 0;
811 return "parameter must be 'on' or 'off'";
817 static void run_fatal_exception_hook(int sig)
819 ap_exception_info_t ei = {0};
821 if (exception_hook_enabled &&
823 my_pid != parent_pid) {
826 ap_run_fatal_exception(&ei);
829 #endif /* AP_ENABLE_EXCEPTION_HOOK */
831 /* handle all varieties of core dumping signals */
832 static void sig_coredump(int sig)
834 apr_filepath_set(ap_coredump_dir, pconf);
835 apr_signal(sig, SIG_DFL);
836 #if AP_ENABLE_EXCEPTION_HOOK
837 run_fatal_exception_hook(sig);
839 /* linuxthreads issue calling getpid() here:
840 * This comparison won't match if the crashing thread is
841 * some module's thread that runs in the parent process.
842 * The fallout, which is limited to linuxthreads:
843 * The special log message won't be written when such a
844 * thread in the parent causes the parent to crash.
846 if (getpid() == parent_pid) {
847 ap_log_error(APLOG_MARK, APLOG_NOTICE,
849 "seg fault or similar nasty error detected "
850 "in the parent process");
851 /* XXX we can probably add some rudimentary cleanup code here,
852 * like getting rid of the pid file. If any additional bad stuff
853 * happens, we are protected from recursive errors taking down the
854 * system since this function is no longer the signal handler GLA
858 /* At this point we've got sig blocked, because we're still inside
859 * the signal handler. When we leave the signal handler it will
860 * be unblocked, and we'll take the signal... and coredump or whatever
861 * is appropriate for this particular Unix. In addition the parent
862 * will see the real signal we received -- whereas if we called
863 * abort() here, the parent would only see SIGABRT.
867 apr_status_t ap_fatal_signal_child_setup(server_rec *s)
873 apr_status_t ap_fatal_signal_setup(server_rec *s, apr_pool_t *in_pconf)
875 #ifndef NO_USE_SIGACTION
878 sigemptyset(&sa.sa_mask);
880 #if defined(SA_ONESHOT)
881 sa.sa_flags = SA_ONESHOT;
882 #elif defined(SA_RESETHAND)
883 sa.sa_flags = SA_RESETHAND;
888 sa.sa_handler = sig_coredump;
889 if (sigaction(SIGSEGV, &sa, NULL) < 0)
890 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGSEGV)");
892 if (sigaction(SIGBUS, &sa, NULL) < 0)
893 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGBUS)");
896 if (sigaction(SIGABORT, &sa, NULL) < 0)
897 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGABORT)");
900 if (sigaction(SIGABRT, &sa, NULL) < 0)
901 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGABRT)");
904 if (sigaction(SIGILL, &sa, NULL) < 0)
905 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGILL)");
908 if (sigaction(SIGFPE, &sa, NULL) < 0)
909 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGFPE)");
912 #else /* NO_USE_SIGACTION */
914 apr_signal(SIGSEGV, sig_coredump);
916 apr_signal(SIGBUS, sig_coredump);
919 apr_signal(SIGABORT, sig_coredump);
920 #endif /* SIGABORT */
922 apr_signal(SIGABRT, sig_coredump);
925 apr_signal(SIGILL, sig_coredump);
928 apr_signal(SIGFPE, sig_coredump);
931 #endif /* NO_USE_SIGACTION */
934 parent_pid = my_pid = getpid();