1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* The purpose of this file is to store the code that MOST mpm's will need
18 * this does not mean a function only goes into this file if every MPM needs
19 * it. It means that if a function is needed by more than one MPM, and
20 * future maintenance would be served by making the code common, then the
21 * function belongs here.
23 * This is going in src/main because it is not platform specific, it is
24 * specific to multi-process servers, but NOT to Unix. Which is why it
25 * does not belong in src/os/unix
29 #include "apr_thread_proc.h"
30 #include "apr_signal.h"
31 #include "apr_strings.h"
32 #define APR_WANT_STRFUNC
34 #include "apr_getopt.h"
35 #include "apr_optional.h"
36 #include "apr_allocator.h"
39 #include "http_config.h"
41 #include "http_main.h"
42 #include "mpm_common.h"
44 #include "ap_listen.h"
45 #include "scoreboard.h"
46 #include "util_mutex.h"
59 APLOG_USE_MODULE(core);
61 typedef enum {DO_NOTHING, SEND_SIGTERM, SEND_SIGKILL, GIVEUP} action_t;
63 typedef struct extra_process_t {
64 struct extra_process_t *next;
68 static extra_process_t *extras;
70 void ap_register_extra_mpm_process(pid_t pid)
72 extra_process_t *p = (extra_process_t *)malloc(sizeof(extra_process_t));
79 int ap_unregister_extra_mpm_process(pid_t pid)
81 extra_process_t *cur = extras;
82 extra_process_t *prev = NULL;
84 while (cur && cur->pid != pid) {
91 prev->next = cur->next;
100 /* we don't know about any such process */
105 static int reclaim_one_pid(pid_t pid, action_t action)
108 apr_status_t waitret;
112 /* Ensure pid sanity. */
118 waitret = apr_proc_wait(&proc, &status, &why, APR_NOWAIT);
119 if (waitret != APR_CHILD_NOTDONE) {
120 if (waitret == APR_CHILD_DONE)
121 ap_process_child_status(&proc, why, status);
130 /* ok, now it's being annoying */
131 ap_log_error(APLOG_MARK, APLOG_WARNING,
133 "child process %" APR_PID_T_FMT
134 " still did not exit, "
141 ap_log_error(APLOG_MARK, APLOG_ERR,
143 "child process %" APR_PID_T_FMT
144 " still did not exit, "
151 /* gave it our best shot, but alas... If this really
152 * is a child we are trying to kill and it really hasn't
153 * exited, we will likely fail to bind to the port
156 ap_log_error(APLOG_MARK, APLOG_ERR,
158 "could not make child process %" APR_PID_T_FMT
160 "attempting to continue anyway",
168 void ap_reclaim_child_processes(int terminate)
170 apr_time_t waittime = 1024 * 16;
172 extra_process_t *cur_extra;
175 apr_time_t starttime = apr_time_now();
176 /* this table of actions and elapsed times tells what action is taken
177 * at which elapsed time from starting the reclaim
181 apr_time_t action_time;
183 {DO_NOTHING, 0}, /* dummy entry for iterations where we reap
184 * children but take no action against
187 {SEND_SIGTERM, apr_time_from_sec(3)},
188 {SEND_SIGTERM, apr_time_from_sec(5)},
189 {SEND_SIGTERM, apr_time_from_sec(7)},
190 {SEND_SIGKILL, apr_time_from_sec(9)},
191 {GIVEUP, apr_time_from_sec(10)}
193 int cur_action; /* index of action we decided to take this
196 int next_action = 1; /* index of first real action */
198 ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
202 /* don't let waittime get longer than 1 second; otherwise, we don't
203 * react quickly to the last child exiting, and taking action can
206 waittime = waittime * 4;
207 if (waittime > apr_time_from_sec(1)) {
208 waittime = apr_time_from_sec(1);
211 /* see what action to take, if any */
212 if (action_table[next_action].action_time <= apr_time_now() - starttime) {
213 cur_action = next_action;
217 cur_action = 0; /* nothing to do */
220 /* now see who is done */
222 for (i = 0; i < max_daemons; ++i) {
223 process_score *ps = ap_get_scoreboard_process(i);
227 continue; /* not every scoreboard entry is in use */
230 if (reclaim_one_pid(pid, action_table[cur_action].action)) {
231 ap_mpm_note_child_killed(i);
240 extra_process_t *next = cur_extra->next;
242 if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
243 AP_DEBUG_ASSERT(1 == ap_unregister_extra_mpm_process(cur_extra->pid));
250 #if APR_HAS_OTHER_CHILD
251 apr_proc_other_child_refresh_all(APR_OC_REASON_RESTART);
254 } while (not_dead_yet > 0 &&
255 action_table[cur_action].action != GIVEUP);
258 void ap_relieve_child_processes(void)
261 extra_process_t *cur_extra;
264 ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
266 /* now see who is done */
267 for (i = 0; i < max_daemons; ++i) {
268 process_score *ps = ap_get_scoreboard_process(i);
272 continue; /* not every scoreboard entry is in use */
275 if (reclaim_one_pid(pid, DO_NOTHING)) {
276 ap_mpm_note_child_killed(i);
282 extra_process_t *next = cur_extra->next;
284 if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
285 AP_DEBUG_ASSERT(1 == ap_unregister_extra_mpm_process(cur_extra->pid));
291 /* Before sending the signal to the pid this function verifies that
292 * the pid is a member of the current process group; either using
293 * apr_proc_wait(), where waitpid() guarantees to fail for non-child
294 * processes; or by using getpgid() directly, if available. */
295 apr_status_t ap_mpm_safe_kill(pid_t pid, int sig)
303 /* Ensure pid sanity */
309 rv = apr_proc_wait(&proc, &status, &why, APR_NOWAIT);
310 if (rv == APR_CHILD_DONE) {
311 /* The child already died - log the termination status if
313 ap_process_child_status(&proc, why, status);
316 else if (rv != APR_CHILD_NOTDONE) {
317 /* The child is already dead and reaped, or was a bogus pid -
318 * log this either way. */
319 ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, ap_server_conf,
320 "cannot send signal %d to pid %ld (non-child or "
321 "already dead)", sig, (long)pid);
327 /* Ensure pid sanity. */
334 /* Process already dead... */
338 if (pg != getpgrp()) {
339 ap_log_error(APLOG_MARK, APLOG_ALERT, 0, ap_server_conf,
340 "refusing to send signal %d to pid %ld outside "
341 "process group", sig, (long)pid);
346 return kill(pid, sig) ? errno : APR_SUCCESS;
350 int ap_process_child_status(apr_proc_t *pid, apr_exit_why_e why, int status)
355 /* Child died... if it died due to a fatal error,
356 * we should simply bail out. The caller needs to
357 * check for bad rc from us and exit, running any
358 * appropriate cleanups.
360 * If the child died due to a resource shortage,
361 * the parent should limit the rate of forking
363 if (APR_PROC_CHECK_EXIT(why)) {
364 if (status == APEXIT_CHILDSICK) {
368 if (status == APEXIT_CHILDFATAL) {
369 ap_log_error(APLOG_MARK, APLOG_ALERT,
371 "Child %" APR_PID_T_FMT
372 " returned a Fatal error... Apache is exiting!",
374 return APEXIT_CHILDFATAL;
380 if (APR_PROC_CHECK_SIGNALED(why)) {
381 sigdesc = apr_signal_description_get(signum);
386 case AP_SIG_GRACEFUL:
391 if (APR_PROC_CHECK_CORE_DUMP(why)) {
392 ap_log_error(APLOG_MARK, APLOG_NOTICE,
394 "child pid %ld exit signal %s (%d), "
395 "possible coredump in %s",
396 (long)pid->pid, sigdesc, signum,
400 ap_log_error(APLOG_MARK, APLOG_NOTICE,
402 "child pid %ld exit signal %s (%d)",
403 (long)pid->pid, sigdesc, signum);
410 AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
414 *pod = apr_palloc(p, sizeof(**pod));
415 rv = apr_file_pipe_create_ex(&((*pod)->pod_in), &((*pod)->pod_out),
417 if (rv != APR_SUCCESS) {
421 apr_file_pipe_timeout_set((*pod)->pod_in, 0);
424 /* close these before exec. */
425 apr_file_inherit_unset((*pod)->pod_in);
426 apr_file_inherit_unset((*pod)->pod_out);
431 AP_DECLARE(apr_status_t) ap_mpm_pod_check(ap_pod_t *pod)
437 rv = apr_file_read(pod->pod_in, &c, &len);
439 if ((rv == APR_SUCCESS) && (len == 1)) {
443 if (rv != APR_SUCCESS) {
450 AP_DECLARE(apr_status_t) ap_mpm_pod_close(ap_pod_t *pod)
454 rv = apr_file_close(pod->pod_out);
455 if (rv != APR_SUCCESS) {
459 rv = apr_file_close(pod->pod_in);
460 if (rv != APR_SUCCESS) {
467 static apr_status_t pod_signal_internal(ap_pod_t *pod)
470 char char_of_death = '!';
473 rv = apr_file_write(pod->pod_out, &char_of_death, &one);
474 if (rv != APR_SUCCESS) {
475 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
476 "write pipe_of_death");
482 /* This function connects to the server, then immediately closes the connection.
483 * This permits the MPM to skip the poll when there is only one listening
484 * socket, because it provides a alternate way to unblock an accept() when
487 static apr_status_t dummy_connection(ap_pod_t *pod)
496 /* create a temporary pool for the socket. pconf stays around too long */
497 rv = apr_pool_create(&p, pod->p);
498 if (rv != APR_SUCCESS) {
502 /* If possible, find a listener which is configured for
503 * plain-HTTP, not SSL; using an SSL port would either be
504 * expensive to do correctly (performing a complete SSL handshake)
505 * or cause log spam by doing incorrectly (simply sending EOF). */
507 while (lp && lp->protocol && strcasecmp(lp->protocol, "http") != 0) {
514 rv = apr_socket_create(&sock, lp->bind_addr->family, SOCK_STREAM, 0, p);
515 if (rv != APR_SUCCESS) {
516 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
517 "get socket to connect to listener");
522 /* on some platforms (e.g., FreeBSD), the kernel won't accept many
523 * queued connections before it starts blocking local connects...
524 * we need to keep from blocking too long and instead return an error,
525 * because the MPM won't want to hold up a graceful restart for a
528 rv = apr_socket_timeout_set(sock, apr_time_from_sec(3));
529 if (rv != APR_SUCCESS) {
530 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf,
531 "set timeout on socket to connect to listener");
532 apr_socket_close(sock);
537 rv = apr_socket_connect(sock, lp->bind_addr);
538 if (rv != APR_SUCCESS) {
539 int log_level = APLOG_WARNING;
541 if (APR_STATUS_IS_TIMEUP(rv)) {
542 /* probably some server processes bailed out already and there
543 * is nobody around to call accept and clear out the kernel
544 * connection queue; usually this is not worth logging
546 log_level = APLOG_DEBUG;
549 ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf,
550 "connect to listener on %pI", lp->bind_addr);
553 /* Create the request string. We include a User-Agent so that
554 * adminstrators can track down the cause of the odd-looking
555 * requests in their logs.
557 srequest = apr_pstrcat(p, "OPTIONS * HTTP/1.0\r\nUser-Agent: ",
558 ap_get_server_description(),
559 " (internal dummy connection)\r\n\r\n", NULL);
561 /* Since some operating systems support buffering of data or entire
562 * requests in the kernel, we send a simple request, to make sure
563 * the server pops out of a blocking accept().
565 /* XXX: This is HTTP specific. We should look at the Protocol for each
566 * listener, and send the correct type of request to trigger any Accept
569 len = strlen(srequest);
570 apr_socket_send(sock, srequest, &len);
571 apr_socket_close(sock);
577 AP_DECLARE(apr_status_t) ap_mpm_pod_signal(ap_pod_t *pod)
581 rv = pod_signal_internal(pod);
582 if (rv != APR_SUCCESS) {
586 return dummy_connection(pod);
589 void ap_mpm_pod_killpg(ap_pod_t *pod, int num)
592 apr_status_t rv = APR_SUCCESS;
594 /* we don't write anything to the pod here... we assume
595 * that the would-be reader of the pod has another way to
596 * see that it is time to die once we wake it up
598 * writing lots of things to the pod at once is very
599 * problematic... we can fill the kernel pipe buffer and
600 * be blocked until somebody consumes some bytes or
601 * we hit a timeout... if we hit a timeout we can't just
602 * keep trying because maybe we'll never successfully
603 * write again... but then maybe we'll leave would-be
604 * readers stranded (a number of them could be tied up for
605 * a while serving time-consuming requests)
607 for (i = 0; i < num && rv == APR_SUCCESS; i++) {
608 rv = dummy_connection(pod);
612 static const char *dash_k_arg = NULL;
614 static int send_signal(pid_t pid, int sig)
616 if (kill(pid, sig) < 0) {
617 ap_log_error(APLOG_MARK, APLOG_STARTUP, errno, NULL,
618 "sending signal to server");
624 int ap_signal_server(int *exit_status, apr_pool_t *pconf)
633 rv = ap_read_pid(pconf, ap_pid_fname, &otherpid);
634 if (rv != APR_SUCCESS) {
635 if (rv != APR_ENOENT) {
636 ap_log_error(APLOG_MARK, APLOG_STARTUP, rv, NULL,
637 "Error retrieving pid file %s", ap_pid_fname);
638 ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
639 "Remove it before continuing if it is corrupted.");
643 status = "httpd (no pid file) not running";
646 if (kill(otherpid, 0) == 0) {
648 status = apr_psprintf(pconf,
649 "httpd (pid %" APR_PID_T_FMT ") already "
650 "running", otherpid);
653 status = apr_psprintf(pconf,
654 "httpd (pid %" APR_PID_T_FMT "?) not running",
659 if (!strcmp(dash_k_arg, "start")) {
661 printf("%s\n", status);
666 if (!strcmp(dash_k_arg, "stop")) {
668 printf("%s\n", status);
671 send_signal(otherpid, SIGTERM);
676 if (!strcmp(dash_k_arg, "restart")) {
678 printf("httpd not running, trying to start\n");
681 *exit_status = send_signal(otherpid, SIGHUP);
686 if (!strcmp(dash_k_arg, "graceful")) {
688 printf("httpd not running, trying to start\n");
691 *exit_status = send_signal(otherpid, AP_SIG_GRACEFUL);
696 if (!strcmp(dash_k_arg, "graceful-stop")) {
698 printf("%s\n", status);
701 *exit_status = send_signal(otherpid, AP_SIG_GRACEFUL_STOP);
709 void ap_mpm_rewrite_args(process_rec *process)
711 apr_array_header_t *mpm_new_argv;
717 mpm_new_argv = apr_array_make(process->pool, process->argc,
718 sizeof(const char **));
719 *(const char **)apr_array_push(mpm_new_argv) = process->argv[0];
720 apr_getopt_init(&opt, process->pool, process->argc, process->argv);
723 /* option char returned by apr_getopt() will be stored in optbuf[1] */
725 while ((rv = apr_getopt(opt, "k:" AP_SERVER_BASEARGS,
726 optbuf + 1, &optarg)) == APR_SUCCESS) {
730 if (!strcmp(optarg, "start") || !strcmp(optarg, "stop") ||
731 !strcmp(optarg, "restart") || !strcmp(optarg, "graceful") ||
732 !strcmp(optarg, "graceful-stop")) {
738 *(const char **)apr_array_push(mpm_new_argv) =
739 apr_pstrdup(process->pool, optbuf);
741 *(const char **)apr_array_push(mpm_new_argv) = optarg;
746 /* back up to capture the bad argument */
747 if (rv == APR_BADCH || rv == APR_BADARG) {
751 while (opt->ind < opt->argc) {
752 *(const char **)apr_array_push(mpm_new_argv) =
753 apr_pstrdup(process->pool, opt->argv[opt->ind++]);
756 process->argc = mpm_new_argv->nelts;
757 process->argv = (const char * const *)mpm_new_argv->elts;
760 APR_REGISTER_OPTIONAL_FN(ap_signal_server);
764 static pid_t parent_pid, my_pid;
765 static apr_pool_t *pconf;
767 #if AP_ENABLE_EXCEPTION_HOOK
769 static int exception_hook_enabled;
771 const char *ap_mpm_set_exception_hook(cmd_parms *cmd, void *dummy,
774 const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
779 if (cmd->server->is_virtual) {
780 return "EnableExceptionHook directive not allowed in <VirtualHost>";
783 if (strcasecmp(arg, "on") == 0) {
784 exception_hook_enabled = 1;
786 else if (strcasecmp(arg, "off") == 0) {
787 exception_hook_enabled = 0;
790 return "parameter must be 'on' or 'off'";
796 static void run_fatal_exception_hook(int sig)
798 ap_exception_info_t ei = {0};
800 if (exception_hook_enabled &&
802 my_pid != parent_pid) {
805 ap_run_fatal_exception(&ei);
808 #endif /* AP_ENABLE_EXCEPTION_HOOK */
810 /* handle all varieties of core dumping signals */
811 static void sig_coredump(int sig)
813 apr_filepath_set(ap_coredump_dir, pconf);
814 apr_signal(sig, SIG_DFL);
815 #if AP_ENABLE_EXCEPTION_HOOK
816 run_fatal_exception_hook(sig);
818 /* linuxthreads issue calling getpid() here:
819 * This comparison won't match if the crashing thread is
820 * some module's thread that runs in the parent process.
821 * The fallout, which is limited to linuxthreads:
822 * The special log message won't be written when such a
823 * thread in the parent causes the parent to crash.
825 if (getpid() == parent_pid) {
826 ap_log_error(APLOG_MARK, APLOG_NOTICE,
828 "seg fault or similar nasty error detected "
829 "in the parent process");
830 /* XXX we can probably add some rudimentary cleanup code here,
831 * like getting rid of the pid file. If any additional bad stuff
832 * happens, we are protected from recursive errors taking down the
833 * system since this function is no longer the signal handler GLA
837 /* At this point we've got sig blocked, because we're still inside
838 * the signal handler. When we leave the signal handler it will
839 * be unblocked, and we'll take the signal... and coredump or whatever
840 * is appropriate for this particular Unix. In addition the parent
841 * will see the real signal we received -- whereas if we called
842 * abort() here, the parent would only see SIGABRT.
846 apr_status_t ap_fatal_signal_child_setup(server_rec *s)
852 apr_status_t ap_fatal_signal_setup(server_rec *s, apr_pool_t *in_pconf)
854 #ifndef NO_USE_SIGACTION
857 sigemptyset(&sa.sa_mask);
859 #if defined(SA_ONESHOT)
860 sa.sa_flags = SA_ONESHOT;
861 #elif defined(SA_RESETHAND)
862 sa.sa_flags = SA_RESETHAND;
867 sa.sa_handler = sig_coredump;
868 if (sigaction(SIGSEGV, &sa, NULL) < 0)
869 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGSEGV)");
871 if (sigaction(SIGBUS, &sa, NULL) < 0)
872 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGBUS)");
875 if (sigaction(SIGABORT, &sa, NULL) < 0)
876 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGABORT)");
879 if (sigaction(SIGABRT, &sa, NULL) < 0)
880 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGABRT)");
883 if (sigaction(SIGILL, &sa, NULL) < 0)
884 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGILL)");
887 if (sigaction(SIGFPE, &sa, NULL) < 0)
888 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, s, "sigaction(SIGFPE)");
891 #else /* NO_USE_SIGACTION */
893 apr_signal(SIGSEGV, sig_coredump);
895 apr_signal(SIGBUS, sig_coredump);
898 apr_signal(SIGABORT, sig_coredump);
899 #endif /* SIGABORT */
901 apr_signal(SIGABRT, sig_coredump);
904 apr_signal(SIGILL, sig_coredump);
907 apr_signal(SIGFPE, sig_coredump);
910 #endif /* NO_USE_SIGACTION */
913 parent_pid = my_pid = getpid();