Return-Path: 
 <dev-return-4564-apmail-apr-dev-archive=apr.apache.org@apr.apache.org>
Delivered-To: apmail-apr-dev-archive@apr.apache.org
Received: (qmail 91715 invoked by uid 500); 28 Sep 2001 17:51:35 -0000
Mailing-List: contact dev-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:dev@apr.apache.org>
List-Help: <mailto:dev-help@apr.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@apr.apache.org>
List-Subscribe: <mailto:dev-subscribe@apr.apache.org>
Delivered-To: mailing list dev@apr.apache.org
Received: (qmail 91687 invoked from network); 28 Sep 2001 17:51:35 -0000
Message-ID: <0aab01c14846$49540c00$96c0b0d0@roweclan.net>
From: "William A. Rowe, Jr." <wrowe@covalent.net>
To: <dev@apr.apache.org>
References: <20010928152235.33592.qmail@icarus.apache.org>
Subject: Addt patch needed; Re: cvs commit: apr/memory/unix apr_pools.c
Date: Fri, 28 Sep 2001 12:48:15 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-OriginalArrivalTime: 28 Sep 2001 17:52:05.0854 (UTC)
 FILETIME=[49589FE0:01C14846]
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

> wrowe       01/09/28 08:22:35
> 
>   Modified:    .        CHANGES
>                include  apr_pools.h
>                memory/unix apr_pools.c
>   Log:
>     Introduce apr_pool_lock for debugging, in combination with
>     ALLOC_USE_MALLOC + DEBUG_WITH_MPROTECT.  Only implemented
>     on Win32 today, very effective for debugging pool constness.
>   
>     Fixed a double-reservation for the union block_hdr size in the
>     unix mprotect_alloc mmap() call.  I suspect the mmap can be
>     modified to implement this on Unix, move the #define DO_LOCK()
>     out of the win32 block if this is implemented.


I know there is an mmap hacker on this list that could whip up this
code in five minutes or less for unix;

>   +static void mprotect_lock(void *addr, int lock)
>   +{
>   +    size_t size = SIZEOF_BLOCK(addr);
>   +    DWORD prot = (lock ? PAGE_READONLY : PAGE_READWRITE);
>   +    BOOL rv = VirtualProtect((union block_hdr *)addr - 1, size, prot, &prot);
>   +    if (!rv) {
>   +        fprintf(stderr, "could not protect. errno=%d\n", errno);
>   +        abort();
>   +    }
>   +}

Rather than VirtualProtect, simply re-mmap the anonymous swap pages that 
were originally mapped at (union block_hdr *)addr - 1 for 'size' bytes 
from a read/write mapping to a read-only mapping.

Once that patch is in, defining ALLOC_USE_MALLOC and DEBUG_WITH_MPROTECT
will cause httpd to segfault if a module attempts to make _any_ change
to pconf, which would have instantly exposed the Pane/Stoddard overwrite
source errors in the mod_mime hash table code.  Would have saved us all
hours of debugging :)

If an httpd hacker wants to go further, the parent or prior request record 
could also be apr_pool_lock(ed) if we weren't locking the subpools (have to
think about that as a option) to assure they don't change the parent
request.

And if an apr hacker wants to go further, this logic _would_ work for our
regular pools, iff we use a free-list-per-pool rather than a global free
list, based on the defines APR_POOL_DEBUG + ALLOC_USE_MALLOC 
+ DEBUG_WITH_MPROTECT.  It would reduce the memory footprint for debugging
tenfold (every 2 byte apr_palloc() is given one full page of memory with 
ALLOC_USE_MALLOC right now.)

Anyway, I'm certain this will save authors a ton of grief, if they choose
to test with it.

Bill