httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 46688] Child segfault when mmaped file truncated
Date Tue, 31 Mar 2009 16:22:02 GMT

--- Comment #7 from Jeff Trawick <>  2009-03-31 09:22:00 PST ---
I think it is helpful to chop this issue in two, by the mechanism used to
update files under document root.

1) truncate old file, then write new contents (fopen() and Java equivalent do
this, so many programs act this way)

this will segfault whether we stat() then open() or open() then fstat(),
because there is always a race condition between files truncated and us
touching the pages we've previously mapped

so short of passing control back to mainline from a signal handler, this simply
isn't a valid way to update served files; and while mmap is (hopefully) the
only write mechanism that segfaults, the others still fail (e.g., httpd will
hit EOF on sendfile before it expects)

2) put new contents into new/temporary file then rename/unlink

there is a timing window that would be fixed by using open()+fstat(), as Greg
suggests; this timing window is very narrow compared to the truncate issue, so
we don't hear about it much



Users simply can't update served files using a mechanism that truncates, or
bogosity will occur (hopefully the mmap segfault is by far the worst remaining

(I hope your mileage doesn't vary; corrections most appreciated.)

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message