httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From KB Sriram <mail...@yahoo.com>
Subject apr_pool_cleanup_kill() -- thread-safety?
Date Fri, 22 Jul 2005 01:00:51 GMT
I stumbled across this issue, chasing a bug from a module that gets
into an infinite loop.

It looked to me that the following section of code within
apr_pool_cleanup_kill is not thread-safe.

But I'm not familiar with the internals/api assumptions, so please
let me know if this is indeed a bug with the apr_pools implementation
[as opposed to a mis-use of apr_pools within the module.]

Here is the relevent section in apr_pools.c that seemed
to me to be unsafe.
 
APR_DECLARE(void) apr_pool_cleanup_kill(apr_pool_t *p, const void *data,
                      apr_status_t (*cleanup_fn)(void *))
{
    cleanup_t *c, **lastp;

#if APR_POOL_DEBUG
    apr_pool_check_integrity(p);
#endif /* APR_POOL_DEBUG */

    if (p == NULL)
        return;

    c = p->cleanups;
    lastp = &p->cleanups;
    while (c) {
        if (c->data == data && c->plain_cleanup_fn == cleanup_fn) {
            *lastp = c->next;
            break;
        }

        lastp = &c->next;
        c = c->next;
    }
}

Two threads can concurrently access/update the linked list, causing
[in my case] an infinite loop to occur.

Here is the stack trace for a process which got into this
state:

#0  apr_pool_cleanup_kill (p=0x80d4f90, data=0x8334a10,
cleanup_fn=0x4021b488 <socket_cleanup>) at apr_pools.c:1904
#1  0x40222bea in apr_pool_cleanup_run (p=0x80d4f90, data=0x8334a10,
cleanup_fn=0x4021b488 <socket_cleanup>) at apr_pools.c:1941
#2  0x4021b734 in apr_socket_close (thesocket=0x8334a10) at sockets.c:125
#3  0x402baee3 in jk2_channel_apr_close (env=0x8237618, ch=0x8176450,
endpoint=0x82e8ee0)
    at ../../common/jk_channel_apr_socket.c:363
#4  0x402c8ab6 in jk2_close_endpoint (env=0x8237618, ae=0x82e8ee0) at
../../common/jk_worker_ajp13.c:250
#5  0x402c91d0 in jk2_worker_ajp13_forwardStream (env=0x8237618,
worker=0x817a470, s=0x830bec8, e=0x82e8ee0)
    at ../../common/jk_worker_ajp13.c:549
#6  0x402c9458 in jk2_worker_ajp13_service1 (env=0x8237618,
w=0x817a470, s=0x830bec8, e=0x82e8ee0)
    at ../../common/jk_worker_ajp13.c:642
#7  0x402c98f1 in jk2_worker_ajp13_service (env=0x8237618,
w=0x817a470, s=0x830bec8) at ../../common/jk_worker_ajp13.c:814
#8  0x402d22a6 in jk2_handler (r=0x41232568) at
../../server/apache2/mod_jk2.c:733
#9  0x08092bfe in ap_run_handler (r=0x41232568) at config.c:151
#10 0x08093119 in ap_invoke_handler (r=0x41232568) at config.c:363
#11 0x08083913 in ap_process_request (r=0x41232568) at http_request.c:246
#12 0x0807f924 in ap_process_http_connection (c=0x82bce88) at
http_core.c:250
#13 0x0809bf96 in ap_run_process_connection (c=0x82bce88) at
connection.c:42
#14 0x0808fecf in process_socket (p=0x82bcd60, sock=0x82bcd98,
my_child_num=2, my_thread_num=8, bucket_alloc=0x41236540)
    at worker.c:520
#15 0x080904a2 in worker_thread (thd=0x8152f20, dummy=0x41202448) at
worker.c:834
#16 0x4021d660 in dummy_worker (opaque=0x8152f20) at thread.c:88
#17 0x4022efaf in pthread_start_thread () from /lib/i686/libpthread.so.0
(gdb) 

The apache version used in this process was apache-2.0.52, but I see
the same code in 2.0.54 as well.

Other information which might be useful:

Server version: httpd/1.0.0
Server built:   Nov 17 2004 12:18:59
Server's Module Magic Number: 20020903:9
Architecture:   32-bit
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D HTTPD_ROOT="/opt/usr/apps/scw"
 -D SUEXEC_BIN="/opt/usr/apps/scw/bin/suexec"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"


		
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search. 
http://info.mail.yahoo.com/mail_250

Mime
View raw message