httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luca Toscano <toscano.l...@gmail.com>
Subject Re: [Bug 60956] Event MPM listener thread may get blocked by SSL shutdowns
Date Fri, 30 Jun 2017 10:52:01 GMT
Hi Yann!

2017-06-30 12:18 GMT+02:00 Yann Ylavic <ylavic.dev@gmail.com>:

> Hi Luca,
>
> [better/easier to talk about details on dev@]
>
> On Fri, Jun 30, 2017 at 11:05 AM,  <bugzilla@apache.org> wrote:
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=60956
> >
> > --- Comment #11 from Luca Toscano <toscano.luca@gmail.com> ---
> > Other two interesting trunk improvements that have not been backported
> yet:
> >
> > http://svn.apache.org/viewvc?view=revision&revision=1706669
> > http://svn.apache.org/viewvc?view=revision&revision=1734656
> >
> > IIUC these ones are meant to provide a more async behavior to most of the
> > output filters, namely setting aside buckets (on the heap) to avoid
> blocking.
>
> These are quite orthogonal I think, and don't seem to fix this particular
> issue.
>

Sorry for the noise, I am still reviewing those to understand what they
really do and added them as reference to the task.
I thought that they might have been useful while thinking about a solution,
since from my (ignorant :) point of view the fact that ap_core_output_filter
was blocked by mod_ssl's BIO_flush was somehow pointing me to those
commits.

Will skip these notes in the future, they might be confusing!

>
> [..]
>


> With a possibly non-blocking modssl_smart_shutdown(), I think we could
> make ap_shutdown_conn(c, 0) return something like APR_INCOMPLETE for
> the case the shutdown was "buffered" in the output filter stack (e.g.
> core output filter).
>
> In mpm_event, we would then go to (or stay in) the WRITE_COMPLETION
> state instead of LINGER, until every remaining piece data is flushed
> successfully.
>

IIUC in this case the listener is calling
process_timeout_queue(write_completion_q, ..), so the conn has already been
in the WRITE_COMPLETION state for Timeout seconds and needs to be closed.
Your suggestion would be to still force the listener to
call ap_shutdown_conn(c, 0), but a "smarter" version that eventually
returns APR_INCOMPLETE rather than blocking. Then the listener could put
the connection again in the WRITE_COMPLETION queue, and wait for the client
to unblock and read the missing bytes about close-notify (or just let
Timeout seconds to pass, forcing the listener to shutdown the socket and be
done with it).

You are free to trash the email if it doesn't make sense, I am probably
missing too many important pieces of the puzzle :)

Thanks for the help!

Luca

Mime
View raw message