You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2005/09/19 16:57:16 UTC

svn commit: r290179 - in /httpd/httpd: branches/2.2.x/ branches/2.2.x/include/ branches/2.2.x/modules/generators/ branches/2.2.x/server/ branches/2.2.x/server/mpm/experimental/event/ branches/2.2.x/server/mpm/prefork/ branches/2.2.x/server/mpm/worker/ ...

Author: colm
Date: Mon Sep 19 07:57:07 2005
New Revision: 290179

URL: http://svn.apache.org/viewcvs?rev=290179&view=rev
Log:

Backport r239710, r239711, r239732, r239740 and r241815 to the 2.2.x branch;
Fix PR 28167, which means we stop listening on ports when we do a
graceful-restart.


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/include/ap_listen.h
    httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c
    httpd/httpd/branches/2.2.x/server/listen.c
    httpd/httpd/branches/2.2.x/server/mpm/experimental/event/event.c
    httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c
    httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c
    httpd/httpd/trunk/CHANGES

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Mon Sep 19 07:57:07 2005
@@ -1,6 +1,10 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.1.8
 
+  *) prefork, worker and event MPMs: Prevent children from holding open 
+     listening ports upon graceful restart or stop. PR 28167. 
+     [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
+
   *) SECURITY: CAN-2005-2700 (cve.mitre.org)
      mod_ssl: Fix a security issue where "SSLVerifyClient" was not
      enforced in per-location context if "SSLVerifyClient optional"

Modified: httpd/httpd/branches/2.2.x/include/ap_listen.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/include/ap_listen.h?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/ap_listen.h (original)
+++ httpd/httpd/branches/2.2.x/include/ap_listen.h Mon Sep 19 07:57:07 2005
@@ -77,6 +77,11 @@
  */ 
 AP_DECLARE(int) ap_setup_listeners(server_rec *s);
 
+/**
+ * Loop through the global ap_listen_rec list and close each of the sockets.
+ */
+AP_DECLARE_NONSTD(void) ap_close_listeners(void);
+
 /* Although these functions are exported from libmain, they are not really
  * public functions.  These functions are actually called while parsing the
  * config file, when one of the LISTEN_COMMANDS directives is read.  These

Modified: httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/branches/2.2.x/modules/generators/mod_cgid.c Mon Sep 19 07:57:07 2005
@@ -566,6 +566,9 @@
     apr_signal(SIGCHLD, SIG_IGN); 
     apr_signal(SIGHUP, daemon_signal_handler);
 
+    /* Close our copy of the listening sockets */
+    ap_close_listeners();
+
     /* cgid should use its own suexec doer */
     ap_hook_get_suexec_identity(cgid_suexec_id_doer, NULL, NULL,
                                 APR_HOOK_REALLY_FIRST);

Modified: httpd/httpd/branches/2.2.x/server/listen.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/listen.c?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/listen.c (original)
+++ httpd/httpd/branches/2.2.x/server/listen.c Mon Sep 19 07:57:07 2005
@@ -237,17 +237,10 @@
 
 static apr_status_t close_listeners_on_exec(void *v)
 {
-    ap_listen_rec *lr;
-
-    for (lr = ap_listeners; lr; lr = lr->next) {
-        apr_socket_close(lr->sd);
-        lr->active = 0;
-    }
-
+    ap_close_listeners();
     return APR_SUCCESS;
 }
 
-
 static const char *alloc_listener(process_rec *process, char *addr, 
                                   apr_port_t port, const char* proto)
 {
@@ -566,6 +559,15 @@
     }
 
     return num_listeners;
+}
+
+AP_DECLARE_NONSTD(void) ap_close_listeners(void) {
+    ap_listen_rec *lr;
+
+    for (lr = ap_listeners; lr; lr = lr->next) {
+        apr_socket_close(lr->sd);
+        lr->active = 0;
+    }
 }
 
 AP_DECLARE(void) ap_listen_pre_config(void)

Modified: httpd/httpd/branches/2.2.x/server/mpm/experimental/event/event.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/mpm/experimental/event/event.c?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/mpm/experimental/event/event.c (original)
+++ httpd/httpd/branches/2.2.x/server/mpm/experimental/event/event.c Mon Sep 19 07:57:07 2005
@@ -1036,6 +1036,7 @@
 
     }     /* listener main loop */
 
+    ap_close_listeners();
     ap_queue_term(worker_queue);
     dying = 1;
     ap_scoreboard_image->parent[process_slot].quiescing = 1;

Modified: httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c (original)
+++ httpd/httpd/branches/2.2.x/server/mpm/prefork/prefork.c Mon Sep 19 07:57:07 2005
@@ -328,6 +328,11 @@
     clean_child_exit(0);
 }
 
+static void stop_listening(int sig)
+{
+    ap_close_listeners();
+}
+
 /* volatile just in case */
 static int volatile shutdown_pending;
 static int volatile restart_pending;
@@ -712,10 +717,10 @@
          */
         apr_signal(SIGHUP, just_die);
         apr_signal(SIGTERM, just_die);
-        /* The child process doesn't do anything for AP_SIG_GRACEFUL.  
-         * Instead, the pod is used for signalling graceful restart.
+        /* The child process just closes listeners on AP_SIG_GRACEFUL.  
+         * The pod is used for signalling graceful restart.
          */
-        apr_signal(AP_SIG_GRACEFUL, SIG_IGN);
+        apr_signal(AP_SIG_GRACEFUL, stop_listening);
         child_main(slot);
     }
 
@@ -1093,6 +1098,7 @@
 
     /* we've been told to restart */
     apr_signal(SIGHUP, SIG_IGN);
+    apr_signal(AP_SIG_GRACEFUL, SIG_IGN);
     if (one_process) {
         /* not worth thinking about */
         return 1;
@@ -1120,6 +1126,14 @@
         for (index = 0; index < ap_daemons_limit; ++index) {
             if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
                 ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL;
+                /* Ask each child to close its listeners.
+                 *
+                 * NOTE: we use the scoreboard, because if we send SIGUSR1
+                 * to every process in the group, this may include CGI's,
+                 * piped loggers, etc. They almost certainly won't handle
+                 * it gracefully.
+                 */
+                kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL);
             }
         }
     }

Modified: httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c (original)
+++ httpd/httpd/branches/2.2.x/server/mpm/worker/worker.c Mon Sep 19 07:57:07 2005
@@ -775,6 +775,7 @@
         }
     }
 
+    ap_close_listeners();
     ap_queue_term(worker_queue);
     dying = 1;
     ap_scoreboard_image->parent[process_slot].quiescing = 1;

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/CHANGES?rev=290179&r1=290178&r2=290179&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Sep 19 07:57:07 2005
@@ -28,16 +28,16 @@
      "GracefulShutdownTimeout" number of seconds before exiting. 
      [Colm MacCarthaigh, Ken Coar, Bill Stoddard]
 
-  *) prefork, worker and event MPMs: Prevent children from holding open 
-     listening ports upon graceful restart or stop. PR 28167. 
-     [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
-
   *) Teach mod_ssl to use arbitrary OIDs in an SSLRequire directive,
      allowing string-valued client certificate attributes to be used for
      access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1")
      [Martin Kraemer, David Reid]
 
 Changes with Apache 2.1.8
+
+  *) prefork, worker and event MPMs: Prevent children from holding open 
+     listening ports upon graceful restart or stop. PR 28167. 
+     [Colm MacCarthaigh, Brian Pinkerton <bp thinkpink.com>]
 
   *) mod_proxy/mod_proxy_balancer: lbmethods now implemented as
      providers. Prevent problems when no Vhost containers were