You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Torsten Förtsch <to...@gmx.net> on 2011/04/14 19:55:30 UTC

segfault in httpd 2.3.11-beta

Hi,

as an experiment to see if the segfault I am currently debugging were caused 
by my modifications I found this. Httpd segfaults if its startup is aborted 
because the DYNAMIC_MODULE_LIMIT is hit. The reason is that the module that 
caused the abort is first unloaded as dso and then used in ap_remove_module as 
ap_top_module. Unfortunately, the memory segment where the module is located 
is already wiped from the process' address space at the time.

This happens because both apr_dso_load and mod_so:load_module register a pool 
cleanup to undo their effects. These cleanup functions are called in the wrong 
order.

I see 2 ways how to prevent that:

1) change in mod_so.c line 305 from

  apr_pool_cleanup_register(cmd->pool, modi, unload_module,
                            apr_pool_cleanup_null);

to

  apr_pool_pre_cleanup_register(cmd->pool, modi, unload_module);

This way ap_remove_module will be called before the dso is unloaded.

2) check for possible errors in ap_add_module() before performing any changes:

@@ -541,16 +565,11 @@
                             m->name, m->version, MODULE_MAGIC_NUMBER_MAJOR);
     }
 
-    if (m->next == NULL) {
-        m->next = ap_top_module;
-        ap_top_module = m;
-    }
-
     if (m->module_index == -1) {
         m->module_index = total_modules++;
         dynamic_modules++;
 
         if (dynamic_modules > DYNAMIC_MODULE_LIMIT) {
             return apr_psprintf(p, "Module \"%s\" could not be loaded, "
                                 "because the dynamic module limit was "
                                 "reached. Please increase "
@@ -568,6 +587,13 @@
         }
     }
 
+    if (m->next == NULL) {
+        m->next = ap_top_module;
+        ap_top_module = m;
+    }
+
     if (sym_name) {
         int len = strlen(sym_name);
         int slen = strlen("_module");


Torsten Förtsch

-- 
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

Re: segfault in httpd 2.3.11-beta

Posted by Torsten Förtsch <to...@gmx.net>.

On Friday, April 15, 2011 14:33:32 Torsten Förtsch wrote:
> Here is a better cure.

Now also available as bug #51072:

  https://issues.apache.org/bugzilla/show_bug.cgi?id=51072

Torsten Förtsch

-- 
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net

Re: segfault in httpd 2.3.11-beta

Posted by Torsten Förtsch <to...@gmx.net>.

On Thursday, April 14, 2011 19:55:30 Torsten Förtsch wrote:
> Httpd segfaults if its startup is aborted 
> because the DYNAMIC_MODULE_LIMIT is hit.

Here is a better cure.

To trigger the bug the attached config.nice can be used. It compiles all 
modules as shared and sets DYNAMIC_MODULE_LIMIT=10.

An attempt to start the httpd with the default config will show a message like 
"Module "mod_authz_owner.c" could not be loaded, because the dynamic module 
limit was reached. Please increase DYNAMIC_MODULE_LIMIT and recompile." and 
then segfault.

With the patch ap_add_module() first checks for all possible errors and starts 
to change global data structures only if all is well.

Torsten Förtsch

-- 
Need professional modperl support? Hire me! (http://foertsch.name)

Like fantasy? http://kabatinte.net