[Pkg-apache-commits] r870 - in /branches/etch-apache2: README.Debian changelog patches/00list patches/070_check_pollset_create_error.dpatch

sf at alioth.debian.org sf at alioth.debian.org
Wed Jan 28 20:41:39 UTC 2009


Author: sf
Date: Wed Jan 28 20:41:39 2009
New Revision: 870

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=870
Log:
add apr_pollset_* error checking

Added:
    branches/etch-apache2/patches/070_check_pollset_create_error.dpatch   (with props)
Modified:
    branches/etch-apache2/README.Debian
    branches/etch-apache2/changelog
    branches/etch-apache2/patches/00list

Modified: branches/etch-apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/branches/etch-apache2/README.Debian?rev=870&op=diff
==============================================================================
--- branches/etch-apache2/README.Debian (original)
+++ branches/etch-apache2/README.Debian Wed Jan 28 20:41:39 2009
@@ -10,6 +10,8 @@
 	Using SSL keys with passwords /	Restarting Apache during logrotate
 
 	SSL workaround for MSIE
+
+	Epoll limits on linux kernels >= 2.6.27.8
 
 	Documentation
 
@@ -131,6 +133,37 @@
                                 downgrade-1.0 force-response-1.0
 
 
+Epoll limits on linux kernels >= 2.6.27.8
+=========================================
+
+If you see the message
+
+	Couldn't create pollset in child; check user or system limits
+
+in the error log you have hit the new epoll limit. On Linux kernels starting
+with 2.6.27.8, the value in
+
+    /proc/sys/fs/epoll/max_user_instances
+
+needs to be larger than
+
+    for prefork/itk  MPM: 2 * MaxClients
+    for worker/event MPM: MaxClients + MaxClients/ThreadsPerChild
+
+It can be set on boot by adding a line like
+
+        fs.epoll.max_user_instances=1024
+
+to /etc/sysctl.conf.
+
+There are several other error messages related to creating a pollset that can
+appear for the same reason.
+
+On the other hand, errors about to adding to a pollset are related to the
+setting fs.epoll.max_user_watches. On most systems, max_user_watches should be
+high enough by default.
+
+
 Documentation
 =============
 

Modified: branches/etch-apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/etch-apache2/changelog?rev=870&op=diff
==============================================================================
--- branches/etch-apache2/changelog (original)
+++ branches/etch-apache2/changelog Wed Jan 28 20:41:39 2009
@@ -1,3 +1,11 @@
+apache2 (2.2.3-4+etch7) UNRELEASED; urgency=low
+
+  * Report an error instead of segfaulting when apr_pollset_create fails.
+    See README.Debian if you are running on a self-compiled Linux kernel
+    2.6.27.8 or newer. Closes: #511103
+
+ -- Stefan Fritsch <sf at debian.org>  Wed, 28 Jan 2009 21:38:17 +0100
+
 apache2 (2.2.3-4+etch6) stable; urgency=low
 
   * Fix CVE-2007-6388: XSS in mod_status

Modified: branches/etch-apache2/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/etch-apache2/patches/00list?rev=870&op=diff
==============================================================================
--- branches/etch-apache2/patches/00list (original)
+++ branches/etch-apache2/patches/00list Wed Jan 28 20:41:39 2009
@@ -33,3 +33,4 @@
 067-bad_file_descriptor_PR42829.dpatch
 068_htpasswd_salt.dpatch
 069_mod_cache_IfRange.dpatch
+070_check_pollset_create_error.dpatch

Added: branches/etch-apache2/patches/070_check_pollset_create_error.dpatch
URL: http://svn.debian.org/wsvn/pkg-apache/branches/etch-apache2/patches/070_check_pollset_create_error.dpatch?rev=870&op=file
==============================================================================
--- branches/etch-apache2/patches/070_check_pollset_create_error.dpatch (added)
+++ branches/etch-apache2/patches/070_check_pollset_create_error.dpatch Wed Jan 28 20:41:39 2009
@@ -1,0 +1,177 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 067_check_pollset_create_error.dpatch by Stefan Fritsch <sf at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad lenny-apache2~/modules/generators/mod_cgi.c lenny-apache2/modules/generators/mod_cgi.c
+--- lenny-apache2~/modules/generators/mod_cgi.c	2009-01-10 16:26:58.000000000 +0100
++++ lenny-apache2/modules/generators/mod_cgi.c	2009-01-10 16:29:26.865442867 +0100
+@@ -587,7 +587,12 @@
+ 
+     /* Create the pollset */
+     rv = apr_pollset_create(&data->pollset, 2, r->pool, 0);
+-    AP_DEBUG_ASSERT(rv == APR_SUCCESS);
++    if (rv != APR_SUCCESS) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
++                     "cgi: apr_pollset_create(); check system or user limits");
++        return NULL;
++    }
++
+ 
+     fd.desc_type = APR_POLL_FILE;
+     fd.reqevents = APR_POLLIN;
+@@ -595,12 +600,20 @@
+     fd.desc.f = out; /* script's stdout */
+     fd.client_data = (void *)1;
+     rv = apr_pollset_add(data->pollset, &fd);
+-    AP_DEBUG_ASSERT(rv == APR_SUCCESS);
++    if (rv != APR_SUCCESS) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
++                     "cgi: apr_pollset_add(); check system or user limits");
++        return NULL;
++    }
+ 
+     fd.desc.f = err; /* script's stderr */
+     fd.client_data = (void *)2;
+     rv = apr_pollset_add(data->pollset, &fd);
+-    AP_DEBUG_ASSERT(rv == APR_SUCCESS);
++    if (rv != APR_SUCCESS) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
++                     "cgi: apr_pollset_add(); check system or user limits");
++        return NULL;
++    }
+ 
+     data->r = r;
+     b->data = data;
+@@ -910,6 +923,8 @@
+     apr_file_pipe_timeout_set(script_err, 0);
+ 
+     b = cgi_bucket_create(r, script_in, script_err, c->bucket_alloc);
++    if (b == NULL)
++	return HTTP_INTERNAL_SERVER_ERROR;
+ #else
+     b = apr_bucket_pipe_create(script_in, c->bucket_alloc);
+ #endif
+diff -urNad lenny-apache2~/modules/proxy/mod_proxy_connect.c lenny-apache2/modules/proxy/mod_proxy_connect.c
+--- lenny-apache2~/modules/proxy/mod_proxy_connect.c	2009-01-10 16:26:58.000000000 +0100
++++ lenny-apache2/modules/proxy/mod_proxy_connect.c	2009-01-10 16:28:28.951752743 +0100
+@@ -270,7 +270,8 @@
+     if ((rv = apr_pollset_create(&pollset, 2, r->pool, 0)) != APR_SUCCESS) {
+         apr_socket_close(sock);
+         ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+-            "proxy: CONNECT: error apr_pollset_create()");
++            "proxy: CONNECT: error apr_pollset_create();"
++            " check system or user limits");
+         return HTTP_INTERNAL_SERVER_ERROR;
+     }
+ 
+@@ -280,11 +281,25 @@
+     pollfd.reqevents = APR_POLLIN;
+     pollfd.desc.s = client_socket;
+     pollfd.client_data = NULL;
+-    apr_pollset_add(pollset, &pollfd);
++    rv = apr_pollset_add(pollset, &pollfd);
++    if (rv != APR_SUCCESS) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
++                     "proxy: CONNECT: error apr_pollset_add();"
++                     " check system or user limits");
++        return HTTP_INTERNAL_SERVER_ERROR;
++    }
++
++    
+ 
+     /* Add the server side to the poll */
+     pollfd.desc.s = sock;
+-    apr_pollset_add(pollset, &pollfd);
++    rv = apr_pollset_add(pollset, &pollfd);
++    if (rv != APR_SUCCESS) {
++        ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
++                     "proxy: CONNECT: error apr_pollset_add();"
++                     " check system or user limits");
++        return HTTP_INTERNAL_SERVER_ERROR;
++    }
+ 
+     while (1) { /* Infinite loop until error (one side closes the connection) */
+         if ((rv = apr_pollset_poll(pollset, -1, &pollcnt, &signalled)) != APR_SUCCESS) {
+diff -urNad lenny-apache2~/server/mpm/experimental/event/event.c lenny-apache2/server/mpm/experimental/event/event.c
+--- lenny-apache2~/server/mpm/experimental/event/event.c	2009-01-10 16:26:58.000000000 +0100
++++ lenny-apache2/server/mpm/experimental/event/event.c	2009-01-10 16:27:03.999754667 +0100
+@@ -2171,7 +2171,8 @@
+         if (rv != APR_SUCCESS) {
+             ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
+                          "Couldn't create a Thread Safe Pollset. "
+-                         "Is it supported on your platform?");
++                         "Is it supported on your platform?"
++                         "Also check system or user limits!");
+             return HTTP_INTERNAL_SERVER_ERROR;
+         }
+         apr_pollset_destroy(event_pollset);
+diff -urNad lenny-apache2~/server/mpm/prefork/prefork.c lenny-apache2/server/mpm/prefork/prefork.c
+--- lenny-apache2~/server/mpm/prefork/prefork.c	2009-01-10 16:27:03.595754605 +0100
++++ lenny-apache2/server/mpm/prefork/prefork.c	2009-01-10 16:27:03.999754667 +0100
+@@ -522,8 +522,12 @@
+     (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL);
+ 
+     /* Set up the pollfd array */
+-    /* ### check the status */
+-    (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0);
++    status = apr_pollset_create(&pollset, num_listensocks, pchild, 0);
++    if (status != APR_SUCCESS) {
++        ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf,
++                     "Couldn't create pollset in child; check system or user limits");
++        clean_child_exit(APEXIT_CHILDSICK); /* assume temporary resource issue */
++    }
+ 
+     for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) {
+         apr_pollfd_t pfd = { 0 };
+@@ -533,8 +537,12 @@
+         pfd.reqevents = APR_POLLIN;
+         pfd.client_data = lr;
+ 
+-        /* ### check the status */
+-        (void) apr_pollset_add(pollset, &pfd);
++        status = apr_pollset_add(pollset, &pfd);
++        if (status != APR_SUCCESS) {
++            ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf,
++                         "Couldn't add listener to pollset; check system or user limits");
++            clean_child_exit(APEXIT_CHILDSICK);
++        }
+     }
+ 
+     mpm_state = AP_MPMQ_RUNNING;
+diff -urNad lenny-apache2~/server/mpm/worker/worker.c lenny-apache2/server/mpm/worker/worker.c
+--- lenny-apache2~/server/mpm/worker/worker.c	2009-01-10 16:26:58.000000000 +0100
++++ lenny-apache2/server/mpm/worker/worker.c	2009-01-10 16:27:03.999754667 +0100
+@@ -605,8 +605,13 @@
+ 
+     free(ti);
+ 
+-    /* ### check the status */
+-    (void) apr_pollset_create(&pollset, num_listensocks, tpool, 0);
++    rv = apr_pollset_create(&pollset, num_listensocks, tpool, 0);
++    if (rv != APR_SUCCESS) {
++        ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
++                     "Couldn't create pollset in thread; check system or user limits");
++        clean_child_exit(APEXIT_CHILDSICK); /* assume temporary resource issue */
++    }
++
+ 
+     for (lr = ap_listeners; lr != NULL; lr = lr->next) {
+         apr_pollfd_t pfd = { 0 };
+@@ -616,8 +621,12 @@
+         pfd.reqevents = APR_POLLIN;
+         pfd.client_data = lr;
+ 
+-        /* ### check the status */
+-        (void) apr_pollset_add(pollset, &pfd);
++        rv = apr_pollset_add(pollset, &pfd);
++        if (rv != APR_SUCCESS) {
++            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, ap_server_conf,
++                         "Couldn't create add listener to pollset; check system or user limits");
++            clean_child_exit(APEXIT_CHILDSICK);
++        }
+     }
+ 
+     /* Unblock the signal used to wake this thread up, and set a handler for

Propchange: branches/etch-apache2/patches/070_check_pollset_create_error.dpatch
------------------------------------------------------------------------------
    svn:executable = *




More information about the Pkg-apache-commits mailing list