From owner-freebsd-apache@FreeBSD.ORG Mon Mar 26 11:06:46 2007 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7DBEB16A4C8 for ; Mon, 26 Mar 2007 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 6A7BD13C4B8 for ; Mon, 26 Mar 2007 11:06:46 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l2QB6kgN048571 for ; Mon, 26 Mar 2007 11:06:46 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l2QB6j2h048567 for apache@FreeBSD.org; Mon, 26 Mar 2007 11:06:45 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 26 Mar 2007 11:06:45 GMT Message-Id: <200703261106.l2QB6j2h048567@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: apache@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2007 11:06:46 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/89308 apache [patch] www/mod_accounting crash on request_timeout 1 problem total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- o ports/74907 apache [PATCH] www/mod_perl: cleanups f ports/89972 apache portupgrade apache+ssl fails on dependencies f ports/97385 apache www/mod_auth_kerb configure script faults with heimdal o ports/106429 apache www/apache* ports install rc.d scripts which don't fol 4 problems total. From owner-freebsd-apache@FreeBSD.ORG Mon Mar 26 22:49:42 2007 Return-Path: X-Original-To: apache@FreeBSD.org Delivered-To: freebsd-apache@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EB50016A407 for ; Mon, 26 Mar 2007 22:49:42 +0000 (UTC) (envelope-from zingelman@fnal.gov) Received: from mailgw1.fnal.gov (mailgw1.fnal.gov [131.225.111.11]) by mx1.freebsd.org (Postfix) with ESMTP id 965DA13C4BA for ; Mon, 26 Mar 2007 22:49:42 +0000 (UTC) (envelope-from zingelman@fnal.gov) Received: from mailav2.fnal.gov (mailav2.fnal.gov [131.225.111.20]) by mailgw1.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with SMTP id <0JFJ009YJ5YTC8@mailgw1.fnal.gov> for apache@FreeBSD.org; Mon, 26 Mar 2007 16:49:41 -0500 (CDT) Received: from mailgw2.fnal.gov ([131.225.111.12]) by mailav2.fnal.gov (SAVSMTP 3.1.7.47) with SMTP id M2007032615494112695 for ; Mon, 26 Mar 2007 15:49:41 -0600 Received: from conversion-daemon.mailgw2.fnal.gov by mailgw2.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) id <0JFJ00D015MK7R@mailgw2.fnal.gov> (original mail from zingelman@fnal.gov) for apache@FreeBSD.org; Mon, 26 Mar 2007 16:49:41 -0500 (CDT) Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by mailgw2.fnal.gov (iPlanet Messaging Server 5.2 HotFix 2.06 (built Mar 28 2005)) with ESMTP id <0JFJ00DB85YT85@mailgw2.fnal.gov> for apache@FreeBSD.org; Mon, 26 Mar 2007 16:49:41 -0500 (CDT) Received: from nova.fnal.gov (localhost [127.0.0.1]) by nova.fnal.gov (8.13.8+Sun/8.13.8) with ESMTP id l2QLneos012261 for ; Mon, 26 Mar 2007 16:49:40 -0500 (CDT) Received: from localhost (tez@localhost) by nova.fnal.gov (8.13.8+Sun/8.13.8/Submit) with ESMTP id l2QLnelL012257 for ; Mon, 26 Mar 2007 16:49:40 -0500 (CDT) Date: Mon, 26 Mar 2007 16:49:40 -0500 (CDT) From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov To: apache@FreeBSD.org Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Content-transfer-encoding: 7BIT X-Authentication-warning: nova.fnal.gov: tez owned process doing -bs Cc: Subject: Sporadic segfault with mod_layout 3.2.1 (fwd) X-BeenThere: freebsd-apache@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Tim Zingelman List-Id: Support of apache-related ports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2007 22:49:43 -0000 F.Y.I. The current mod_layout 3.2.1 in ports suffers from a crash anytime it attempts to work on a file that has a size that is a multiple of system pagesize, due to an mmap not having a null at the end (as it does in all other cases). As you can see from the thread below, this has been fixed in the now available 3.3 version by the maintainer. Thanks, - Tim ---------- Forwarded message ---------- Date: Fri, 23 Mar 2007 15:22:48 -0700 From: Brian Aker To: Tim Zingelman Subject: Re: Sporadical segfault with mod_layout 3.2.1 Hi Tim, Thank you for the patch. I've modified it a bit, but have applied it to the 3.0 tree (so it can now be downloaded from the site). Cheers, -Brian On Mar 23, 2007, at 12:15 PM, Tim Zingelman wrote: > I have just found and made a patch for an issue that seems to match > this > exactly. > > The case where a segfault happens is when the file is mmap'd in > mod_layout.c and the file is EXACTLTY a multiple of the pagesize. > In this > case the mmap'd memory has no trailing NULL and ap_ind(), called by > string_search() steps right off into un-mapped memory. > > Find your system page size [getpagesize() is one way] and then make > a file > that size exactly and try to serve it via apache with mod_layout > enabled... it crashes every time. > > Here is some cut-n-pasted gdb output to support this idea: > > #0 0x806551e in ap_ind (s=0x2822cffa "HTML>\n"
out ofbounds>, c=60) > at util.c:1980 > 1980 for (x = 0; s[x]; x++) > (gdb) bt > #0 0x806551e in ap_ind (s=0x2822cffa "HTML>\n"
out of bounds>, c=60) > at util.c:1980 > #1 0x281fdc8b in string_search (r=0x80c0034, > string=0x2822c000 " delim=0x809bcbc "", init_pos=0, flag=0) at utility.c:210 > #2 0x281fda66 in table_search (r=0x80c0034, t=0x809bccc, > string=0x2822c000 " #3 0x281fe525 in is_ignored (r=0x80c0034, cfg=0x80c0cc4, > info=0x80c1724, > body=0x2822c000 " #4 0x281fcada in layout_handler (r=0x80c0034) at mod_layout.c:379 > #5 0x8051fac in ap_invoke_handler (r=0x80c0034) at http_config.c:476 > #6 0x8062065 in process_request_internal (r=0x80c0034) at > http_request.c:1299 > #7 0x80620c4 in ap_process_request (r=0x80c0034) at http_request.c: > 1315 > #8 0x805b23e in child_main (child_num_arg=25) at http_main.c:4813 > #9 0x805b455 in make_child (s=0x8085034, slot=25, now=1174506450) > at http_main.c:4983 > #10 0x805b6c4 in perform_idle_server_maintenance () at http_main.c: > 5168 > #11 0x805bbd5 in standalone_main (argc=1, argv=0xbfbff008) at > http_main.c:5431 > #12 0x805c107 in main (argc=1, argv=0xbfbff008) at http_main.c:5684 > > (gdb) up > (gdb) print sub_temp > $5 = 0x814448c "" > (gdb) print delim_size > $6 = 9 > (gdb) print delim > $7 = 0x809bcbc "" > (gdb) print temp > $8 = 0x2822cffa "HTML>\n"
> (gdb) print init_pos > $9 = 673370106 > (gdb) print temp > $10 = 0x2822cffa "HTML>\n"
> (gdb) print temp[0] > $11 = 72 'H' > (gdb) print temp[5] > $12 = 10 '\n' > (gdb) print temp[6] > Cannot access memory at address 0x2822d000. > (gdb) up > (gdb) up > (gdb) up > (gdb) print map_data->size > $16 = 4096 > > The patch I came up with is attached... note that the alternative of > trying to mmap a page of zeros directly after the pages the file is > mapped > to, which some google searches suggest, blows up apache in the case > when > that area is already mmap'd and in use. (mmap deletes the old > mapping!) > > Hope this helps. > > - Tim > -- _______________________________________________________ Brian "Krow" Aker, brian at tangent.org Seattle, Washington http://krow.net/ http://tangent.org/ _______________________________________________________ You can't grep a dead tree.