Hi

I've submitted a bug report [1] about hanging listener threads in mod_event during SSL shutdown. But since I did not hear anything I choose to discuss it on the Mailing List.


I was remotely debugging an Issue, where an Apache HTTPD did not serve requests any more. In the stacks of the HTTPD processes I saw that a lot of listener threads are blocked in a poll() call, triggered by modssl_smart_shutdown().

#0  0x00007f996d44f283 in poll () from /lib64/libc.so.6
#1  0x00007f996df8764f in apr_poll () from /opt/apache/bin/libapr-1.so.0
#2  0x00007f996eacb485 in ap_core_output_filter ()
#3  0x00007f996cf46488 in bio_filter_out_pass () from /opt/apache/bin/mod_ssl.so
#4  0x00007f996cf483bf in bio_filter_out_ctrl () from /opt/apache/bin/mod_ssl.so
#5  0x00007f996cf5803b in modssl_smart_shutdown () from 
/opt/apache/bin/mod_ssl.so
#6  0x00007f996cf4856e in ssl_filter_io_shutdown.isra.2 () from 
/opt/apache/bin/mod_ssl.so
#7  0x00007f996cf49c10 in ssl_io_filter_output () from 
/opt/apache/bin/mod_ssl.so
#8  0x00007f996cf46b4e in ssl_io_filter_coalesce () from 
/opt/apache/bin/mod_ssl.so
#9  0x00007f996ead9f93 in ap_shutdown_conn ()
#10 0x00007f996a505702 in start_lingering_close_nonblocking () from 
/opt/apache/bin/mod_mpm_event.so
#11 0x00007f996a5040ac in process_timeout_queue () from 
/opt/apache/bin/mod_mpm_event.so
#12 0x00007f996a5063b0 in listener_thread () from 
/opt/apache/bin/mod_mpm_event.so
#13 0x00007f996d90faa1 in start_thread () from /lib64/libpthread.so.0
#14 0x00007f996d458aad in clone () from /lib64/libc.so.6

Unfortunately I'm not able to reproduce the problem locally. But just looking at this stack makes me think that this should never happen, since the listener thread is very important and should never block during a operation that is not waiting for new connections. Also the function name "start_lingering_close_nonblocking()" suggests, that this operation should not block, but obviously does.

I think it's quite serious, and can lead to problems where clients are not reacting "fast" to a SSL Shutdown alert. I also thought this behaviour could be exploited to be used as a DoS attack. But on the other hand it seems nobody else is experiencing this in the wild.

Am I misinterpreting something or does anyone else think this really is an issue?

cheers, Frank


[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=60956

Reply via email to