Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:69213
Return-Path: <keisial@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 34116 invoked from network); 18 Sep 2013 19:45:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Sep 2013 19:45:34 -0000
Authentication-Results: pb1.pair.com header.from=keisial@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=keisial@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.178 as permitted sender)
X-PHP-List-Original-Sender: keisial@gmail.com
X-Host-Fingerprint: 74.125.82.178 mail-we0-f178.google.com  
Received: from [74.125.82.178] ([74.125.82.178:50015] helo=mail-we0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6F/E0-29009-CD20A325 for <internals@lists.php.net>; Wed, 18 Sep 2013 15:45:32 -0400
Received: by mail-we0-f178.google.com with SMTP id u57so7108123wes.9
        for <internals@lists.php.net>; Wed, 18 Sep 2013 12:45:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        bh=SEZHb9GAhLmvhLugrDcKAwTszDMq4e+1tA8oDjw3wTE=;
        b=twYGbp7nSgARlH+uS9uRA5SX2M+OwVtjGXVi306sZ+tLFHhdkfGt5GmIEww2+0jhhO
         QOnu3qu4nHXvhyf5fg8auMe9yl2LOGLk7H/H8LTFVsZKGE7ljpw18LStb6aDvLfn/gIi
         uDmgLtTfIGCP0xYVJ2+LGEuNSEe4fW6bJ8ZbkEs9dgNReV3oMMttslMq8X4AWmsBbUSF
         p346Wd33rdO/gk8MgH5YP1PsxBxeBNxjb9GhdMmuZDH4UpYgXPG1H/8sjBgK7AcmUhX0
         TkGYeyLWnpthn9+1jLYDjsjl36dIfECwWRW2cE5Yzn+1agLaXg63CwrzmoO36tuc44Hd
         wBeA==
X-Received: by 10.194.22.97 with SMTP id c1mr3485133wjf.43.1379533529169;
        Wed, 18 Sep 2013 12:45:29 -0700 (PDT)
Received: from [192.168.1.37] (159.Red-88-15-24.dynamicIP.rima-tde.net. [88.15.24.159])
        by mx.google.com with ESMTPSA id ey2sm4672867wib.5.1969.12.31.16.00.00
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Wed, 18 Sep 2013 12:45:28 -0700 (PDT)
Message-ID: <523A047B.3040509@gmail.com>
Date: Wed, 18 Sep 2013 21:52:27 +0200
User-Agent: Thunderbird
MIME-Version: 1.0
To: Lazy <lazy404@gmail.com>
CC: internals@lists.php.net
References: <CAAPSnn21kq2_-4RGoMKW_8eWDNNv_0Aon30SRsp3U_v+2098AA@mail.gmail.com>
In-Reply-To: <CAAPSnn21kq2_-4RGoMKW_8eWDNNv_0Aon30SRsp3U_v+2098AA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] free deadlock in timeout signal handler
From: keisial@gmail.com (=?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?=)

On 13/09/13 22:10, Lazy wrote:
> Hello internals,
>
> I'm trying to fix deadlock in an ancient php 5.2.17, php hangs on
> internal libc lock.
>  From my understanding free is not safe to use in a signal handler, and
> this seems to be the issue here.
No, it's not.

> http://marc.info/?l=php-internals&m=121999390109071&w=2 seems to
> address this issue but it's not present in 5.3 or later releases.
>
> Very similar deadlock but with time() instead of free(),
> https://bugs.php.net/bug.php?id=31749
Are you sure it's with time() ? I do see a free() in that call stack 
(and no time),
as I would expect, as time() is required by POSIX.1-2004 to be 
Async-signal-safe.

> Current php also uses free() in php_error_cb() and external
> destructors in list_entry_destructor() aren't protected by
> HANDLE_BLOCK_INTERRUPTIONS() (which seems to be a noop in fastcgi
> mode), so I suspect 5.5 may also contain this deadlock.
>
> main/main.c
> php_error_cb()
>      835     if (display) {
>      836         if (PG(last_error_message)) {
>      837             free(PG(last_error_message));
> ...                    ^^^^^^ deadlock if previous free was
> interrupted by a timeout signal
>      845         PG(last_error_type) = type;
>      846         PG(last_error_message) = strdup(buffer);
>
> I'm thinking about "fixing" this by leaking memory pointed by
> PG(last_error_message) if php called when a timeout is pending
> (timeouts are usually very rare, php processes will eventually be
> restarted so this little memory waste won't have time to make any
> impact.
>
> Is this issue fixed in modern php ? If so I would be grateful for some
> information about the way it was done. This would save me a lot of
> time trying to trigger
> a non existing confition.
>
> I will try to reproduce this in a modern version of php.

It probably isn't. PG(last_error_message) is only modified in main.c, I 
would try to use a separate arena for PG(last_error_message) and 
PG(last_error_file). For instance it could be a static buffer reused 
during the whole execution and extended with mmap(2) in the unlikely 
case it turns out to be too small. I suspect it would also make the 
error handler faster, as it would avoid the free() + malloc()