threadsafe php crashes too easily

  101689
January 26, 2018 11:43 Hajo.Locke@gmx.de (Hajo Locke)
Hello List,

i hope this is the right place to get helped. I have a promising setup 
for testing purposes, but unfortunately i ran quick into problems.

  I compiled a minimal libphp7.so (7.2.1)  using this line:
../configure --disable-all  --enable-static --prefix=/usr 
--with-apxs2=/usr/bin/apxs2 --enable-maintainer-zts

I enabled threadsafety to use this libphp7.so in apache 2.4 with a 
threaded mpm like worker or event. the plan is to just load it with 
LoadModule in apache but not to use it.
the real php-processing is done by a fastcgi-setup in apache using 
php-fpm (not needed to reproduce error). the idea is to support 
php_value/php_flag etc. in .htaccess files for my users even if they use 
a fastcgi-setup. all i need is htscanner extension for php-cgi and just 
a loaded libphpx.so to register these directives in apache. may be this 
is a dump idea, but i have thousands of users who use libphpx.so and a 
huge number of .htaccess with php_value/php_flag directives. currently i 
see no possibility to tell users to switch to .user.ini

First steps are really successful and all worked well. Even benchmarking 
the system with massrequests did not show any error. php_value/php_flag 
in .htaccess showed expected behaviour when requesting a php-file using 
fastcgi.
Unfortunately there is only a small change to see lots of segfaults in 
errorlog: Just enable a php_value directive in VHost-Config for this 
particular VHost along with a php_value directive in .htaccess in 
docroot of this VHost. It is not needed to request a php-file, just 
requesting a small static file is enough. The smaller the requested file 
and higher requests per second the higher is count of segfaults.

I knew that threadsafe-compiled php is a problematic thing and recommend 
mpm is prefork when not using a fastcgi-configuration, but iam surprised 
that i see the crashes so easily. I used a minimal php and it seems 
problem occurs just by reading and applying the values set by php_value 
for particular request.

Do i have a chance to get this setup safe?

Thanks a lot,
Hajo
  101690
January 26, 2018 12:04 rowan.collins@gmail.com (Rowan Collins)
On 26 January 2018 at 11:43, Hajo Locke Locke@gmx.de> wrote:

> the idea is to support php_value/php_flag etc. in .htaccess files for my > users even if they use a fastcgi-setup >
Just a thought, but if I understand you rightly, you just need to have Apache completely ignore the php_value and php_flag lines, so would it work to build a custom Apache extension which just registered for those directives and did nothing? I know it sounds complicated, but I was able to hack in support for the UndefMacro keyword into an old version of mod_macro (result here: https://github.com/IMSoP/mod_macro) and Apache ships with a very user-friendly build tool called APXS [ https://httpd.apache.org/docs/2.4/programs/apxs.html]. It would probably fairly simple to whip up a "mod_notphp" which does nothing but register those two directives to empty callbacks. Regards, -- Rowan Collins [IMSoP]
  101691
January 26, 2018 12:21 johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)
On Fr, 2018-01-26 at 12:43 +0100, Hajo Locke wrote:
> Hello List, > > i hope this is the right place to get helped. I have a promising > setup  > for testing purposes, but unfortunately i ran quick into problems. > >   I compiled a minimal libphp7.so (7.2.1)  using this line: > ./configure --disable-all  --enable-static --prefix=/usr  > --with-apxs2=/usr/bin/apxs2 --enable-maintainer-zts
The enable mantainer zts should not be needed. The apache module tries to identify the configuration an enable thread-safety automatically if needed. I'd suggest removng the option and checking configure output and config.log and trying to see what it identifies ... however there's not much love for mpm_worker on the PHP side :-) If all you want is to prevent apache from complaining about php_value/php_flag directives for handling them elsewhere I'd suggest writing a simple apache module which simply registers those settings and does nothing else. Seems way less problematic. Can be done mostly by copy and paste from that site: http://httpd.apache.org/docs/2.4/developer/modguide.html#configuration johannes
  101693
January 26, 2018 14:09 Hajo.Locke@gmx.de (Hajo Locke)
Hello,

thank you all for your suggestions.

Am 26.01.2018 um 13:21 schrieb Johannes Schlüter:
> On Fr, 2018-01-26 at 12:43 +0100, Hajo Locke wrote: >> Hello List, >> >> i hope this is the right place to get helped. I have a promising >> setup >> for testing purposes, but unfortunately i ran quick into problems. >> >>   I compiled a minimal libphp7.so (7.2.1)  using this line: >> ./configure --disable-all  --enable-static --prefix=/usr >> --with-apxs2=/usr/bin/apxs2 --enable-maintainer-zts > The enable mantainer zts should not be needed. The apache module tries > to identify the configuration an enable thread-safety automatically if > needed. I'd suggest removng the option and checking configure output > and config.log and trying to see what it identifies ... however there's > not much love for mpm_worker on the PHP side :-) > > If all you want is to prevent apache from complaining about > php_value/php_flag directives for handling them elsewhere I'd suggest > writing a simple apache module which simply registers those settings > and does nothing else. Seems way less problematic. Yes, i thought about that a few das ago, but believed it is to hard for
me. But you are right, it is enought to tell apache about the directives, there is no need to add some further funtionality. Iam not a programmer, just sysadmin. Following your sapi/apache2handler/apache_config.c i was able to put php_value etc. into this example-module and did a first run. To my surprise this was successful. Configtest was ok, and on php-fpm side your htscanner still worked. It seems this is a very promising way and i will invest more time in it to get this stable. Thank you all.
> > Can be done mostly by copy and paste from that site: > http://httpd.apache.org/docs/2.4/developer/modguide.html#configuration > > johannes > Thanks,
Hajo
  101692
January 26, 2018 12:32 ab@php.net (Anatol Belski)
Hi,

> -----Original Message----- > From: Hajo Locke [mailto:Hajo.Locke@gmx.de] > Sent: Friday, January 26, 2018 12:43 PM > To: internals@lists.php.net > Subject: [PHP-DEV] threadsafe php crashes too easily > > Hello List, > > i hope this is the right place to get helped. I have a promising setup for testing > purposes, but unfortunately i ran quick into problems. > >  I compiled a minimal libphp7.so (7.2.1)  using this line: > ./configure --disable-all  --enable-static --prefix=/usr > --with-apxs2=/usr/bin/apxs2 --enable-maintainer-zts > > I enabled threadsafety to use this libphp7.so in apache 2.4 with a threaded mpm > like worker or event. the plan is to just load it with LoadModule in apache but > not to use it. > the real php-processing is done by a fastcgi-setup in apache using php-fpm (not > needed to reproduce error). the idea is to support php_value/php_flag etc. in > .htaccess files for my users even if they use a fastcgi-setup. all i need is > htscanner extension for php-cgi and just a loaded libphpx.so to register these > directives in apache. may be this is a dump idea, but i have thousands of users > who use libphpx.so and a huge number of .htaccess with php_value/php_flag > directives. currently i see no possibility to tell users to switch to .user.ini > > First steps are really successful and all worked well. Even benchmarking the > system with massrequests did not show any error. php_value/php_flag in > .htaccess showed expected behaviour when requesting a php-file using fastcgi. > Unfortunately there is only a small change to see lots of segfaults in > errorlog: Just enable a php_value directive in VHost-Config for this particular > VHost along with a php_value directive in .htaccess in docroot of this VHost. It is > not needed to request a php-file, just requesting a small static file is enough. The > smaller the requested file and higher requests per second the higher is count of > segfaults. > I just made a quick try with the way you've described - php_value once in httpd.conf and in .htaccess, but I see no crash. Perhaps you could file a ticket with a more detailed description and a backtrace you currently get.
> I knew that threadsafe-compiled php is a problematic thing and recommend > mpm is prefork when not using a fastcgi-configuration, but iam surprised that i > see the crashes so easily. I used a minimal php and it seems problem occurs just > by reading and applying the values set by php_value for particular request. > It depends on what you do. Some dependencies or even functions in the C runtime are not thread safe, one has to be aware what is used by an application.
Thanks Anatol