Postpone signal delivery while spawning children.
Prevent the following case:
- Reload (reexec) is in progress.
- New master is forking to start enough children for pools
where `pm` is not `on-demand`.
- Another `SIGUSR2` is received by the master process.
- Master process switches to reloading state.
- Some child has not set its own signal handlers.
- `SIGQUIT` and `SIGTERM` sent by master process are caught
by signal handler set by master process and so they are ignored.
- A child is running, it has no reason to finish
Before pull request #4465 this scenario could cause deadlock,
however with 0ed6c37140 reload finishes after `SIGKILL`.
Use sigprocmask() around fork() to avoid race of delivery signal to children
and setting of own signal handlers.
Fixes bug #76601
Fix PHP-FPM failure in the case of concurrent reload attempts.
Postpone signal delivery to the fpm master process till proper signal
handlers are set. Prevent the following case:
- Running master process receives `SIGUSR2` and performs `execvp()`.
- Another `SIGUSR2` is arrived before signal handlers are set.
- Master process dies.
- Requests to the HTTP server handled by PHP-fpm can not be served
any more.
Block some signals using `sigprocmask()` before `execvp()` and early
in the `main()` function. Unblock signals as soon as proper
handlers are set.
Fixes bug #74083
To retain legacy behavior I decided to add an option to control request
termination logic. If request_terminate_timeout_track_finished is set,
then request will be tracked for time limits even after
fastcgi_finish_request was called.
This patch depends on the fix provided in BUG 78469 (otherwise php-fpm
workers listening on named pipes on Windows will be erroneously terminated)
(PR #4636)
Make sure that fpm_event_add calls inside a timer callback work by
unregistering the event from the queue before invoking its callback.
The read timeout in tester.inc is increased because the added test
needs two seconds (one for SIGTERM, one for SIGKILL) until the
reload succeeds, so we should wait longer than that for a response.
epoll event backend does not guarantee that child input/output events
are reported before SIGCHILD due to finished worker. While a bunch of
events received by epoll is being processed, child-related structures
may be removed before dispatching of an I/O event for the same child.
The result may be attempt to access to memory region allocated for
another purpose, segfault of the master process, and unavailable web
sites.
Postpone processing of SIGCHILD events till other events in the same
bunch are processed.
Fix Bug #62418 php-fpm master process crashes
Fix Bug #65398 Race condition between SIGCHLD and child stdout/stderr event leads to segfault
Fix Bug #75112 php-fpm crashing, hard to reproduce
Fix Bug #77114 php-fpm master segfaults in fpm_event_epoll_wait/fpm_event_fire
Fix Bug #77185 Use-after-free in FPM master event handling
Also adds an --asan flag to run-tests.php to setup all the necessary
environment variables. Some tests are marked as skipped because they
are incompatible with asan or too slow.
I'm basing this on the DEBUG_ZTS build, which seems to give us the
most mileage.
Some headers were checked multiple times in the main configure.ac file
and in the bundled extensions or SAPIs themselves. Also many of these
checks are then used accross other extensions or SAPIs so a central
configure.ac makes most sense for these checks.
Normalization include:
- Use dnl for everything that can be ommitted when configure is built in
favor of the shell comment character # which is visible in the output.
- Line length normalized to 80 columns
- Dots for most of the one line sentences
- Macro definitions include similar pattern header comments now
