Bug 63140 - pid file may get corrupted and prevent httpd from starting
Summary: pid file may get corrupted and prevent httpd from starting
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2019-02-04 10:59 UTC by Nicolas Carrier
Modified: 2020-03-13 14:36 UTC (History)
1 user (show)



Attachments
Avoids pid file creation race condition by using a temporary file. (2.75 KB, patch)
2019-02-04 11:00 UTC, Nicolas Carrier
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Nicolas Carrier 2019-02-04 10:59:23 UTC
If a power outage occurs at the wrong moment, subsequent attempts to start httpd may fail with the following error:
```
Error retrieving pid file ...
Remove it before continuing if it is corrupted.
```

The way pid files are created in apache is racy. The file is created, then it's content is written to it. If a power outage happens between the two steps, the pid file may stay empty.

A temporary file should be created instead and renamed after it has been written to and flushed.
Comment 1 Nicolas Carrier 2019-02-04 11:00:58 UTC
Created attachment 36417 [details]
Avoids pid file creation race condition by using a temporary file.

The original pattern for creating the pid file was:
open_create(pid_file)
write(pid_file, pid)
close(pid_file)

But if a power outage occurs between open_create and write, the file will
be empty and httpd will refuse to start afterwards unless the corrupt pid
file is removed.

This patch uses the pattern:
open_create(temp_pid_file)
write(temp_pid_file)
close(temp_pid_file)
rename(temp_pid_file, pid_file)
which is guaranteed to be atomic, provided that temp_pid_file and pid_file
are located in the same file system, which this patch does by creating
a temporary file name with the pattern:
    pid_file_name + random_suffix
Comment 2 Nicolas Carrier 2019-05-22 14:58:57 UTC
There has been no progress with this issue for more than 3 month.

Is this issue invalid somehow?
Is the patch not acceptable?
Comment 3 Giovanni Bechis 2020-02-22 00:07:25 UTC
The pid file is not created in a temporary directory but in the current directory. If the directory in which the pid file will be created is on a different filesystem than the current directory the rename call will fail.

[Sat Feb 22 00:01:33.948798 2020] [core:error] [pid 38525:tid 139718597842752] (18)Invalid cross-device link: AH00102: could not rename file httpd.pid.rK6Vaj to /usr/local/apache2/logs/httpd.pid
Comment 4 Joe Orton 2020-03-12 11:58:21 UTC
I extended Nicolas' patch here 

https://github.com/apache/httpd/pull/100/commits/b5eb2611ea209147476868c8a09e288a132b8a13

to create the temp file in the same directory as the pidfile and add error checking, will merge if Travis is happy.
Comment 5 Joe Orton 2020-03-13 14:36:36 UTC
Done in r1875153, thanks for the patch Nicolas.

(Made me think about a few further changes, should the pidfile be 0440 not 0660? The rename is not as good as opening the file O_EXCL... but maybe best we can do)