Bug 63649 - Graceful reload causes incorrect evaluation of IfDefine blocks
Summary: Graceful reload causes incorrect evaluation of IfDefine blocks
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.4.38
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-08-08 09:35 UTC by jaroslav
Modified: 2019-08-09 12:27 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description jaroslav 2019-08-08 09:35:45 UTC
Hello,

we are encountering a strange error on some of our LAMP servers. After some number of graceful (SIGUSR1) reloads the server stops processing PHP code and complains about ExecCGI not being enabled:

[mpm_worker:notice] [pid 2717:tid 140275019682944] AH00297: SIGUSR1 received.  Doing graceful restart
[fcgid:error] [pid 18065:tid 140274823059200] [client ip] [server.name] mod_fcgid: location of script /path/file.php does not have ExecCGI enabled

Shortened configuration is as follows:

<IfModule mod_fcgid.c>
  <FilesMatch \.php$>
    SetHandler fcgid-script
  </FilesMatch>
</IfModule>

# Crash-me debugging block
<IfDefine FPM_VAR>
  Intentional config error this should not be set
</IfDefine>

<VirtualHost ip>
  ServerName server.name
  <IfDefine !FPM_VAR>
    SuexecUserGroup user group
  </IfDefine>
  DocumentRoot /path
  <Directory "/path">
    <IfDefine !FPM_VAR>
      FCGIWrapper /wrapper .php
      Options +ExecCGI
    </IfDefine>
  </Directory>
</VirtualHost>

The FPM_VAR variable's purpose is to allow seamless transition to FPM via mod_proxy_fcgi - we don't have that in production use yet anywhere though, so I was able to add the "crash-me" configuration for debugging purposes. This configuration (without the crash-me part) works without issues on servers based od Debian Stretch which ships Apache 2.4.25. The problem only occurs on servers based on Debian Buster (Apache 2.4.38). At the moment we have hundreds of 2.4.25 servers and below twenty of 2.4.38 servers so I guess the bug was introduced somewhere in between of those two.

Considering the configuration above it seems to me that the value (or evaluation) of FPM_VAR changes in the middle of config reload - it is evaluated as not defined when processing the crash-me block, so the webserver does not crash, but it is evaluated as defined in virtualhosts, so PHP stops working. The change seems permanent though - this happens on next SIGUSR1 reload:

[mpm_worker:notice] [pid 2717:tid 140275019682944] AH00297: SIGUSR1 received.  Doing graceful restart
AH00526: Syntax error on line 11 of /etc/apache2/conf.d/debug.conf:
Invalid command 'Intentional', perhaps misspelled or defined by a module not included in the server configuration

After that the server crashes, is restarted by supervisor and works correctly for some time.

I found similar issue here - https://bz.apache.org/bugzilla/show_bug.cgi?id=56008 , which is marked as duplicate of https://bz.apache.org/bugzilla/show_bug.cgi?id=57328 . Attached one-line patch to server/core.c is applied to Debian source though.
Comment 1 Joe Orton 2019-08-08 13:40:00 UTC
Where is FPM_VAR defined, by "Define" or on the command-line with -D?
Comment 2 jaroslav 2019-08-08 14:35:17 UTC
FPM_VAR is not defined anywhere (if it was, the server would be unable to start with the configuration above)

The intention is to have it defined eventually - as of yet it's not decided which way - but at this moment it is not. The issue is that Apache sometimes acts as if it was defined.
Comment 3 Joe Orton 2019-08-09 07:26:34 UTC
Oh I see, sorry.  That's really quite bizarre.

1) did this work in a previous version of 2.4.x and has recently broken?

2) are you defining *anything* via -D on the command-line, or via Define elsewhere in the config?
Comment 4 Joe Orton 2019-08-09 07:27:30 UTC
"At the moment we have hundreds of 2.4.25 servers and below twenty of 2.4.38 "

so somewhere between 2.4.25 and .38?  Hum.
Comment 5 jaroslav 2019-08-09 12:27:55 UTC
Yes, somewhere between 2.4.25 and .38 (inclusive)

There is one variable defined on command line: -D NO_DETACH . As for variables defined with "Define", there are none.