| blob | 248be2aed958dba32badda88e185a6171f11066c |
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /* The BeOS MPM!
18 *
19 * This is a single process, with multiple worker threads.
20 *
21 * Under testing I found that given the inability of BeOS to handle threads
22 * and forks it didn't make sense to try and have a set of "children" threads
23 * that spawned the "worker" threads, so just missed out the middle mand and
24 * somehow arrived here.
25 *
26 * For 2.1 this has been rewritten to have simpler logic, though there is still
27 * some simplification that can be done. It's still a work in progress!
28 *
29 * TODO Items
30 *
31 * - on exit most worker threads segfault trying to access a kernel page.
32 */
34 #include <kernel/OS.h>
35 #include <unistd.h>
36 #include <sys/socket.h>
37 #include <signal.h>
59 /* Limit on the total --- clients will be locked out if more servers than
60 * this are needed. It is intended solely to keep the server from crashing
61 * when things get out of hand.
62 *
63 * We keep a hard maximum number of servers, for two reasons:
64 * 1) in case something goes seriously wrong, we want to stop the server starting
65 * threads ad infinitum and crashing the server (remember that BeOS has a 192
66 * thread per team limit).
67 * 2) it keeps the size of the scoreboard file small
68 * enough that we can read the whole thing without worrying too much about
69 * the overhead.
70 */
72 /* we only ever have 1 main process running... */
73 #define HARD_SERVER_LIMIT 1
75 /* Limit on the threads per process. Clients will be locked out if more than
76 * this * HARD_SERVER_LIMIT are needed.
77 *
78 * We keep this for one reason it keeps the size of the scoreboard file small
79 * enough that we can read the whole thing without worrying too much about
80 * the overhead.
81 */
82 #ifdef NO_THREADS
83 #define HARD_THREAD_LIMIT 1
84 #endif
85 #ifndef HARD_THREAD_LIMIT
86 #define HARD_THREAD_LIMIT 50
87 #endif
89 /*
90 * Actual definitions of config globals
91 */
108 /*
109 * The max child slot ever assigned, preserved across restarts. Necessary
110 * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We use
111 * this value to optimize routines that have to scan the entire scoreboard.
112 */
121 /* one_process */
124 #ifdef DEBUG_SIGSTOP
126 #endif
130 /* When a worker thread gets to the end of it's life it dies with an
131 * exit value of the code supplied to this function. The thread has
132 * already had check_restart() registered to be called when dying, so
133 * we don't concern ourselves with restarting at all here. We do however
134 * mark the scoreboard slot as belonging to a dead server and zero out
135 * it's thread_id.
136 *
137 * TODO - use the status we set to determine if we need to restart the
138 * thread.
139 */
141 {
146 }
148 /* proper cleanup when returning from ap_mpm_run() */
150 {
153 }
154 }
157 /*****************************************************************
158 * Connection structures and accounting...
159 */
161 /* volatile just in case */
168 /*
169 * ap_start_shutdown() and ap_start_restart(), below, are a first stab at
170 * functions to initiate shutdown or restart without relying on signals.
171 * Previously this was initiated in sig_term() and restart() signal handlers,
172 * but we want to be able to start a shutdown/restart from other sources --
173 * e.g. on Win32, from the service manager. Now the service manager can
174 * call ap_start_shutdown() or ap_start_restart() as appropiate. Note that
175 * these functions can also be called by the child processes, since global
176 * variables are no longer used to pass on the required action to the parent.
177 *
178 * These should only be called from the parent process itself, since the
179 * parent process will use the shutdown_pending and restart_pending variables
180 * to determine whether to shutdown or restart. The child process should
181 * call signal_parent() directly to tell the parent to die -- this will
182 * cause neither of those variable to be set, which the parent will
183 * assume means something serious is wrong (which it will be, for the
184 * child to force an exit) and so do an exit anyway.
185 */
188 {
189 /* If the user tries to shut us down twice in quick succession then we
190 * may well get triggered while we are working through previous attempt
191 * to shutdown. We won't worry about even reporting it as it seems a little
192 * pointless.
193 */
198 }
200 /* do a graceful restart if graceful == 1 */
202 {
204 /* Probably not an error - don't bother reporting it */
206 }
209 }
211 /* sig_coredump attempts to handle all the potential signals we
212 * may get that should result in a core dump. This is called from
213 * the signal handler routine, so when we enter we are essentially blocked
214 * on the signal. Once we exit we will allow the signal to be processed by
215 * system, which may or may not produce a .core file. All this function does
216 * is try and respect the users wishes about where that file should be
217 * located (chdir) and then signal the parent with the signal.
218 *
219 * If we called abort() the parent would only see SIGABRT which doesn't provide
220 * as much information.
221 */
223 {
227 }
230 {
232 }
235 {
237 }
239 /* Handle queries about our inner workings... */
241 {
282 }
284 }
286 /* This accepts a connection and allows us to handle the error codes better than
287 * the previous code, while also making it more obvious.
288 */
290 {
292 apr_status_t status;
301 }
305 }
306 /* This switch statement provides us with better error details. */
308 #ifdef ECONNABORTED
310 #endif
311 #ifdef ETIMEDOUT
313 #endif
314 #ifdef EHOSTUNREACH
316 #endif
317 #ifdef ENETUNREACH
319 #endif
321 #ifdef ENETDOWN
323 /*
324 * When the network layer has been shut down, there
325 * is not much use in simply exiting: the parent
326 * would simply re-create us (and we'd fail again).
327 * Use the CHILDFATAL code to tear the server down.
328 * @@@ Martin's idea for possible improvement:
329 * A different approach would be to define
330 * a new APEXIT_NETDOWN exit code, the reception
331 * of which would make the parent shutdown all
332 * children, then idle-loop until it detected that
333 * the network is up again, and restart the children.
334 * Ben Hyde noted that temporary ENETDOWN situations
335 * occur in mobile IP.
336 */
346 }
348 }
351 {
352 apr_size_t len;
358 }
359 }
362 {
368 /* The first batch get handled by sig_coredump */
381 }
383 /* These next two are handled by sig_term */
390 /* We ignore SIGPIPE */
395 /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy
396 * processing one */
403 ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")");
404 }
406 /* This is the thread that actually does all the work. */
408 {
414 sigset_t sig_mask;
420 /* each worker thread is in control of its own destiny...*/
422 /* We have 2 pools that we create/use throughout the lifetime of this
423 * worker. The first and longest lived is the pworker pool. From
424 * this we create the ptrans pool, the lifetime of which is the same
425 * as each connection and is reset prior to each attempt to
426 * process a connection.
427 */
432 * child initializes
433 */
437 /* block the signals for this thread only if we're not running as a
438 * single process.
439 */
443 }
445 /* Each worker thread is fully in control of it's destinay and so
446 * to allow each thread to handle the lifetime of it's own resources
447 * we create and use a subcontext for every thread.
448 * The subcontext is a child of the pconf pool.
449 */
461 /* We add an extra socket here as we add the udp_sock we use for signalling
462 * death. This gets added after the others.
463 */
475 }
476 {
484 }
494 /* (Re)initialize this child to a pre-connection state. */
505 /* We always (presently) have at least 2 sockets we listen on, so
506 * we don't have the ability for a fast path for a single socket
507 * as some MPM's allow :(
508 */
519 }
523 }
524 /* We can always use pdesc[0], but sockets at position N
525 * could end up completely starved of attention in a very
526 * busy server. Therefore, we round-robin across the
527 * returned set of descriptors. While it is possible that
528 * the returned set of descriptors might flip around and
529 * continue to starve some sockets, we happen to know the
530 * internal pollset implementation retains ordering
531 * stability of the sockets. Thus, the round-robin should
532 * ensure that a socket will eventually be serviced.
533 */
537 /* Grab a listener record from the client_data of the poll
538 * descriptor, and advance our saved index to round-robin
539 * the next fetch.
540 *
541 * ### hmm... this descriptor might have POLLERR rather
542 * ### than POLLIN
543 */
547 /* The only socket we add without client_data is the first, the UDP socket
548 * we listen on for restart signals. If we've therefore gotten a hit on that
549 * listener lr will be NULL here and we know we've been told to die.
550 * Before we jump to the end of the while loop with this_worker_should_exit
551 * set to 1 (causing us to exit normally we hope) we release the accept_mutex
552 * as we want every thread to go through this same routine :)
553 * Bit of a hack, but compared to what I had before...
554 */
559 }
561 }
562 got_fd:
563 /* Run beos_accept to accept the connection and set things up to
564 * allow us to process it. We always release the accept_lock here,
565 * even if we failt o accept as otherwise we'll starve other workers
566 * which would be bad.
567 */
572 /* resource shortage or should-not-occur occured */
577 current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, worker_slot, sbh, bucket_alloc);
581 }
585 /* yeah, this could be non-graceful restart, in which case the
586 * parent will kill us soon enough, but why bother checking?
587 */
589 }
590 got_a_black_spot:
591 }
597 }
600 {
601 thread_id tid;
613 }
620 /* In case system resources are maxed out, we don't want
621 * Apache running away with the CPU trying to fork over and
622 * over and over again.
623 */
629 }
634 }
636 /* When a worker thread exits, this function is called. If we are not in
637 * a shutdown situation then we restart the worker in the slot that was
638 * just vacated.
639 */
641 {
647 }
648 }
650 /* Start number_to_start children. This is used to start both the
651 * initial 'pool' of workers but also to replace existing workers who
652 * have reached the end of their time. It walks through the scoreboard to find
653 * an empty slot and starts the worker thread in that slot.
654 */
656 {
667 }
668 }
671 /*
672 * spawn_rate is the number of children that will be spawned on the
673 * next maintenance cycle if there aren't enough idle servers. It is
674 * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
675 * without the need to spawn.
676 */
678 #ifndef MAX_SPAWN_RATE
679 #define MAX_SPAWN_RATE (32)
680 #endif
684 {
690 /* initialize the free_list */
698 }
699 }
702 }
706 }
707 }
713 }
714 /* the next time around we want to spawn twice as many if this
715 * wasn't good enough, but not if we've just done a graceful
716 */
721 }
724 }
725 }
728 {
730 apr_exit_why_e exitwhy;
732 apr_proc_t pid;
744 }
745 /* non-fatal death... note that it's gone in the scoreboard. */
751 }
752 }
756 SERVER_DEAD,
761 /* we're still doing a 1-for-1 replacement of dead
762 * children with new children
763 */
766 }
767 /* TODO
768 #if APR_HAS_OTHER_CHILD
769 }
770 else if (apr_proc_other_child_refresh(&pid, status) == 0) {
771 #endif
772 */
773 }
775 /* Great, we've probably just lost a slot in the
776 * scoreboard. Somehow we don't know about this
777 * child.
778 */
781 }
783 /* Don't perform idle maintenance when a child dies,
784 * only do it when there's a timeout. Remember only a
785 * finite number of children can die, and it's pretty
786 * pathological for a lot to die suddenly.
787 */
789 }
791 /* we hit a 1 second timeout in which none of the previous
792 * generation of children needed to be reaped... so assume
793 * they're all done, and pick up the slack if any is left.
794 */
797 /* In any event we really shouldn't do the code below because
798 * few of the servers we just started are in the IDLE state
799 * yet, so we'd mistakenly create an extra server.
800 */
802 }
804 }
805 }
807 /* This is called to not only setup and run for the initial time, but also
808 * when we've asked for a restart. This means it must be able to handle both
809 * situations. It also means that when we exit here we should have tidied
810 * up after ourselves fully.
811 */
813 {
815 apr_status_t rv;
820 /* Increase the available pool of fd's. This code from
821 * Joe Kloss <joek@be.com>
822 */
826 }
828 /* BeOS R5 doesn't support pipes on select() calls, so we use a
829 * UDP socket as these are supported in both R5 and BONE. If we only cared
830 * about BONE we'd use a pipe, but there it is.
831 * As we have UDP support in APR, now use the APR functions and check all the
832 * return values...
833 */
839 }
845 }
850 }
856 }
860 /*
861 * Create our locks...
862 */
864 /* accept_mutex
865 * used to lock around select so we only have one thread
866 * in select at a time
867 */
870 /* tsch tsch, can't have more than one thread in the accept loop
871 at a time so we need to fall on our sword... */
875 }
877 /*
878 * Startup/shutdown...
879 */
882 /* setup the scoreboard shared memory */
885 }
891 }
892 }
902 /* Sanity checks to avoid thrashing... */
906 /* If we're doing a graceful_restart then we're going to see a lot
907 * of threads exiting immediately when we get into the main loop
908 * below (because we just sent them AP_SIG_GRACEFUL). This happens
909 * pretty rapidly... and for each one that exits we'll start a new one
910 * until we reach at least threads_min_free. But we may be permitted to
911 * start more than that, so we'll just keep track of how many we're
912 * supposed to start up without the 1 second penalty between each fork.
913 */
915 /* sanity check on the number to start... */
918 }
920 /* If we're doing the single process thing or we're in a graceful_restart
921 * then we don't start threads here.
922 * if we're in one_process mode we don't want to start threads
923 * do we??
924 */
929 /* give the system some time to recover before kicking into
930 * exponential mode */
932 }
934 /*
935 * record that we've entered the world !
936 */
948 /* We sit in the server_main_loop() until we somehow manage to exit. When
949 * we do, we need to kill the workers we have, so we start by using the
950 * tell_workers_to_exit() function, but as it sometimes takes a short while
951 * to accomplish this we have a pause builtin to allow them the chance to
952 * gracefully exit.
953 */
960 }
963 /* close the UDP socket we've been using... */
973 }
978 }
980 /*
981 * If we get here we're shutting down...
982 */
984 /* Time to gracefully shut down:
985 * Kill child processes, tell them to call child_exit, etc...
986 */
991 /* use ap_reclaim_child_processes starting with SIGTERM */
995 /* record the shutdown in the log */
998 }
1002 }
1004 /* we've been told to restart */
1011 /* Kill 'em all. Since the child acts the same on the parents SIGTERM
1012 * and a SIGHUP, we may as well use the same signal, because some user
1013 * pthreads are stealing signals from us left and right.
1014 */
1019 }
1021 /* just before we go, tidy up the lock we created to prevent a
1022 * potential leak of semaphores...
1023 */
1028 }
1031 {
1034 apr_status_t rv;
1043 }
1044 else
1045 {
1049 }
1051 /* sigh, want this only the second time around */
1062 }
1063 }
1066 }
1076 #ifdef AP_MPM_WANT_SET_MAX_MEM_FREE
1078 #endif
1083 }
1087 {
1091 /* the reverse of pre_config, we want this only the first time around */
1094 }
1099 "WARNING: MaxClients of %d exceeds compile-time "
1105 " To increase, please see the HARD_THREAD_LIMIT"
1111 "MaxClients of %d exceeds compile-time limit "
1114 }
1116 }
1120 "WARNING: MaxClients of %d not allowed, "
1125 ap_thread_limit);
1126 }
1128 }
1130 /* ap_threads_to_start > ap_thread_limit checked in ap_mpm_run() */
1134 "WARNING: StartThreads of %d not allowed, "
1139 ap_threads_to_start);
1140 }
1142 }
1147 "WARNING: MinSpareThreads of %d not allowed, "
1156 min_spare_threads);
1157 }
1159 }
1161 /* max_spare_threads < min_spare_threads checked in ap_mpm_run() */
1166 "WARNING: MaxRequestsPerThread of %d not allowed, "
1172 "MaxRequestsPerThread of %d not allowed, "
1174 }
1176 }
1179 }
1182 {
1187 }
1190 {
1194 }
1198 }
1201 {
1205 }
1209 }
1212 {
1216 }
1220 }
1223 {
1227 }
1231 }
1234 {
1238 }
1242 }
1245 BEOS_DAEMON_COMMANDS,
1246 LISTEN_COMMANDS,
1258 };
1260 module AP_MODULE_DECLARE_DATA mpm_beos_module = {
1261 MPM20_MODULE_STUFF,
1268 beos_hooks /* register_hooks */
1269 };