blocking listener thread during SSL shutdown

Wed, 12 Apr 2017 08:03:49 -0700 

Hi
I've submitted a bug report [1] about hanging listener threads in mod_event during SSL shutdown. But since I did not hear anything I choose to discuss it on the Mailing List. 


I was remotely debugging an Issue, where an Apache HTTPD did not serve 
requests any more. In the stacks of the HTTPD processes I saw that a lot 
of listener threads are blocked in a poll() call, triggered by 
modssl_smart_shutdown().


#0  0x00007f996d44f283 in poll () from /lib64/libc.so.6
#1  0x00007f996df8764f in apr_poll () from /opt/apache/bin/libapr-1.so.0
#2  0x00007f996eacb485 in ap_core_output_filter ()
#3  0x00007f996cf46488 in bio_filter_out_pass () from /opt/apache/bin/mod_ssl.so
#4  0x00007f996cf483bf in bio_filter_out_ctrl () from /opt/apache/bin/mod_ssl.so
#5  0x00007f996cf5803b in modssl_smart_shutdown () from 
/opt/apache/bin/mod_ssl.so
#6  0x00007f996cf4856e in ssl_filter_io_shutdown.isra.2 () from 
/opt/apache/bin/mod_ssl.so
#7  0x00007f996cf49c10 in ssl_io_filter_output () from 
/opt/apache/bin/mod_ssl.so
#8  0x00007f996cf46b4e in ssl_io_filter_coalesce () from 
/opt/apache/bin/mod_ssl.so
#9  0x00007f996ead9f93 in ap_shutdown_conn ()
#10 0x00007f996a505702 in start_lingering_close_nonblocking () from 
/opt/apache/bin/mod_mpm_event.so
#11 0x00007f996a5040ac in process_timeout_queue () from 
/opt/apache/bin/mod_mpm_event.so
#12 0x00007f996a5063b0 in listener_thread () from 
/opt/apache/bin/mod_mpm_event.so
#13 0x00007f996d90faa1 in start_thread () from /lib64/libpthread.so.0
#14 0x00007f996d458aad in clone () from /lib64/libc.so.6


Unfortunately I'm not able to reproduce the problem locally. But just 
looking at this stack makes me think that this should never happen, 
since the listener thread is very important and should never block 
during a operation that is not waiting for new connections. Also the 
function name "start_lingering_close_nonblocking()" suggests, that this 
operation should not block, but obviously does.



I think it's quite serious, and can lead to problems where clients are 
not reacting "fast" to a SSL Shutdown alert. I also thought this 
behaviour could be exploited to be used as a DoS attack. But on the 
other hand it seems nobody else is experiencing this in the wild.



Am I misinterpreting something or does anyone else think this really is 
an issue?


cheers, Frank


[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=60956























					Reply via email to