Double fastcgi_end_request on max_children limit (bug #67583)

[Berbe]

PHP sends 2 FastCGI FCGI_END_REQUEST records instead of one when fastcgi_finish_request(); is called and the FPM param max_requests is exceeded.

• One is sent on fastcgi_finish_request(); call
• The other is sent in block fpm_main.c:1951 requests++; if (max_requests && (requests == max_requests)) { fcgi_finish_request(&request, 1); break; }

It confuses fastcgi client (i.e. nginx) receiving 2 FCGI_END_REQUEST records one after another.
The author has set the request->closed flag to prevent a second FastCGI record to be sent.

See https://bugs.php.net/bug.php?id=67583

[smalyshev]

@Berbe looks like this pull needs a rebase

[Berbe]

Yup, but the original author (where I pulled from and who originally discovered the flaw, fileld up the bug form and provided a patch) is not to be seen active on the topic. His other pull requests got invalid.
Since it is a 1-liner patch, is not it possible for you guys to take create a fix directly into your codebase?

[sgolemon]

I'm not sure what's going on with this PR as a whole (the list of commits contains lots of unrelated things).

I can apply the original PR https://patch-diff.githubusercontent.com/raw/php/php-src/pull/710.patch credited to the right person, BUT... it's not remotely valid against PHP 7.0 or PHP 7.1 since the fcgi_request struct is now opaque.

There seems to be a replacement API for doing this using int fcgi_finish_request(fcgi_request *req, int force_close), but that contains the flush/close calls as well with slighlty different parameters. Since I don't use FPM and don't 100% know what those parameters do, I'm hesitant to apply it blindly.

SO, if you'd like to come up with a new patch, and a test plan for it, I'd be happy to apply it with credit to whomever it belongs to at that point (primarily you with a nod to the original PR submitter, IMO). Until then, this PR just doesn't work for PHP >= 7.0

[krakjoe]

@sgolemon I too have no idea what is going on with the PR ... but the changes in FPM are one line ... is there some reason that line can't be committed ?

[jippi]

i guess the magic is just https://github.com/php/php-src/pull/1169/files#diff-624bdd47ab6847d777e15327976a9227R1519 ?

[sgolemon]

@krakjoe Yes. The reason I stated in my comment. The one-line fix doesn't compile, because fcgi_request is an opaque struct in PHP 7 and later.

@jippi No, that's not magic, it's a diff that doesn't compile.

Again, for those in the cheap seats:

I can apply the original PR https://patch-diff.githubusercontent.com/raw/php/php-src/pull/710.patch credited to the right person, BUT... it's not remotely valid against PHP 7.0 or PHP 7.1 since the fcgi_request struct is now opaque.

[krakjoe]

@sgolemon What about modifying fcgi_close ?

[sgolemon]

That's an option, but then a simple (probably rightish) diff becomes something that changes the fcgi interface and it's why I'd rather have someone who knows the fcgi interface touch it (or at least someone who uses it).

[krakjoe]

Since this targets an unsupported branch and since there is something very wrong with this PR anyway, as already pointed out ~6 months ago, and since problems raised and those apparent have gone unresolved by the author, I'm closing this PR.

Please take this action as encouragement to open a clean PR against a supported branch.

[Berbe]

'Encouragement'. xD

I see PHP prefers focusing on meta-problems about the pull-request and let time fly to use it as an argument to close it later, rather than addressing the flaw being pointed out, present in their product for a great amount of time.

I suppose it is one of the mindset which makes PHP stand apart as being deeply falwed on the programming languages set.
Keep up the good work...

[nikic]

Fix implemented via f346bd6 and a46bbdd. The first renames s/closed/ended, the second exposes a fcgi_end() API to avoid the issue with the opaque structure.

I would have just added a destroy parameter to fcgi_finish_request and then used that function with destroy=0, but I'm not sure what our ABI guarantees for fcgi are -- the functions are not exported, but then again SAPIs are not linked as shared objects, so maybe we still require a stable ABI there.