Skip to content

Fix #78919: CLI server: insufficient cleanup if request startup fails#7322

Closed
cmb69 wants to merge 1 commit intophp:PHP-7.4from
cmb69:cmb/78919
Closed

Fix #78919: CLI server: insufficient cleanup if request startup fails#7322
cmb69 wants to merge 1 commit intophp:PHP-7.4from
cmb69:cmb/78919

Conversation

@cmb69
Copy link
Member

@cmb69 cmb69 commented Jul 30, 2021

We need to run the full php_cli_server_request_shutdown() in case of
failing php_cli_server_request_startup().

Patch contributed by @cataphract.

@cmb69
Fix #78919: CLI server: insufficient cleanup if request startup fails
3c5b437 
We need to run the full `php_cli_server_request_shutdown()` in case of
failing `php_cli_server_request_startup()`.

Patch contributed by @cataphract.
@cmb69 cmb69 added the Bug label Jul 30, 2021
@nikic
Copy link
Member

nikic commented Aug 2, 2021

Not really sure about this one. It generally makes sense to me, but I'm not sure it's safe for all possible startup failure points. I think most places bail entirely on request startup failure (and tbh it's not clear how we can hope to continue in that case -- pray that the new request startup is magically not going to fail as well?)

@cataphract
Copy link
Contributor

cataphract commented Aug 2, 2021

Thanks for looking into this.

tbh it's not clear how we can hope to continue in that case -- pray that the new request startup is magically not going to fail as well?

@nikic What we're doing in the extension is that we're looking at some properties of the request itself (say, request uri) and deciding whether to block the request; this means preventing the PHP script from running. One of the possible strategies is to raise an error. Unfortunately, this has different behaviors across the SAPIs: works well in the Apache SAPI, as described in the bug report, FPM just exists the process, which is terrible for performance, and requires a different strategy, and the CLI SAPI leaks memory.

I'm not sure it's safe for all possible startup failure points
I can't be sure as well; for our purposes we need only recover from the error that we emit. But note that, as I said above, the Apache SAPI does call php_request_shutdown.

@cmb69
Copy link
Member Author

cmb69 commented Aug 9, 2021

If there are concerns about that, should we apply the patch to the "master" branch only?

@cmb69
Copy link
Member Author

cmb69 commented Aug 17, 2021

Well, the partial shutdown as implemented makes no sense. A bailout might, but I think @cataphract has a point that this can be a valid hook to block certain requests. And even if all request startups would fail, we keep a clean state, even if the built-in Webserver is basically unusable, and the user would have to shut it down manually.

nikic
nikic approved these changes Aug 17, 2021
View reviewed changes
Copy link
Member

@nikic nikic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's give this a try for master.

It looks like at least we don't try to run RSHUTDOWN if any RINIT failed (because then modules_activated=0), so this looks reasonably safe.

@cmb69 cmb69 closed this in be2df43 Aug 17, 2021
@cmb69 cmb69 deleted the cmb/78919 branch August 17, 2021 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nikic nikic nikic approved these changes

Assignees

No one assigned

Labels

Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cmb69 @nikic @cataphract