PHP :: Bug #70973 :: Segmentation fault when no huge pages available

Bug #70973	Segmentation fault when no huge pages available
Submitted:	2015-11-25 21:31 UTC	Modified:	2015-11-27 16:30 UTC
From:	cv at jet9 dot ru	Assigned:	laruence (profile)
Status:	Closed	Package:	opcache
PHP Version:	7.0.0RC7	OS:	CentOS 6
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cv at jet9 dot ru
New email:
PHP Version:		OS:

New Comment:

[2015-11-25 21:31 UTC] cv at jet9 dot ru

Description:
------------
When opcache.huge_code_pages=1 and no huge pages available, php gots segfault:

jet9.ru$ strace /own/bin/php
...
mmap(0x400000, 2097152, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|0x40000, -1, 0) = -1 ENOMEM (Cannot allocate memory)
munmap(0x7fa18485f000, 2097152)         = 0
close(3)                                = 0
munmap(0x7fa1a0800000, 4096)            = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x5d72c0} ---
+++ killed by SIGSEGV +++
Segmentation fault

jet9.ru$ gdb /own/bin/php
...
Program received signal SIGSEGV, Segmentation fault.
zend_llist_del_element (l=0x9dc8e0, element=0x0, compare=0x7fffedf40590 <accelerator_remove_cb>) at /usr/src/debug/php-7.0.0RC8/Zend/zend_llist.c:91


I guess somewhere's lost mmap() returning value check when dealing with huge pages.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-11-26 04:10 UTC] laruence@php.net

-Status: Open +Status: Feedback -Assigned To: +Assigned To: laruence

[2015-11-26 04:10 UTC] laruence@php.net

I can not reproduce this simply, so could you please test with this patch?

diff --git a/ext/opcache/ZendAccelerator.c b/ext/opcache/ZendAccelerator.c
index e23e751..ae10d12 100644
--- a/ext/opcache/ZendAccelerator.c
+++ b/ext/opcache/ZendAccelerator.c
@@ -2531,7 +2531,7 @@ static int accel_remap_huge_pages(void *start, size_t size, const char *name, si
                        PROT_READ | PROT_WRITE | PROT_EXEC,
                        MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
                        -1, 0);
-           if (-1 == madvise(start, size, MADV_HUGEPAGE)) {
+         if (ret == MAP_FAILED || -1 == madvise(start, size, MADV_HUGEPAGE)) {
                        munmap(mem, size);
                        return -1;
                }

[2015-11-26 15:51 UTC] cv at jet9 dot ru

No, the bug still exists. With the patch applied the function accel_move_code_to_huge_pages() returns and segfault raises later:

(gdb) br /usr/src/debug/php-7.0.0RC8/ext/opcache/ZendAccelerator.c:2620
(gdb) run
Breakpoint 1, accel_startup (extension=<value optimized out>) at /usr/src/debug/php-7.0.0RC8/ext/opcache/ZendAccelerator.c:2620
2620                    if (!ZCG(accel_directives).enable_cli &&
(gdb) n
2619                    accel_startup_ok = 0;
(gdb)
2620                    if (!ZCG(accel_directives).enable_cli &&
(gdb)
2621                        strcmp(sapi_module.name, "cli") == 0) {
(gdb)
2620                    if (!ZCG(accel_directives).enable_cli &&
(gdb)
2622                            zps_startup_failure("Opcode Caching is disabled for CLI", NULL, accelerator_remove_cb);
(gdb)

Program received signal SIGSEGV, Segmentation fault.
zend_llist_del_element (l=0x9dc8e0, element=0x0, compare=0x7fffedf40590 <accelerator_remove_cb>) at /usr/src/debug/php-7.0.0RC8/Zend/zend_llist.c:91
91      {

[2015-11-27 11:53 UTC] laruence@php.net

how about this one? http://pastebin.com/sqXMzZLT

thanks

[2015-11-27 15:32 UTC] laruence@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993
Log: Fixed bug #70977, #70973 (Segmentation fault with opcache.huge_code_pages=1)

[2015-11-27 16:30 UTC] laruence@php.net

-Status: Feedback +Status: Closed

[2015-11-27 16:30 UTC] laruence@php.net

The fix for this bug has been committed.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.

 For Windows:

http://windows.php.net/snapshots/
 
Thank you for the report, and for helping us make PHP better.

it should be fixed  http://git.php.net/?p=php-src.git;a=commit;h=e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993

[2015-11-27 20:21 UTC] cv at jet9 dot ru

I've just checked on commit e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993, it's all right. Got warning "Zend OPcachehuge_code_pages: mmap(HUGETLB) failed: Cannot allocate memory (12)" and than run continues fine.

Fix confirmed, thanks.

[2016-07-20 11:35 UTC] davey@php.net

Automatic comment on behalf of laruence@gmail.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e9a8d7ff1d59cbcaf4b5cec728a94fb0d54dd993
Log: Fixed bug #70977, #70973 (Segmentation fault with opcache.huge_code_pages=1)

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 10:01:28 2024 UTC