php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #81704 opcache.restrict_api not working with PHP-FPM
Submitted: 2021-12-22 09:01 UTC Modified: 2021-12-22 21:58 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mr-manuel at outlook dot it Assigned: bukka (profile)
Status: Assigned Package: opcache
PHP Version: Irrelevant OS: Debian 11
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mr-manuel at outlook dot it
New email:
PHP Version: OS:

 

 [2021-12-22 09:01 UTC] mr-manuel at outlook dot it 
Description:
------------
# actual behaviour
OPcache shows all cached files from all PHP-FPM pools using the same PHP version. In addition it shows a negative used_memory value, since it counts somehow all pools and not only the pool in which the script is executed.

# expected behaviour
OPcache in PHP-FPM should show only the scripts cached within the same pool.

# stept to reproduce
Use Apache with mpm_event module and PHP-FPM installation. Create per domain a separate PHP-FPM pool and execute the pools with different users.

Relevant pool settings:
# /etc/php/7.4/fpm/pool.d/domain-1.conf
php_admin_flag[opcache.enable] = 1
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.interned_strings_buffer] = 8
php_admin_value[opcache.max_accelerated_files] = 16229
php_admin_flag[opcache.validate_timestamps] = 1
php_admin_flag[opcache.save_comments] = 1
php_admin_value[opcache.revalidate_freq] = 1
php_admin_flag[opcache.fast_shutdown] = 1
php_admin_value[opcache.restrict_api] = "/var/www/html/domain-1.com"
... rest is default

The settings for all domains are the same, except the domain path and config file name.

Execute the test script below on every pool/domain and check the scripts. You should see all scripts from all pools which are cached from the same PHP-FPM version.

Apache: 2.4.51
PHP versions used: 7.4.26, 8.0.13, 8.1.0

Test script:
---------------
https://github.com/rlerdorf/opcache-status/blob/master/opcache.php

Expected result:
----------------
OPcache in PHP-FPM should show only the scripts cached within the same pool.

Actual result:
--------------
OPcache in PHP-FPM shows all scripts that are cached within the same PHP-FPM version.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-12-22 13:46 UTC] cmb@php.net
-Assigned To: +Assigned To: bukka
 [2021-12-22 13:46 UTC] cmb@php.net 
Looks like there is only one OPcache SHM for all FPM pools.

Jakub, could you please have a look at this?
 [2021-12-22 20:44 UTC] bukka@php.net 
This is known issue and it's a current design of FPM where MINIT is done on master level and the shared memory is allocated just once. I think the best solution for that would be introducing a process manager that would control pool process and do MINIT but that's quite a lot of work so it will take some time.

In any case this is not a security issue because pools are not considered as a security mechanism (read they don't provide full separtion). It is certainly not anything that we can change in the bug fixing release as it will require significant refactoring. This is a feature request though.
 [2021-12-22 21:58 UTC] cmb@php.net
-Type: Security +Type: Feature/Change Request
 [2021-12-22 21:58 UTC] cmb@php.net 
Thanks for the clarification!  I added that info to the PHP
manual[1].

[1] <https://github.com/php/doc-en/commit/88333c7e4faf04190cf783247b470c7ea8b54196>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC