php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #81704 opcache.restrict_api not working with PHP-FPM
Submitted: 2021-12-22 09:01 UTC Modified: 2021-12-22 21:58 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: mr-manuel at outlook dot it Assigned: bukka (profile)
Status: Assigned Package: opcache
PHP Version: Irrelevant OS: Debian 11
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mr-manuel at outlook dot it
New email:
PHP Version: OS:

 

 [2021-12-22 09:01 UTC] mr-manuel at outlook dot it 
Description:
------------
# actual behaviour
OPcache shows all cached files from all PHP-FPM pools using the same PHP version. In addition it shows a negative used_memory value, since it counts somehow all pools and not only the pool in which the script is executed.

# expected behaviour
OPcache in PHP-FPM should show only the scripts cached within the same pool.

# stept to reproduce
Use Apache with mpm_event module and PHP-FPM installation. Create per domain a separate PHP-FPM pool and execute the pools with different users.

Relevant pool settings:
# /etc/php/7.4/fpm/pool.d/domain-1.conf
php_admin_flag[opcache.enable] = 1
php_admin_value[opcache.memory_consumption] = 128
php_admin_value[opcache.interned_strings_buffer] = 8
php_admin_value[opcache.max_accelerated_files] = 16229
php_admin_flag[opcache.validate_timestamps] = 1
php_admin_flag[opcache.save_comments] = 1
php_admin_value[opcache.revalidate_freq] = 1
php_admin_flag[opcache.fast_shutdown] = 1
php_admin_value[opcache.restrict_api] = "/var/www/html/domain-1.com"
... rest is default

The settings for all domains are the same, except the domain path and config file name.

Execute the test script below on every pool/domain and check the scripts. You should see all scripts from all pools which are cached from the same PHP-FPM version.

Apache: 2.4.51
PHP versions used: 7.4.26, 8.0.13, 8.1.0

Test script:
---------------
https://github.com/rlerdorf/opcache-status/blob/master/opcache.php

Expected result:
----------------
OPcache in PHP-FPM should show only the scripts cached within the same pool.

Actual result:
--------------
OPcache in PHP-FPM shows all scripts that are cached within the same PHP-FPM version.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-12-22 13:46 UTC] cmb@php.net
-Assigned To: +Assigned To: bukka
 [2021-12-22 13:46 UTC] cmb@php.net 
Looks like there is only one OPcache SHM for all FPM pools.

Jakub, could you please have a look at this?
 [2021-12-22 20:44 UTC] bukka@php.net 
This is known issue and it's a current design of FPM where MINIT is done on master level and the shared memory is allocated just once. I think the best solution for that would be introducing a process manager that would control pool process and do MINIT but that's quite a lot of work so it will take some time.

In any case this is not a security issue because pools are not considered as a security mechanism (read they don't provide full separtion). It is certainly not anything that we can change in the bug fixing release as it will require significant refactoring. This is a feature request though.
 [2021-12-22 21:58 UTC] cmb@php.net
-Type: Security +Type: Feature/Change Request
 [2021-12-22 21:58 UTC] cmb@php.net 
Thanks for the clarification!  I added that info to the PHP
manual[1].

[1] <https://github.com/php/doc-en/commit/88333c7e4faf04190cf783247b470c7ea8b54196>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Jul 27 03:01:30 2024 UTC