From owner-freebsd-hackers@FreeBSD.ORG Wed Oct 29 21:05:43 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E8CB816A4CE; Wed, 29 Oct 2003 21:05:43 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 46D0E43FCB; Wed, 29 Oct 2003 21:05:42 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id BB91166B9B; Wed, 29 Oct 2003 21:05:40 -0800 (PST) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id 8D55BB12; Wed, 29 Oct 2003 21:05:40 -0800 (PST) Date: Wed, 29 Oct 2003 21:05:40 -0800 From: Kris Kennaway To: "Branko F. Gra?nar" Message-ID: <20031030050540.GA25906@rot13.obsecurity.org> References: <3F9F9884.3020309@noviforum.si> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline In-Reply-To: <3F9F9884.3020309@noviforum.si> User-Agent: Mutt/1.4.1i cc: freebsd-hackers@freebsd.org cc: freebsd-current@freebsd.org Subject: Re: FreeBSD 5.1-p10 reproducible crash with Apache2 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Oct 2003 05:05:44 -0000 --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 29, 2003 at 11:37:56AM +0100, "Branko F. Gra?nar" wrote: > Hi. >=20 > FreeBSD 5.1-p10 (and also possible other 5.1-pX version) can be remotely > locked up if the following criteria is met: >=20 > + apache2 has mod_ssl loaded and enabled > + apache2 has the following configuration directives set to the > following values: >=20 > SSLMutex sem > SSLSessionCache shm:/some/file(1048576) >=20 > + client connects via SSL/TLS to apache fast enough. >=20 > If all conditions above are satisfied except the last one, then lockup > doesn't happen. >=20 > I tested on three 5.1-p10 machines (SMP, uniprocessor, uniprocessor with > hypterthreading) with JMeter 1.9.1. >=20 > It is possible lockup machine with 100 requests (1 concurrent request) > in 1-3 seconds. >=20 > If SSLMutex is set to file:/path/somewhere and SSLSessionCache is set to > dbm:/some/dbm lockup does not accour. >=20 > Linux 2.4.22 is not affected by this issue. >=20 > Details: What kernel configuration? What hardware? Kris --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/oJwkWry0BWjoQKURAqYYAJ92W7HTAmfl2EwIimKUc0Mrl+vWoACg3Qor Twxs3HZqj1X6/NtdWIt5nc0= =YJh4 -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp--