Commit Graph

33 Commits (5a58f6963cc93801b49268bfe2b59d8e6bfe3f10)

Author SHA1 Message Date
Glenn Strauss 309c1693ac [multiple] Y2038 32-bit signed time_t mitigations
Most OS platforms have already provided solutions to
Y2038 32-bit signed time_t 5 - 10 years ago (or more!)
Notable exceptions are Linux i686 and FreeBSD i386.

Since 32-bit systems tend to be embedded systems,
and since many distros take years to pick up new software,
this commit aims to provide Y2038 mitigations for lighttpd
running on 32-bit systems with Y2038-unsafe 32-bit signed time_t

* Y2038: lighttpd 1.4.60 and later report Y2038 safety
  $ lighttpd -V
    + Y2038 support                                    # Y2038-SAFE
  $ lighttpd -V
    - Y2038 support (unsafe 32-bit signed time_t)      # Y2038-UNSAFE

* Y2038: general platform info
  * Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t
      - all major 64-bit platforms (known to this author) use 64-bit time_t
  * Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t
      - Linux x32 ABI (different from i686)
      - FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386
      - NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures
      - OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures
      - Microsoft Windows XP and Visual Studio 2005 (? unsure ?)
        Another reference suggests Visual Studio 2015 defaults to 64-bit time_t
      - MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps
  * Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t
      - e.g. OpenVMS (unknown if lighttpd builds on this platform)
  * Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t
      - Linux 32-bit (including i686)
          - glibc 32-bit library support not yet available for 64-bit time_t
              - Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t
                "Note: at this point, 64-bit time support in dual-time
                 configurations is work-in-progress, so for these
                 configurations, the public API only makes the 32-bit time
                 support available. In a later change, the public API will
                 allow user code to choose the time size for a given
                 compilation unit."
              - compiling with -D_TIME_BITS=64 currently has no effect
          - glibc recent (Jul 2021) mailing list discussion
      - FreeBSD i386
      - DragonFlyBSD 32-bit

* Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t)
  * lighttpd prefers system monotonic clock instead of realtime clock
    in places where realtime clock is not required
  * lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT
  * (lighttpd presumes that lighttpd will not encounter dates before 1970
    during normal operation.)
  * lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t
    to convert negative timestamps for comparisions with 64-bit timestamps
    (treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT)
  * lighttpd provides unix_time64_t (int64_t) and
  * lighttpd provides struct unix_timespec64 (unix_timespec64_t)
    (struct timespec equivalent using unix_time64_t tv_sec member)
  * lighttpd provides gmtime64_r() and localtime64_r() wrappers
    for platforms 32-bit platforms using 32-bit time_t and
    lighttpd temporarily shifts the year in order to use
    gmtime_r() and localtime_r() (or gmtime() and localtime())
    from standard libraries, before readjusting year and passing
    struct tm to formatting functions such as strftime()
  * lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to
    unsigned 32-bit and then to unix_time64_t

* Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT
  on 32-bit platforms using 32-bit signed time_t, underlying libraries and
  underlying filesystems might not behave properly after 32-bit signed time_t
  overflows (19 Jan 2038 03:14:08 GMT).  If a given 32-bit OS does not work
  properly using negative time_t values, then lighttpd likely will not work
  properly on that system.

* Other references and blogs
2021-09-04 08:08:26 -04:00
Glenn Strauss 13ea2d880b [core] consistent inclusion of sys-time.h 2021-04-28 14:08:29 -04:00
Glenn Strauss 19bc88850e [multiple] add attrs from gcc -Wsuggest-attribute= 2021-03-26 07:33:41 -04:00
Glenn Strauss 0b00b13a42 [core] use kqueue() instead of FAM/gamin on *BSD
Note: there have always been limitations with lighttpd stat_cache.[ch]
using FAM/gamin on *BSD via kqueue() as lighttpd stat_cache.[ch] only
monitors directories.  This kqueue() implementation also only monitors
directories and has limitations.

lighttpd stat_cache.[ch] is notified about additions and removals of
files within a monitored directory but might not be notified of changes
such as timestamps (touch), ownership, or even changes in contents
(e.g. if a file is edited through a hard link)

server.stat-cache-engine = "disable" should be used when files should
not be cached.  Full stop.  Similarly, "disable" is recommended if files
change frequently.  If using server.stat-cache-engine with any engine,
there are caching effects and tradeoffs.

On *BSD and using kqueue() on directories, any change detected clears
the stat_cache of all entries in that directory, since monitoring only
the directory does not indicate which file was added or removed.  This
is not efficient for directories containing frequently changed files.
2020-11-04 20:16:30 -05:00
Glenn Strauss 5c7173026f [core] use inotify in stat_cache.[ch] on Linux
use inotify in stat_cache.[ch] on Linux, replacing FAM/gamin
2020-11-04 03:53:15 -05:00
Glenn Strauss 7f8ab9dd29 [core] stat_cache_entry reference counting
future: should probably create fd cache separate from stat_cache,
        perhaps along w/ http-specific fields like etag and content_type
        and maybe even mmap
2020-10-20 11:51:48 -04:00
Glenn Strauss fe02111888 [multiple] stat_cache_path_stat() for struct st
stat_cache_path_stat() for cached (struct st *)
2020-10-19 21:40:14 -04:00
Glenn Strauss d8e5e21eb7 [core] stat_cache_get_entry_open()
simple interface to cache open file by extending struct stat_cache_entry

future: should probably create fd cache separate from stat_cache,
        perhaps along w/ http-specific fields like etag and content_type
2020-10-19 21:40:14 -04:00
Glenn Strauss 7d368cd7a5 [core] stat_cache_path_isdir() 2020-10-13 22:31:07 -04:00
Glenn Strauss 86e5f09062 [core] perf adjustments to avoid load miss 2020-10-11 12:19:27 -04:00
Glenn Strauss d334eaf1ee [core] uint32_t is plenty large for path names 2020-07-09 23:45:04 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change)
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
2020-07-08 19:54:29 -04:00
Glenn Strauss 66bdd96d36 [core] isolate stat_cache subsystem
stat_cache.c no longer directly uses struct server *srv
2020-07-08 19:54:29 -04:00
Glenn Strauss 68d8d4c532 [multiple] stat_cache singleton 2020-07-08 19:54:28 -04:00
Glenn Strauss 50bdb55de8 [multiple] connection hooks no longer get (srv *)
(explicit (server *) not passed; available in con->srv)
2020-07-08 19:54:28 -04:00
Glenn Strauss 0fcd51438d [core] create http chunk header on the stack
streamline code in http_chunk.c
2020-07-08 19:54:28 -04:00
Glenn Strauss 2ec70f234a [core] stat_cache_path_contains_symlink use errh
use log_error() with con->errh
2020-07-08 18:08:52 -04:00
Glenn Strauss ed62e354ff [core] use config_plugin_values_init() 2020-07-08 18:08:51 -04:00
Glenn Strauss 146ea6bad0 [mod_webdav] invalidate parent dir in stat_cache
invalidate directory in stat_cache when a new file or dir is created
within that directory
2019-05-09 21:09:52 -04:00
Glenn Strauss 8cc189f4c6 [stat_cache] FAM: improve monitoring, cache 16 sec
improve FAM monitoring to use reference counting in internal cache

revalidate entries upon use after 16 sec to recover from missed events

(see comments in commit for more details about limitations)
2019-05-04 16:36:10 -04:00
Glenn Strauss 57470365a2 [stat_cache] interfaces to invalidate entries 2019-05-04 13:48:22 -04:00
Glenn Strauss 73bfee6308 [stat_cache] separate func for symlink policy chk
Note: historical ToC-ToU race condition still exists in implementation
server.follow-symlink = "disable" is not recommended (default: "enable")
2019-04-29 18:11:15 -04:00
Glenn Strauss 37bd124ae4 [core] pass conf.follow_symlink in more places 2019-03-10 23:22:58 -04:00
Glenn Strauss fb9b8ad8ae [core] mark startup/shutdown funcs cold 2019-02-04 02:25:48 -05:00
Glenn Strauss 04d76e7afd [core] some header cleanup
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
2018-04-08 22:22:23 -04:00
Glenn Strauss b1df38ab6a [core] increase stat_cache abstraction
reduce dependency on struct connection
routines for getting/caching content_type and etag separate from stat
2018-02-02 23:28:38 -05:00
Glenn Strauss 9287c87dcd [core] cleanup: consolidate FAM code in stat_cache 2017-10-29 22:37:29 -04:00
Glenn Strauss 0cc7556aec [core] perf: stat_cache_mimetype_by_ext()
shared code to get mimetype string via longest extension match
(attempts to match file basename, then longest ext, then "")

Note: this is a behavior change from simple suffix match
      if there are 16 or more entries in mimetypes.assign
2017-04-15 03:42:28 -04:00
Glenn Strauss e116479731 [core] make stat_cache private to stat_cache.c 2017-03-28 02:17:33 -04:00
Glenn Strauss a65c57a548 [core] open fd when appending file to cq (fixes #2655)
http_chunk_append_file() opens fd when appending file to chunkqueue.
Defers calculation of content length until response is finished.

This reduces race conditions pertaining to stat() and then (later)
open(), when the result of the stat() was used for Content-Length
or to generate chunked headers.

Note: this does not change how lighttpd handles files that are modified
in-place by another process after having been opened by lighttpd --
don't do that.  This *does* improve handling of files that are
frequently modified via a temporary file and then atomically renamed
into place.

mod_fastcgi has been modified to use http_chunk_append_file_range() with
X-Sendfile2 and will open the target file multiple times if there are
multiple ranges.

Note: (future todo) not implemented for chunk.[ch] interfaces used by
range requests in mod_staticfile or by mod_ssi.  Those uses could lead
to too many open fds.  For mod_staticfile, limits should be put in place
for max number of ranges accepted by mod_staticfile.  For mod_ssi,
limits would need to be placed on the maximum number of includes, and
the primary SSI file split across lots of SSI directives should either
copy the pieces or perhaps chunk.h could be extended to allow for an
open fd to be shared across multiple chunks.  Doing either of these
would improve the performance of SSI since they would replace many file
opens on the pieces of the SSI file around the SSI directives.

  "Serving a file that is getting updated can cause an empty response or incorrect content-length error"

Closes #49
2016-04-18 04:27:08 -04:00
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073)
From: Glenn Strauss <>

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-19 15:14:35 +00:00
Stefan Bühler 38f2d1ddd7 cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls
* use log functions
 * convert flags
 * fix handler callback prototype

git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2010-08-06 21:57:15 +00:00
Jan Kneschke 5e134da075 dropped file-cache, added stat-cache and modules ALWAYS cleanup at connection-end
git-svn-id: svn:// 152afb58-edef-0310-8abb-c4023f1b3aa9
2005-08-08 08:22:06 +00:00