httpd spins madly

[Denys Vlasenko]

On Sat, Aug 24, 2013 at 8:25 PM, Zoban Gubich <zobangub at gmail.com> wrote:
> If a CGI or proxied connection is rudely aborted (SIG_{KILL,BUS,SEGV})
> then httpd will spin madly the poll loop in:
>
> networking/httpd.c:1080
> cgi_io_loop_and_exit()
>
> Upon investigation I found that pfd[0].revents == 0x0018 (POLLHUP|POLLERR),
> which leads to empty read, but the pfd[0].fd (STDIN_FILENO) is left open,
> and in the FD list given to poll() which immediately returns to once
> again inform the loop of (POLLHUP|POLLERR) condition of pfd[0].fd.

You are saying that the execution flow enter this if():

count = safe_poll(pfd, ..., -1);
...
if (pfd[0].revents) { ...

But lets look into its body:
                        count = safe_read(STDIN_FILENO, hdr_buf,
sizeof(hdr_buf));
                        if (count > 0) {
                                ...
                        } else {
                                /* no more POST data can be read */
                                post_len = 0;
                        }
                }

On empty read, post_len is set to zero, and then, on next loop iteration
pfd[0].events won't be set, since:

                 if (post_len > 0) {
                                pfd[0].events = POLLIN;


I take it from your bug report that having pfd[0].events zeroed
doesn't prevent POLLHUP|POLLERR from being reported :(

I'll fix it now...