Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Apache2 + PHP5 hardened + mod_suphp MEMLEAK
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
escapechen
n00b
n00b


Joined: 29 Jul 2003
Posts: 7
Location: Frankfurt
PostPosted: Thu Jul 20, 2006 7:03 pm    Post subject: Apache2 + PHP5 hardened + mod_suphp MEMLEAK Reply with quote
Hello guys,

i hope you can help me with tracking down an very odd apache2 problem. I am using apache2, hardened php5 with mod_suphp.

For some reason after a while apache is starting using LOTS of memory. Being on a 64bit system, it wont stop after 2G memory, so i end up with this:

Code:
top - 20:49:21 up 3 days,  9:02,  1 user,  load average: 3.84, 2.36, 1.31
Tasks: 124 total,   2 running, 121 sleeping,   0 stopped,   1 zombie
Cpu(s):  7.0% us, 17.3% sy,  0.0% ni,  0.0% id, 73.8% wa,  0.0% hi,  2.0% si
Mem:   2058888k total,  [/b]2041164k used,    17724k free,      500k buffers
Swap:  9783504k total,  3267104k used,  6516400k free,    24168k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
28702 apache    18   0 7857m 1.8g 1404 D  4.0 94.0   0:17.48 apache2
30841 christos  18   0 79656  10m 6716 D  8.7  0.5   0:00.26 php-cgi
25313 mysql     16   0  316m 8008 1796 S  0.3  0.4   3:02.47 mysqld
18383 apache    16   0 52436 2984 2048 S  0.3  0.1   0:00.04 apache2


i even tried changing the MaxRequestPerChild directive in order to kill the child every 3 requests to prevent memleaks to become bigger and bigger, it didnt help though.

Code:
<IfModule prefork.c>
    StartServers        25
    MinSpareServers     25
    MaxSpareServers     50
    MaxClients         100
    MaxRequestsPerChild  3
</IfModule>


the next thing i tried was to limit the memory in some way but that setting gets ignored? (/etc/security/limits.conf)
Code:
#<domain>      <type>  <item>         <value>
#
apache           hard    memlock         128000
apache           hard    data            128000
apache           hard    stack           256000


I was also using the softlimit tool from djb, which simply stopped apache starting at all.

Well i am simply out of options. I tried different MPMs (used the threaded one first, but that wasnt the problem).

Logfiles error_log / ssl_error_log / suphp_log / suexec.log dont show any weird things.

The only thing that happens shortly before the box is fully stalled, is the kernel trying to kill the process. (2.6.16 hardened r10)


PLEASE HELP and thank you already :)

Marcel
Back to top
View user's profile Send private message
Janne Pikkarainen
Veteran
Veteran


Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
PostPosted: Fri Jul 21, 2006 10:49 am    Post subject: Reply with quote
Probably some borked PHP script or eternal redirection loop is causing this. Have you tried to make Apache behave with ulimit and/or pam_limits?

First try with this

Code:
ulimit -d 380000 -l 380000 -m 380000 -v 380000
/etc/init.d/apache2 restart


That makes any process using more than 380 000 kilobytes of memory to go away. In Apache's case this means that its mis-behaving child processes will get terminated but not causing Apache itself die, at least with prefork-mpm. I've used this kind of strategy a long, long time. You may, of course, change the memory usage limit to be whatever you see reasonable.

See if it helps you. For permanent effect you might put that ulimit line to /etc/init.d/apache2 or (maybe better) to /etc/security/limits.conf.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.".
Back to top
View user's profile Send private message
escapechen
n00b
n00b


Joined: 29 Jul 2003
Posts: 7
Location: Frankfurt
PostPosted: Fri Jul 21, 2006 11:20 am    Post subject: Reply with quote
Thanks for the reply,

i think the changes in my limits.conf already reflect those ulimit settings. I am still experiencing those problems though. For now i fixed the MEMLEAK problem by going back to STANDARD php5 without suEXEC and cgi.

But guess what, now i get 99% CPULOAD in return.

Code:
Tasks: 105 total,   2 running, 103 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.3% us,  0.0% sy, 99.7% ni,  0.0% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:   2058888k total,  1088192k used,   970696k free,   180384k buffers
Swap:  9783504k total,   189624k used,  9593880k free,   337444k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                   
  335 apache    38  15  275m  43m 5124 S 96.9  2.2   2:42.78 apache2   
Back to top
View user's profile Send private message
Janne Pikkarainen
Veteran
Veteran


Joined: 29 Jul 2003
Posts: 1143
Location: Helsinki, Finland
PostPosted: Fri Jul 21, 2006 11:22 am    Post subject: Reply with quote
Enable Apache's server status in httpd.conf and surf to http://yourhost/server-status. Try to spot there which script is consuming all the cpu.
_________________
Yes, I'm the man. Now it's your turn to decide if I meant "Yes, I'm the male." or "Yes, I am the Unix Manual Page.".
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy