Bug 2217726

Summary: Concurrent DELETE and PROPFIND breaks PROPFIND
Product: Red Hat Enterprise Linux 9 Reporter: Hisanobu Okuda <hokuda>
Component: httpdAssignee: Luboš Uhliarik <luhliari>
Status: CLOSED ERRATA QA Contact: Branislav Náter <bnater>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: jorton, luhliari, mschwabe
Target Milestone: rcKeywords: AutoVerified, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: httpd-2.4.57-5.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-07 08:30:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hisanobu Okuda 2023-06-27 03:07:36 UTC 
Description of problem:
Concurrent DELETE and PROPFIND breaks PROPFIND.
When executing DELETE and PROPFIND at the same time, PROPFIND may return an empty response.

Version-Release number of selected component (if applicable):
httpd-2.4.53-11.el9_2.5.x86_64

How reproducible:


Steps to Reproduce:
1. provide a container and install httpd:

	$ sudo subscription-manager register --force --username <red hat customer portal account name>
	$ podman rm -f rhel9test
	$ podman login registry.redhat.io
	$ podman run -it --privileged --cap-add=SYS_PTRACE --name rhel9test registry.redhat.io/ubi9/ubi
	# dnf install -y --enablerepo rhel-9-for-x86_64-appstream-rpms gdb httpd iproute procps-ng vim
	# dnf debuginfo-install -y glibc httpd

2. create config files:
	# vim /etc/httpd/conf.d/dav.conf
DavLockDB /var/www/davlock/db

Alias /dav /var/www/dav

<Directory /var/www/dav>
    LogLevel trace8
    Dav On
    DirectoryIndex disabled
</Directory>

	# vim /etc/httpd/conf.d/mpm.conf
ServerLimit             4
StartServers            1
MinSpareThreads         1
MaxSpareThreads         4
ThreadsPerChild         4
MaxRequestWorkers       1000

3. create dav contents:

	# mkdir /var/www/dav
	# mkdir /var/www/davlock
	# chmod 777 /var/www/dav /var/www/davlock
	# for i in x y z; do touch /var/www/dav/$i; chown apache:apache /var/www/dav/$i; done

4. start httpd:

	# nohup /usr/sbin/httpd -DFOREGROUND &

5. attach gdb:

	# ps -ef | grep httpd
	# gdb -p <largest PID of httpd processes>

6. set break points:

	(gdb) b unlink
	(gdb) b lstat

7. run PROPFIND on another shell:

	$ podman exec -it rhel9test /bin/bash
	curl "http://localhost/dav/" -X PROPFIND -i -H 'Depth:1' -d '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:allprop/></D:propfind>'

8. run DELETE on another shell:

	$ podman exec -it rhel9test /bin/bash
	curl -v "http://localhost/dav/z" -X DELETE

9. enter 'c' to gdb prompt several times:

	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c
	(gdb) c

Then, you can observe the empty response and the error message in error_log:

# curl "http://localhost/dav/" -X PROPFIND -i -H 'Depth:1' -d '<?xml version="1.0" encoding="utf-8"?><D:propfind xmlns:D="DAV:"><D:allprop/></D:propfind>'
curl: (52) Empty reply from server

error_log:
[Wed Jun 07 08:04:32.922724 2023] [dav:error] [pid 354:tid 380] [client ::1:46944] Provider encountered an error while streaming a multistatus PROPFIND response.  [404, #0]

Actual results:


Expected results:


Additional info:
Comment 1 Joe Orton 2023-06-27 12:50:29 UTC 
Thanks for the detailed report!

The problem is the stat() here is failing after reading the directory.
https://github.com/apache/httpd/blob/66254273e22a5b4051d15d7423b86a5d884b4ee5/modules/dav/fs/repos.c#L1613

We might be able to skip aborting the connection in the case of an ENOENT error here which seems reasonably harmless.
Comment 27 errata-xmlrpc 2023-11-07 08:30:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: httpd and mod_http2 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6403