mirror of
https://github.com/haproxy/haproxy.git
synced 2026-04-07 01:55:55 -04:00
44cf545000
Dmitry Sivachenko reported an embarrassing problem where haproxy would sometimes segfault upon reload. After careful analysis and code inspection, what happens is related to the "show sess" command on the CLI, and it is not limited to reload operations only. When a "show sess" is running, once the output buffer is full, the stats applet grabs a reference to the session being dumped in order for the current pointer to be able to advance by itself should this session disappear while the buffer is full. The applet also uses a release handler that is called when the applet terminates to release such references. The problem is that upon error, the command line parser sets the applet state to STAT_CLI_O_END indicating it wants to terminate the processing. Unfortunately, the release handler which is called later to clean everything up relies on the applet's state to know what operations were in progress, and as such it does not release the reference. A later "show sess" or the completion of the task being watched lead to a LIST_DEL() on the task's list which point to a location that does not match the applet's reference list anymore and the process dies. One solution to this would be to add a flag to the current applet's state mentionning it must leave, without affecting the state indicating the current operation. It's a bit invasive but could be the long term solution. The short term solution simply consists in calling the release handler just before changing the state to STAT_CLI_O_END. That way everything that must be released is released in time. Note that the probability to encounter this issue is very low. It requires a lot of "show sess" or "show sess all" calls, and that one of them dies before being completed. That can happen if "show sess" is run in scripts which truncate the output (eg: "echo show sess|socat|head"). This could be the worst case as it almost ensures that haproxy fills a buffer, grabs a reference and detects the error on the socket. There's no config-based workaround to this issue, except refraining from issuing "show sess" on large connection counts or "show sess all". If that's not possible to block everyone, restricting permissions on the stats socket ensures only authorized tools can connect. This fix must be backported to 1.5 and to 1.4 (with some changes in 1.4 since the release function does not exist so the LIST_DEL sequence must be open-coded). Special thanks to Dmitry for the fairly complete report. |
||
|---|---|---|
| .. | ||
| acl.c | ||
| appsession.c | ||
| arg.c | ||
| auth.c | ||
| backend.c | ||
| base64.c | ||
| buffer.c | ||
| cfgparse.c | ||
| channel.c | ||
| checks.c | ||
| chunk.c | ||
| compression.c | ||
| connection.c | ||
| cttproxy.c | ||
| dumpstats.c | ||
| ev_epoll.c | ||
| ev_kqueue.c | ||
| ev_poll.c | ||
| ev_select.c | ||
| fd.c | ||
| freq_ctr.c | ||
| frontend.c | ||
| haproxy-systemd-wrapper.c | ||
| haproxy.c | ||
| hash.c | ||
| hdr_idx.c | ||
| i386-linux-vsys.c | ||
| lb_chash.c | ||
| lb_fas.c | ||
| lb_fwlc.c | ||
| lb_fwrr.c | ||
| lb_map.c | ||
| listener.c | ||
| log.c | ||
| map.c | ||
| memory.c | ||
| pattern.c | ||
| payload.c | ||
| peers.c | ||
| pipe.c | ||
| proto_http.c | ||
| proto_tcp.c | ||
| proto_uxst.c | ||
| protocol.c | ||
| proxy.c | ||
| queue.c | ||
| raw_sock.c | ||
| rbtree.c | ||
| regex.c | ||
| sample.c | ||
| server.c | ||
| session.c | ||
| sessionhash.c | ||
| shctx.c | ||
| signal.c | ||
| ssl_sock.c | ||
| standard.c | ||
| stick_table.c | ||
| stream_interface.c | ||
| task.c | ||
| time.c | ||
| trace.c | ||
| uri_auth.c | ||