From: Willy Tarreau Date: Fri, 17 Jul 2020 12:37:51 +0000 (+0200) Subject: BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed X-Git-Tag: v2.3-dev1~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=273aea479de6c50a1a4f2cc329aa91ef11f8a829;p=thirdparty%2Fhaproxy.git BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed In run_tasks_from_task_list() we may free some tasks that have been killed. Before doing so we unlink them from the wait queue. But if such a task is in the global wait queue, the queue isn't locked so this can result in corrupting the global task list and causing loops or crashes. It's very likely one cause of issue #758. This must be backported to 2.2. For 2.1 there doesn't seem to be any case where a task could be freed this way while in the global queue, but it doesn't cost much to apply the same change (the code is in process_runnable_task there). --- diff --git a/src/task.c b/src/task.c index ea3d808308..1a924c18c0 100644 --- a/src/task.c +++ b/src/task.c @@ -476,8 +476,7 @@ unsigned int run_tasks_from_lists(unsigned int budgets[]) else if (!(state & TASK_KILLED) && process != NULL) t = process(t, ctx, state); else { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); sched->current = NULL; __ha_barrier_store(); @@ -500,8 +499,7 @@ unsigned int run_tasks_from_lists(unsigned int budgets[]) state = _HA_ATOMIC_AND(&t->state, ~TASK_RUNNING); if (unlikely(state & TASK_KILLED)) { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); } else if (state & TASK_WOKEN_ANY)