From: Willy Tarreau Date: Tue, 5 Feb 2019 12:37:19 +0000 (+0100) Subject: BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes X-Git-Tag: v2.0-dev1~62 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2bdcfde4260ac9115b8a0b7aa916975799273ea9;p=thirdparty%2Fhaproxy.git BUG/MAJOR: spoe: verify that backends used by SPOE cover all their callers' processes When a filter is installed on a proxy and references spoe, we must be absolutely certain that the whole chain is valid on a given process when running in multi-process mode. The problem here is that if a proxy 1 runs on process 1, referencing an SPOE agent itself based on a backend running on process 2, this last one will be completely deinited on process 1, and will thus cause random crashes when it gets messages from this proess. This patch makes sure that the whole chain is valid on all of the caller's processes. This fix must be backported to all spoe-enabled maintained versions. It may potentially disrupt configurations which already randomly crash. There hardly is any intermediary solution though, such configurations need to be fixed. --- diff --git a/src/flt_spoe.c b/src/flt_spoe.c index b9b33accbd..f9a529f219 100644 --- a/src/flt_spoe.c +++ b/src/flt_spoe.c @@ -3063,6 +3063,14 @@ spoe_check(struct proxy *px, struct flt_conf *fconf) return 1; } + if (px->bind_proc & ~target->bind_proc) { + ha_alert("Proxy %s : backend '%s' used by SPOE agent '%s' declared" + " at %s:%d does not cover all of its processes.\n", + px->id, target->id, conf->agent->id, + conf->agent->conf.file, conf->agent->conf.line); + return 1; + } + free(conf->agent->b.name); conf->agent->b.name = NULL; conf->agent->b.be = target;