From: Willy Tarreau Date: Tue, 23 Aug 2022 07:01:30 +0000 (+0200) Subject: BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler X-Git-Tag: v2.7-dev5~70 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8a3f58280f38849095d20769c794d92e2d519781;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: applet: fix incorrect check for abnormal return condition from handler We have quite numerous checks for abnormal applet handler behavior which are supposed to trigger the loop protection. However, consecutive to commit 15252cd9c ("MEDIUM: stconn: move the RXBLK flags to the stream connector") that was merged into 2.6-dev12, one flag was incorrectly renamed, and the check for an applet waiting for a buffer that is present mistakenly turned to a check for missing room in the buffer. This erroneous test could mistakenly trigger on applets that perform intensive I/Os doing small exchanges each (e.g. cache, peers or HTTP client) if the load would be sustained (>100k iops). For the cache this could represent higher than 13 Gbps on an object at least 1.6 GB large for example, which is quite unlikely but theoretically possible. This fix needs to be backported to 2.6. --- diff --git a/src/applet.c b/src/applet.c index c9d0c55bff..197140fb87 100644 --- a/src/applet.c +++ b/src/applet.c @@ -255,7 +255,7 @@ struct task *task_run_applet(struct task *t, void *context, unsigned int state) /* measure the call rate and check for anomalies when too high */ rate = update_freq_ctr(&app->call_rate, 1); if (rate >= 100000 && app->call_rate.prev_ctr && // looped more than 100k times over last second - ((b_size(sc_ib(sc)) && sc->flags & SC_FL_NEED_ROOM) || // asks for a buffer which is present + ((b_size(sc_ib(sc)) && sc->flags & SC_FL_NEED_BUFF) || // asks for a buffer which is present (b_size(sc_ib(sc)) && !b_data(sc_ib(sc)) && sc->flags & SC_FL_NEED_ROOM) || // asks for room in an empty buffer (b_data(sc_ob(sc)) && sc_is_send_allowed(sc)) || // asks for data already present (!b_data(sc_ib(sc)) && b_data(sc_ob(sc)) && // didn't return anything ...