From: Christopher Faulet Date: Thu, 21 Aug 2025 14:27:42 +0000 (+0200) Subject: BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval X-Git-Tag: v3.3-dev8~120 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a498e527b412d8b66e27d2175bfad3101f6dbedb;p=thirdparty%2Fhaproxy.git BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval It is possible to miss a synchronous write event in process_stream() if the stream was woken up on a write event. In that case, it is possible to freeze the stream until the next I/O event or timeout. Concretely, the stream is woken up with CF_WRITE_EVENT on a channel. this flag is removed from the channel when we leave proces_stream(). But before leaving process_stream(), when a synchronous send is tried on this channel, the flag is removed and eventually set again on success. But this event is masked by the previous one, and the channel is not resync as it should be. To fix the bug, CF_READ_EVENT and CF_WRITE_EVENT flags are removed from a channel after the corresponding analysers evaluation. This way, we will be able to detect a successful synchronous send to restart analysers evaluation based on the new channel state. It is safe (or it should be) to do so becaues these flags are only used by analysers and tested to resync the stream inside process_stream(). It is a very old bug and I guess all versions are affected. It was observed on 2.9 and higher, and with the master/worker only. But it could affect any stream. It is tagged a MAJOR because this area is really sensitive to any change. This patch should fix the issue #3070. It should probably be backported to all stable versions, but only after a period of observation and with a special care because this area is really sensitive to changes. It is probably reasonnable to backport it as far as 3.0 and wait for older versions. Thanks to Valentine for its help on this issue ! --- diff --git a/src/stream.c b/src/stream.c index b94e682dc..470079d06 100644 --- a/src/stream.c +++ b/src/stream.c @@ -2067,7 +2067,7 @@ struct task *process_stream(struct task *t, void *context, unsigned int state) rq_prod_last = scf->state; rq_cons_last = scb->state; - req->flags &= ~CF_WAKE_ONCE; + req->flags &= ~(CF_WAKE_ONCE|CF_READ_EVENT|CF_WRITE_EVENT); rqf_last = req->flags; scf_flags = (scf_flags & ~(SC_FL_EOS|SC_FL_ABRT_DONE|SC_FL_ABRT_WANTED)) | (scf->flags & (SC_FL_EOS|SC_FL_ABRT_DONE|SC_FL_ABRT_WANTED)); scb_flags = (scb_flags & ~(SC_FL_SHUT_DONE|SC_FL_SHUT_WANTED)) | (scb->flags & (SC_FL_SHUT_DONE|SC_FL_SHUT_WANTED)); @@ -2142,7 +2142,7 @@ struct task *process_stream(struct task *t, void *context, unsigned int state) rp_cons_last = scf->state; rp_prod_last = scb->state; - res->flags &= ~CF_WAKE_ONCE; + res->flags &= ~(CF_WAKE_ONCE|CF_READ_EVENT|CF_WRITE_EVENT); rpf_last = res->flags; scb_flags = (scb_flags & ~(SC_FL_EOS|SC_FL_ABRT_DONE|SC_FL_ABRT_WANTED)) | (scb->flags & (SC_FL_EOS|SC_FL_ABRT_DONE|SC_FL_ABRT_WANTED)); scf_flags = (scf_flags & ~(SC_FL_SHUT_DONE|SC_FL_SHUT_WANTED)) | (scf->flags & (SC_FL_SHUT_DONE|SC_FL_SHUT_WANTED));