From: Willy Tarreau Date: Fri, 19 Nov 2021 16:29:23 +0000 (+0100) Subject: BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found X-Git-Tag: v2.5-dev15~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b15e8a1c96dc370e9c5d47463106b662f123c29e;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found In shctx_row_reserve_hot(), a missing break allows the avail loop to loop for a while after having allocated the required blocks, possibly leading to the point where it could trigger the watchdog after checking up to 2 million blocks. In addition, the extra iteration may leave one block assigned with size zero at the head of the avail list, and mark it as being an isolated chain of 1 block. It's unclear whether this could have had other consequences. There is a non-negligible chance that it addreses bugs #1451 and #1284, as the pattern observed in the loop looks exactly the same as the one reported there in the crashes. It's only marked medium because it is extremely hard to trigger. Here the conditions were reproduced when starting 4k connections at once requesting objects of random sizes between 0 and 20k to store them into a small 1MB cache. However the watchdog will never trigger in such a case so one needs to instrument the functions. Thanks to Sohaib Ahmad and @g0uZ for providing useful traces. This will need to be backported to all stable branches. --- diff --git a/src/shctx.c b/src/shctx.c index 7745403656..7567645a18 100644 --- a/src/shctx.c +++ b/src/shctx.c @@ -111,6 +111,7 @@ struct shared_block *shctx_row_reserve_hot(struct shared_context *shctx, ret->refcount = 1; ret->last_reserved = block; enough = 1; + break; } } count++;