git.ipfire.org Git - thirdparty/haproxy.git/commit

author	William Lallemand <wlallemand@haproxy.org>
	Wed, 21 Jun 2023 07:44:18 +0000 (09:44 +0200)
committer	William Lallemand <wlallemand@haproxy.org>
	Wed, 21 Jun 2023 07:44:18 +0000 (09:44 +0200)
commit	117b03ff4af5a93bf4ed68fa1b71bd35333866b8
tree	0fe2a8b3272acbcbc7dcba3f25f1a9adfd2abdb4	tree \| snapshot
parent	b9739808535d417ad827e6ebd3d664562f1d6b03	commit \| diff

BUG/MINOR: mworker: leak of a socketpair during startup failure

Aurelien Darragon found a case of leak when working on ticket #2184.

When a reexec_on_failure() happens *BEFORE* protocol_bind_all(), the
worker is not fork and the mworker_proc struct is still there with
its 2 socketpairs.

The socketpair that is supposed to be in the master is already closed in
mworker_cleanup_proc(), the one for the worker was suppposed to
be cleaned up in mworker_cleanlisteners().

However, since the fd is not bound during this failure, the fd is never
closed.

This patch fixes the problem by setting the fd to -1 in the mworker_proc
after the fork, so we ensure that this it won't be close if everything
was done right, and then we try to close it in mworker_cleanup_proc()
when it's not set to -1.

This could be triggered with the script in ticket #2184 and a `ulimit -H
-n 300`. This will fail before the protocol_bind_all() when trying to
increase the nofile setrlimit.

In recent version of haproxy, there is a BUG_ON() in fd_insert() that
could be triggered by this bug because of the global.maxsock check.

Must be backported as far as 2.6.

The problem could exist in previous version but the code is different
and this won't be triggered easily without other consequences in the
master.

src/haproxy.c		diff \| blob \| blame \| history
src/mworker.c		diff \| blob \| blame \| history