In 1.6-dev2, commit
32990b5 ("MEDIUM: session: remove the task pointer
from the session") introduced a bug which can sometimes crash the process
on resource shortage. When stream_complete() returns -1, it has already
reattached the connection to the stream, then kill_mini_session() is
called and still expects to find the task in conn->owner. Note that
since this commit, the code has moved a bit and is now in stream_new()
but the problem remains the same.
Given that we already know the task around these places, let's simply
pass the task to kill_mini_session().
The conditions currently at risk are :
- failure to initialize filters for the new stream (lack of memory or
any filter returning < 0 on attach())
- failure to attach filters (any filter returning < 0 on stream_start())
- frontend's accept() returning < 0 (allocation failure)
This fix is needed in 1.7 and 1.6.
* disabled and finally kills the file descriptor. This function requires that
* sess->origin points to the incoming connection.
*/
-static void session_kill_embryonic(struct session *sess)
+static void session_kill_embryonic(struct session *sess, struct task *task)
{
int level = LOG_INFO;
struct connection *conn = __objt_conn(sess->origin);
- struct task *task = conn->owner;
unsigned int log = sess->fe->to_log;
const char *err_msg;
if (!(t->state & TASK_WOKEN_TIMER))
return t;
- session_kill_embryonic(sess);
+ session_kill_embryonic(sess, t);
return NULL;
}
return 0;
fail:
- session_kill_embryonic(sess);
+ session_kill_embryonic(sess, task);
return -1;
}
struct session *sess = task->context;
if (conn->flags & CO_FL_ERROR) {
- session_kill_embryonic(sess);
+ session_kill_embryonic(sess, task);
return -1;
}
return 0;
projects / thirdparty / haproxy.git / commitdiff
