BUG/MEDIUM: cli: make "show fd" thread-safe

The "show fd" command was implemented as a debugging aid but it's not
thread safe. Its features have grown, it can now dump some mux-specific
parts and is being used in production to capture some useful debugging
traces. But it will quickly crash the process when used during an H2 load
test for example, especially when haproxy is built with the DEBUG_UAF
option. It cannot afford not to be thread safe anymore. Let's make use
of the new rendez-vous point using thread_isolate() / thread_release()
to ensure that the data being dumped are not changing under us. The dump
becomes slightly slower under load but now it's safe.

This should be backported to 1.8 along with the rendez-vous point code
once considered stable enough.

diff --git a/src/cli.c b/src/cli.c
index 739107dab633419d04af9d3585682deef1d9d827..ce8635f2be68c4d377de1cd4efe3c5a334ba24e7 100644 (file)
--- a/src/cli.c
+++ b/src/cli.c
@@ -847,10 +847,14 @@ static int cli_io_handler_show_fd(struct appctx *appctx)
                void *ctx = NULL;
                uint32_t conn_flags = 0;
 
+               thread_isolate();
+
                fdt = fdtab[fd];
 
-               if (!fdt.owner)
+               if (!fdt.owner) {
+                       thread_release();
                        goto skip; // closed
+               }
 
                if (fdt.iocb == conn_fd_handler) {
                        conn_flags = ((struct connection *)fdt.owner)->flags;
@@ -916,6 +920,8 @@ static int cli_io_handler_show_fd(struct appctx *appctx)
                                      li->bind_conf->frontend->id);
                }
 
+               thread_release();
+
                chunk_appendf(&trash, "\n");
 
                if (ci_putchk(si_ic(si), &trash) == -1) {