BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.

wake_srv_chk() can be called from conn_fd_handler(), and may decide to
destroy the conn_stream and the connection, by calling cs_close(). If that
happens, we have to make sure the tasklet isn't scheduled to run, or it will
probably crash trying to access the connection or the conn_stream.
This fixes a crash that can be seen when using tcp checks.

This should be backported to 1.9 and 2.0.
For 1.9, the call should be instead :
task_remove_from_tasklet_list((struct task *)check->wait_list.task);
That function was renamed in 2.0.

diff --git a/src/checks.c b/src/checks.c
index 68da2a3766f641d7e35ad564f20155bad802d236..d3920ce8da7981b9eac8b1bfe4dbd460f79d273a 100644 (file)
--- a/src/checks.c
+++ b/src/checks.c
@@ -1453,6 +1453,11 @@ static int wake_srv_chk(struct conn_stream *cs)
                conn_sock_drain(conn);
                cs_close(cs);
                ret = -1;
+               /* We may have been scheduled to run, and the
+                * I/O handler expects to have a cs, so remove
+                * the tasklet
+                */
+               tasklet_remove_from_tasklet_list(check->wait_list.tasklet);
                task_wakeup(check->task, TASK_WOKEN_IO);
        }