Promex applet is used to dump many metrics. Some of them are related to
a server instance. The applet can be interrupted in the middle of a
dump, for example waiting for output buffer space. In this case, its
context is save to resume dump on the correct instance.
A crash can occur if dump is interrupted during servers loop. If the
server instance is deleted during two scheduling of the promex applet,
its context will still referenced the deleted server on resume.
To fix this, use server refcount to prevent its deletion during parsing.
No backport is needed, despite all stable releases being affected. This
is because promex applet context has been recently rewritten to use
generic pointers. As such, a specific commit will be applied for earlier
releases.
return -1; /* Unexpected and unrecoverable error */
channel_add_input(chn, out.len);
}
+
+ /* Decrement server refcount if it was saved through ctx.p[1]. */
+ srv_drop(ctx->p[1]);
+ if (sv)
+ srv_take(sv);
+
/* Save pointers (0=current proxy, 1=current server, 2=current stats module) of the current context */
ctx->p[0] = px;
ctx->p[1] = sv;
struct promex_metric_filter *flt;
struct eb32_node *node, *next;
+ if (appctx->st1 == PROMEX_DUMPER_SRV) {
+ struct server *srv = objt_server(ctx->p[1]);
+ srv_drop(srv);
+ }
+
list_for_each_entry_safe(ref, back, &ctx->modules, list) {
LIST_DELETE(&ref->list);
pool_free(pool_head_promex_mod_ref, ref);
projects / thirdparty / haproxy.git / commitdiff
