From: Willy Tarreau <w@1wt.eu>
Date: Wed, 22 Jul 2020 12:12:45 +0000 (+0200)
Subject: BUG/MAJOR: tasks: don't requeue global tasks into the local queue
X-Git-Tag: v2.3-dev2~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=783afbe93b15da8093424cd116c06171f696ae2f;p=thirdparty%2Fhaproxy.git

BUG/MAJOR: tasks: don't requeue global tasks into the local queue

A bug was introduced by commit 77015abe0 ("MEDIUM: tasks: clean up the
front side of the wait queue in wake_expired_tasks()"): front tasks
that are not yet expired were incorrectly requeued into the local
wait queue instead of the global one. Because of this, the same task
could be found by the same thread on next invocation and be unlinked
without locking, allowing another thread to requeue it in parallel,
and conversely another thread could unlink it while the task was being
walked over, causing all sorts of crashes and endless loops in
wake_expired_tasks() and affiliates.

This bug can easily be triggered by stressing the do_resolve action
in multi-thread (after applying the fixes required to get do_resolve
to work with threads). It certainly is the cause of issue #758.

This must be backported to 2.2 only.
---

diff --git a/src/task.c b/src/task.c
index 1a924c18c0..449857806d 100644
--- a/src/task.c
+++ b/src/task.c
@@ -315,7 +315,7 @@ void wake_expired_tasks()
 			 */
 			__task_unlink_wq(task);
 			if (tick_isset(task->expire))
-				__task_queue(task, &tt->timers);
+				__task_queue(task, &timers);
 			goto lookup_next;
 		}
 		else {