This patch makes the cache capable of adding an "Age" header as defined by
rfc7234.
During the storage of new HTTP objects we memorize ->eoh value and
the value of the "Age" header coming from the origin server.
These information may then be reused to return the cached HTTP objects
with a new "Age" header.
This patch implements analysers for parsing the CLI and extra features
for the master's CLI.
For each command (sent alone, or separated by ; or \n) the request
analyser will determine to which server it should send the request.
The 'mode cli' proxy is able to parse a prefix for each command which is
used to select the apropriate server. The prefix start by @ and is
followed by "master", the PID preceded by ! or the relative PID. (e.g.
@master, @1, @!1234). The servers are not round-robined anymore.
The command is sent with a SHUTW which force the server to close the
connection after sending its response. However the proxy allows a
keepalive connection on the client side and does not close.
The response analyser does not do much stuff, it only reinits the
connection when it received a close from the server, and forward the
response. It does not analyze the response data.
The only guarantee of the end of the response is the close of the
server, we can't rely on the double \n since it's not send by every
command.
This patch introduces mworker_cli_proxy_new_listener() which allows the
creation of new listeners for the CLI proxy.
Using this function it is possible to create new listeners from the
program arguments with -Sa <unix_socket>. It is allowed to create
multiple listeners with several -Sa.
This patch implements a listen proxy within the master. It uses the
sockpair of all the workers as servers.
In the current state of the code, the proxy is only doing round robin on
the CLI of the workers. A CLI mode will be needed to know to which CLI
send the requests.
Willy Tarreau [Thu, 25 Oct 2018 12:02:47 +0000 (14:02 +0200)]
MINOR: stream-int: don't needlessly call si_cs_send() in si_cs_process()
There's a call there to si_cs_send() while we're supposed to come from
si_cs_io_cb() which has just done it. But in fact we can also come here
as a lower layer callback from ->wake() after a connection is established.
Since most of the time we'll end up here with either no data in the buffer
or a blocked output, let's simply check if we're already susbcribed to send
events before calling si_cs_send().
Willy Tarreau [Thu, 25 Oct 2018 11:55:20 +0000 (13:55 +0200)]
MINOR: stream-int: make stream_int_notify() not wake the tasklet up
stream_int_notify() is I/O agnostic and should not wake up the tasklet,
it's up to si_cs_process() to do that, just like si_applet_wake_cb()
does it for the applet.
Willy Tarreau [Thu, 25 Oct 2018 11:49:49 +0000 (13:49 +0200)]
MINOR: stream-int: don't needlessly call tasklet_wakeup() in stream_int_chk_snd_conn()
This one was added by commit 53216e7db ("MEDIUM: connections: Don't
directly mess with the polling from the upper layers.") after the
removal of the conditional cs_want_send() call. But after analysis
it turned out that it's not needed since the si_cs_send() call will
either succeed or subscribe.
Willy Tarreau [Sun, 28 Oct 2018 12:32:08 +0000 (13:32 +0100)]
MEDIUM: stream-int: call si_cs_process() in stream_int_update_conn
Calling si_cs_send() alone is always dangerous because it can result
in the loss of an event if it manages to empty the buffer. Indeed, in
this case it's critical to call si_chk_rcv() on the opposite stream-int.
Given that si_cs_process() takes care of all this, let's call it instead.
All this code could possibly be refined soon to avoid redoing the whole
stream_int_notify() and do it only after a send(), but at the moment it's
not important.
Willy Tarreau [Thu, 25 Oct 2018 09:06:57 +0000 (11:06 +0200)]
MEDIUM: stream-int: make si_update() synchronize flag changes before the I/O
With the new synchronous si_cs_send() at the end of process_stream(),
we're seeing re-appear the I/O layer specific part of the stream interface
which is supposed to deal with I/O event subscription. The only difference
is that now we subscribe to I/Os only after having attempted (and failed)
them.
This patch brings a cleanup in this by reintroducing stream_int_update_conn()
with the send code from process_stream(). However this alone would not be
enough because the flags which are cleared afterwards would result in the
loss of the possible events (write events only at the moment). So the flags
clearing and stream-int state updates are also performed inside si_update()
between the generic code and the I/O specific code. This definitely makes
sense as after this call we can simply check again for channel and SI flag
changes and decide to loop once again or not.
Willy Tarreau [Thu, 25 Oct 2018 08:42:39 +0000 (10:42 +0200)]
MEDIUM: stream: don't try to send first in process_stream()
The rationale here is that we should never need to try to send() at the
beginning of process_stream() because :
- if something was pending, it's very unlikely that it was unblocked
and not sent just between the last poll() and the wakeup instant.
- if something pending was recently sent, then we don't have anything
to send anymore.
So at first glance it doesn't seem like there could be any valid case
where trying to send before entering the function brings any benefit.
Willy Tarreau [Thu, 25 Oct 2018 08:28:27 +0000 (10:28 +0200)]
MEDIUM: stream: always call si_cs_recv() after a failed buffer allocation
If a buffer allocation failed, we have SI_FL_WAIT_ROOM set and c_size(buf)
being zero. It's the only moment where we have a new opportunity to try to
allocate this buffer. However we don't want to waste our time trying this
if both are non-null since it indicates missing room without any changed
condition.
Willy Tarreau [Thu, 25 Oct 2018 08:21:41 +0000 (10:21 +0200)]
MEDIUM: stream-int: replace channel_alloc_buffer() with si_alloc_ibuf() everywhere
Well that's only 3 places (applet.c, stream_interface.c, hlua.c). This
ensures we always clear SI_FL_WAIT_ROOM before setting it on failure,
so that it is granted that SI_FL_WAIT_ROOM always indicates a lack of
room for doing an operation, including the inability to allocate a
buffer for this.
Willy Tarreau [Thu, 25 Oct 2018 08:16:07 +0000 (10:16 +0200)]
MINOR: stream-int: add si_alloc_ibuf() to ease input buffer allocation
This will supersed channel_alloc_buffer() while relying on it. It will
automatically adjust SI_FL_WAIT_ROOM on the stream-int depending on
success or failure to allocate this buffer.
It's worth noting that it could make sense to also set SI_FL_WANT_PUT
each time we do this to further simplify the code at user places such
as applets, but it would possibly not be easy to clean this flag
everywhere an rx operation stops.
Willy Tarreau [Sun, 28 Oct 2018 12:44:36 +0000 (13:44 +0100)]
MINOR: stream: don't prune variables if the list is empty
The vars_prune() and vars_init() functions involve locking while most of
the time there is no variable at all in streams nor sessions. Let's check
for emptiness before calling these functions. Simply doing this has
increased the multithreaded performance from 1.5 to 5% depending on the
workload.
Lukas Tribus [Sat, 27 Oct 2018 18:07:40 +0000 (20:07 +0200)]
BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
While "option prefer-last-server" only applies to non-deterministic load
balancing algorithms, 401/407 responses actually caused haproxy to prefer
the last server unconditionally.
As this breaks deterministic load balancing algorithms like uri, this
patch applies the same condition here.
Should be backported to 1.8 (together with "BUG/MINOR: only mark
connections private if NTLM is detected").
Lukas Tribus [Sat, 27 Oct 2018 18:06:59 +0000 (20:06 +0200)]
BUG/MINOR: only mark connections private if NTLM is detected
Instead of marking all connections that see a 401/407 response private
(for connection reuse), this patch detects a RFC4559/NTLM authentication
scheme and restricts the private setting to those connections.
This is so we can reuse connections with 401/407 responses with
deterministic load balancing algorithms later (which requires another fix).
This fixes the problem reported here by Elliot Barlas :
Willy Tarreau [Wed, 24 Oct 2018 15:17:56 +0000 (17:17 +0200)]
MEDIUM: channel: merge back flags CF_WRITE_PARTIAL and CF_WRITE_EVENT
The behaviour of the flag CF_WRITE_PARTIAL was modified by commit 95fad5ba4 ("BUG/MAJOR: stream-int: don't re-arm recv if send fails") due
to a situation where it could trigger an immediate wake up of the other
side, both acting in loops via the FD cache. This loss has caused the
need to introduce CF_WRITE_EVENT as commit c5a9d5bf, to replace it, but
both flags express more or less the same thing and this distinction
creates a lot of confusion and complexity in the code.
Since the FD cache now acts via tasklets, the issue worked around in the
first patch no longer exists, so it's more than time to kill this hack
and to restore CF_WRITE_PARTIAL's semantics (i.e.: there has been some
write activity since we last left process_stream).
This patch mostly reverts the two commits above. Only the part making
use of CF_WROTE_DATA instead of CF_WRITE_PARTIAL to detect the loss of
data upon connection setup was kept because it's more accurate and
better suited.
MINOR: cache: Avoid usage of atoi() when parsing "max-object-size".
With this patch we avoid parsing "max-object-size" with atoi() and we store its
value as an unsigned int to prevent bad implicit conversion issues especially
when we compare it with others unsigned value (content length).
With this patch we check that shctx_init() does not returns 0.
This is possible if the maxblocks argument, which is passed as an
int, is negative due to an implicit conversion.
BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
With this patch we support cache size larger than 2047 (MB) and prevent haproxy from crashing when "total-max-size" is parsed as negative values by atoi().
The limit at parsing time is 4095 MB (UINT_MAX >> 20).
This patch adds "max-object-size" option to the cache to limit
the size in bytes of the HTTP objects to be cached. When not provided,
the maximum size of an HTTP object is a 256th of the cache size.
This patch makes the capable of storing HTTP objects larger than a buffer.
It makes usage of the "block by block shared object allocation" new shctx API.
A new pointer to struct shared_block has been added to the cache applet
context to memorize the next block to be used by the HTTP cache I/O handler
http_cache_io_handler() to emit the data. Another member, named "sent" memorize
the number of bytes already sent by this handler. So, to send an object from cache,
http_cache_io_handler() must be called until "sent" counter reaches the size
of this object.
MINOR: shctx: Shared objects block by block allocation.
This patch makes shctx capable of storing objects in several parts,
each parts being made of several blocks. There is no more need to
walk through until reaching the end of a row to append new blocks.
A new pointer to a struct shared_block member, named last_reserved,
has been added to struct shared_block so that to memorize the last block which was
reserved by shctx_row_reserve_hot(). Same thing about "last_append" pointer which
is used to memorize the last block used by shctx_row_data_append() to store the data.
Willy Tarreau [Tue, 23 Oct 2018 12:40:23 +0000 (14:40 +0200)]
BUG/MEDIUM: pools: fix the minimum allocation size
Fred reported a random crash related to the pools. This was introduced
by commit e18db9e98 ("MEDIUM: pools: implement a thread-local cache for
pool entries") because the minimum pool item size should have been
increased to 32 bytes to accommodate the 2 double-linked lists.
Willy Tarreau [Mon, 22 Oct 2018 09:49:15 +0000 (11:49 +0200)]
MINOR: proxy: add a new option "http-use-htx"
This option makes a proxy use only HTX-compatible muxes instead of the
HTTP-compatible ones for HTTP modes. It must be set on both ends, this
is checked at parsing time.
BUG/MEDIUM: stream-int: don't set SI_FL_WAIT_ROOM on CF_READ_DONTWAIT
With the previous connection model, when we purposely decided to stop
receiving in order to avoid polling after a complete request was received
for example, it was needed to set SI_FL_WAIT_ROOM to prevent receive
polling from being re-armed. Now with the new subscription-based model
there is no such thing anymore and there is noone to remove this flag
either. Thus if a request takes more than one packet to come in or
spans over too many packets, this flag will cause it to wait forever.
Let's simply remove this flag now.
This patch should not be backported since older versions still need
that this flag is set here to stop receiving.
Willy Tarreau [Wed, 17 Oct 2018 07:24:56 +0000 (09:24 +0200)]
MINOR: freq_ctr: add swrate_add_scaled() to work with large samples
Some samples representing time will cover more than one sample at once
if they are units of time per time. For this we'd need to have the
ability to loop over swrate_add() multiple times but that would be
inefficient. By developing the function elevated to power N, it's
visible that some coefficients quickly disappear and that those which
remain at the first order more or less compensate each other.
Thus a simplified version of this function was added to provide a single
value for a given number of samples. Tests with multiple values, window
sizes and sample sizes have shown that it is possible to make it remain
surprisingly accurate (typical error < 0.2% over various large window
and sample sizes, even samples representing up to 1/4 of the window).
Willy Tarreau [Sun, 21 Oct 2018 18:28:30 +0000 (20:28 +0200)]
[RELEASE] Released version 1.9-dev4
Released version 1.9-dev4 with the following main changes :
- BUILD: Allow configuration of pcre-config path
- DOC: clarify force-private-cache is an option
- BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
- REORG: http: move the code to different files
- REORG: http: move HTTP rules parsing to http_rules.c
- CLEANUP: http: remove some leftovers from recent cleanups
- BUILD: Makefile: add a "make opts" target to simply show the build options
- BUILD: Makefile: speed up compiler options detection
- BUG/MINOR: backend: check that the mux installed properly
- BUG/MEDIUM: h2: check that the connection is still valid at the end of init()
- BUG/MEDIUM: h2: make h2_stream_new() return an error on memory allocation failure
- REGTEST/MINOR: compatibility: use unix@ instead of abns@ sockets
- MINOR: ssl: cleanup old openssl API call
- MINOR: ssl: generate-certificates for BoringSSL
- BUG/MEDIUM: buffers: Make sure we don't wrap in ci_insert_line2/b_rep_blk.
- MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
- CLEANUP: haproxy: Remove unused variable
- CLEANUP: h1: Fix debug warnings for h1 headers
- CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
- MEDIUM: task: perform a single tree lookup per run queue batch
- BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
- BUG/MINOR: threads: move declaration of capabilities to config.h
- OPTIM: tools: optimize my_ffsl() for x86_64
- BUG/MINOR: h2: null-deref
- BUG/MINOR: checks: queues null-deref
- MINOR: connections: Introduce an unsubscribe method.
- MEDIUM: connections: Change struct wait_list to wait_event.
- BUG/MEDIUM: h2: Make sure we're not in the send list on flow control.
- BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
- BUG/MEDIUM: stream: Make sure to unsubscribe before si_release_endpoint.
- MINOR: http: Move comment about some HTTP macros in the right header file
- MINOR: stats: Add missing include
- MINOR: http: Export some functions and do cleanup to prepare HTTP refactoring
- MEDIUM: http: Ignore http-pretend-keepalive option on frontend
- MEDIUM: http: Ignore http-tunnel option on backend
- MINOR: http: Use same flag for httpclose and forceclose options
- MINOR: h1: Add EOH marker during headers parsing
- MINOR: conn-stream: Add CL_FL_NOT_FIRST flag
- MINOR: h1: Change the union h1_sl to use indirect strings to store infos
- MINOR: h1: Add the flag H1_MF_NO_PHDR to not add pseudo-headers during parsing
- MINOR: log: make sess_log() support sess=NULL
- MINOR: chunk: add chunk_cpy() and chunk_cat()
- MEDIUM: h2: stop relying on H2_SS_IDLE / H2_SS_CLOSED
- CLEANUP: h2: rename h2c_snd_settings() to h2c_send_settings()
- MINOR: h2: don't try to send data before preface
- MINOR: h2: unify the mux init function
- MINOR: h2: retrieve the front proxy from the caller instead of the session
- MINOR: h2: split h2c_stream_new() into h2s_new() + h2c_frt_stream_new()
- MINOR: h2: add a new flag to quickly distinguish front vs back connection
- BUG/MEDIUM: mworker: don't poll on LI_O_INHERITED listeners
- BUG/MEDIUM: stream: don't crash on out-of-memory
- BUILD: compiler: add a new statement "__unreachable()"
- BUILD: lua: silence some compiler warnings about potential null derefs
- BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
- BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
- BUILD: stick-table: make sure not to fail on task_new() during initialization
- BUILD: peers: check allocation error during peers_init_sync()
- MINOR: tools: add a new function atleast2() to test masks for more than 1 bit
- MINOR: config: use atleast2() instead of my_popcountl() where relevant
- MEDIUM: fd/threads: only grab the fd's lock if the FD has more than one thread
- MAJOR: tasks: create per-thread wait queues
- OPTIM: tasks: group all tree roots per cache line
- DOC: Fix a few typos
- MINOR: pools: allocate most memory pools from an array
- MINOR: pools: split pool_free() in the lockfree variant
- MEDIUM: pools: implement a thread-local cache for pool entries
- BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
- Revert "BUILD: lua: silence some compiler warnings about potential null derefs"
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings after WILL_LJMP
- BUILD: Makefile: silence an option conflict warning with clang
- MINOR: server: Use memcpy() instead of strncpy().
- CLEANUP: state-file: make the path concatenation code a bit more consistent
- MINOR: build: Disable -Wstringop-overflow.
- MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
- MINOR: peers: use defines instead of enums to appease clang.
- DOC: fix reference to map files in MAINTAINERS
- MINOR: fd: centralize poll timeout computation in compute_poll_timeout()
- MINOR: poller: move time and date computation out of the pollers
- BUILD: memory: fix pointer declaration for atomic CAS
- BUILD: Makefile: add USE_RT to pass -lrt for clock_gettime() and friends
- MINOR: time: add now_mono_time() and now_cpu_time()
- MEDIUM: time: measure the time stolen by other threads
- BUILD: memory: fix free_list pointer declaration again for atomic CAS
- BUILD: compiler: rename __unreachable() to my_unreachable()
- BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
- BUILD: memory: fix free_list pointer declaration again for atomic CAS
- BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
- BUG/MEDIUM: connections: Remove subscription if going in idle mode.
- BUG/MEDIUM: stream: Make sure polling is right on retry.
- MINOR: h2: Make sure to return 1 in h2_recv() when needed.
- MEDIUM: connections: Don't directly mess with the polling from the upper layers.
- MINOR: streams: Call tasklet_free() after si_release_endpoint().
- MINOR: connection: Add a SUB_CALL_UNSUBSCRIBE event.
- MINOR: h2: Don't run tasks that are waiting to send if mux in full.
- MINOR: ebtree: save 8 bytes in struct eb32sc_node
Willy Tarreau [Sun, 21 Oct 2018 04:52:11 +0000 (06:52 +0200)]
MINOR: ebtree: save 8 bytes in struct eb32sc_node
There is a 4-bytes hole in this structure after the eb_node and the
last field is 4-bytes as well, resulting in a total of 64 bytes with
8 bytes holes. Just moving the key after the eb_node (like in eb32_node)
fills the hole and reduces the structure's size by 8 bytes.
Olivier Houchard [Fri, 19 Oct 2018 15:24:29 +0000 (17:24 +0200)]
MINOR: h2: Don't run tasks that are waiting to send if mux in full.
We wake up all the streams waiting to send data when we have space available
in the mux buffer. Doing so means we probably wake way too many streams,
because after a few the buffer will probably be full instead. So keep a
list of all the streams that are about to send data, and if we detect that
the buffer is full, unschedule the tasks and put the streams back to the
send_list.
Olivier Houchard [Thu, 18 Oct 2018 14:22:02 +0000 (16:22 +0200)]
MINOR: streams: Call tasklet_free() after si_release_endpoint().
Make sure we call tasklet_free() only after si_release_endpoint(), when the
unsubscribe() method has been called, so that we're sure the mux won't
attempt to access the taslet.
Olivier Houchard [Wed, 10 Oct 2018 13:46:36 +0000 (15:46 +0200)]
MEDIUM: connections: Don't directly mess with the polling from the upper layers.
Avoid using conn_xprt_want_send/recv, and totally nuke cs_want_send/recv,
from the upper layers. The polling is now directly handled by the connection
layer, it is activated on subscribe(), and unactivated once we got the event
and we woke the related task.
Olivier Houchard [Fri, 19 Oct 2018 15:26:49 +0000 (17:26 +0200)]
MINOR: h2: Make sure to return 1 in h2_recv() when needed.
In h2_recv(), return 1 if we have data available, or if h2_recv_allowed()
failed, to be sure h2_process() is called.
Also don't subscribe if our buffer is full.
Olivier Houchard [Sun, 21 Oct 2018 01:18:11 +0000 (03:18 +0200)]
BUG/MEDIUM: stream: Make sure polling is right on retry.
When retrying to connect to a server, because the previous connection failed,
make sure if we subscribed to the previous connection, the polling flags will
be true for the new fd.
Olivier Houchard [Sat, 20 Oct 2018 22:32:01 +0000 (00:32 +0200)]
BUG/MEDIUM: connections: Remove subscription if going in idle mode.
Make sure we don't have any subscription when the connection is going in
idle mode, otherwise there's a race condition when the connection is
reused, if there are still old subscriptions, new ones won't be done.
Olivier Houchard [Sat, 20 Oct 2018 23:52:59 +0000 (01:52 +0200)]
BUILD: memory: fix free_list pointer declaration again for atomic CAS
Similary to what's been done in 7a6ad88b02d8b74c2488003afb1a7063043ddd2d,
take into account that free_list that free_list is a void **, and so use
a void ** too when attempting to do a CAS.
Willy Tarreau [Sat, 20 Oct 2018 15:37:38 +0000 (17:37 +0200)]
BUILD: memory: fix free_list pointer declaration again for atomic CAS
Commit ac6c880 ("BUILD: memory: fix pointer declaration for atomic CAS")
attemtped to fix a build warning affecting the lock-free version of the
pool allocator. But the fix tried to hide the cause instead of addressing
it, thus clang still complains about (void **) not matching (void ***).
The real solution is to declare free_list (void **) and not to use a cast.
Now this builds fine with gcc/clang with and without threads.
Willy Tarreau [Wed, 17 Oct 2018 17:01:24 +0000 (19:01 +0200)]
MEDIUM: time: measure the time stolen by other threads
The purpose is to detect if threads or processes are competing for the
same CPU. This can happen when threads are incorrectly bound, or after a
reload if the previous process still has an important activity. With
threads this situation is problematic because a preempted thread holding
a lock will block other ones waiting for this lock to be released.
A first attempt consisted in measuring the cumulated lost time more
precisely but the system's scheduler is smart enough to try to limit the
thread preemption rate by mostly context switching during poll()'s blank
periods, so most of the time lost is not seen. In essence this is good
because it means a thread is not preempted with a lock held, and even
regarding the rendez-vous point it cannot prevent the other ones from
making progress. But still it happens tens to hundreds of times per
second that a thread might be preempted, so it's still possible to detect
that the situation is happening, thus it's interesting to measure and
report its frequency.
Each time we enter the poller, we check the CPU time spent working and
see if we've lost time doing something else. To limit false positives,
we're only interested in losses of 500 microseconds or more (i.e. half
a clock tick on a 1 kHz system). If so, it indicates that some time was
stolen by another thread or process. Note that we purposely store some
sub-millisecond counters so that under heavy traffic with a 1 kHz clock,
it's still possible to measure something without being subject to the
risk of rounding errors (i.e. if exactly 1 ms is stolen it's possible
that the time difference could often be slightly lower).
This counter of lost CPU time slots time is reported in "show activity"
in numbers of milliseconds of CPU lost per second, per 15s, and total
over the process' life. By definition, the per-second counter cannot
report values larger than 1000 per thread per second and the 15s one
will be limited to 15000/s in the worst case, but it's possible that
peak values exceed such thresholds after long pauses.
Willy Tarreau [Wed, 17 Oct 2018 16:59:53 +0000 (18:59 +0200)]
MINOR: time: add now_mono_time() and now_cpu_time()
These two functions retrieve respectively the monotonic clock time and
the per-thread CPU time when available on the platform, or return zero.
These syscalls may require to link with -lrt on certain libc, which is
enabled in the Makefile with USE_RT=1 (default on Linux systems).
Willy Tarreau [Thu, 18 Oct 2018 14:28:54 +0000 (16:28 +0200)]
BUILD: Makefile: add USE_RT to pass -lrt for clock_gettime() and friends
Some code will require clock_gettime() which needs -lrt on most Linux
distros (those with glibc < 2.17). For this reason, this patch introduces
USE_RT to enable -lrt, which is implicitly set for all Linux flavors,
since it's harmless to link with it on more recent ones. Those who know
they can safely get rid of -lrt can remove it using "USE_RT=".
Willy Tarreau [Thu, 18 Oct 2018 14:12:28 +0000 (16:12 +0200)]
BUILD: memory: fix pointer declaration for atomic CAS
The calls to HA_ATOMIC_CAS() on the lockfree version of the pool allocator
were mistakenly done on (void*) for the old value instead of (void **).
While this has no impact on "recent" gcc, it does have one for gcc < 4.7
since the CAS was open coded and it's not possible to assign a temporary
variable of type "void".
Willy Tarreau [Wed, 17 Oct 2018 12:31:19 +0000 (14:31 +0200)]
MINOR: poller: move time and date computation out of the pollers
By placing this code into time.h (tv_entering_poll() and tv_leaving_poll())
we can remove the logic from the pollers and prepare for extending this to
offer more accurate time measurements.
Willy Tarreau [Wed, 17 Oct 2018 09:25:54 +0000 (11:25 +0200)]
MINOR: fd: centralize poll timeout computation in compute_poll_timeout()
The 4 pollers all contain the same code used to compute the poll timeout.
This is pointless, let's centralize this into fd.h. This also gets rid of
the useless SCHEDULER_RESOLUTION macro which used to work arond a very old
linux 2.2 bug causing select() to wake up slightly before the timeout.
Willy Tarreau [Tue, 16 Oct 2018 17:26:12 +0000 (19:26 +0200)]
CLEANUP: state-file: make the path concatenation code a bit more consistent
There are as many ways to build the globalfilepathlen variable as branches
in the if/then/else, creating lots of confusion. Address the most obvious
parts, but some polishing definitely is still needed.
Willy Tarreau [Tue, 16 Oct 2018 16:11:34 +0000 (18:11 +0200)]
BUILD: Makefile: silence an option conflict warning with clang
clang complains that -fno-strict-overflow is not used when -fwrapv is
used, which breaks the build when -Werror is used. Let's introduce a
cc-opt-alt function to emit the former only then the latter is not
supported (since it implies the former).
Willy Tarreau [Tue, 16 Oct 2018 15:57:36 +0000 (17:57 +0200)]
BUILD: lua: silence some compiler warnings after WILL_LJMP
These ones are on error paths that are properly handled by luaL_error()
which does a longjmp() but the compiler cannot know it. By adding an
__unreachable() statement in WILL_LJMP(), there is no ambiguity anymore.
This may be backported to 1.8 but these previous patches are needed first :
- BUILD: compiler: add a new statement "__unreachable()"
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
Willy Tarreau [Tue, 16 Oct 2018 15:52:55 +0000 (17:52 +0200)]
MINOR: lua: all functions calling lua_yieldk() may return
There was a mistake when tagging functions which always use longjmp and
those which may use it in that all those supposed to call lua_yieldk()
may return without calling longjmp. Thus they must not use WILL_LJMP()
but MAY_LJMP(). It has zero impact on the code emitted as such, but
prevents other fixes from being properly implemented : this was the
cause of the previous failure with the __unreachable() calls.
This may be backported to older versions. It may or may not apply
well depending on the context, though the change simply consists in
replacing "WILL_LJMP(hlua_yieldk" with "MAY_LJMP(hlua_yieldk", and
same with the single call to lua_yieldk() in hlua_yieldk().
Willy Tarreau [Tue, 16 Oct 2018 15:37:12 +0000 (17:37 +0200)]
BUILD: lua: silence some compiler warnings about potential null derefs (#2)
Here we make sure that appctx is always taken from the unchecked value
since we know it's an appctx, which explains why it's immediately
dereferenced. A missing test was added to ensure that task_new() does
not return a NULL.
It breaks Lua causing some timeouts. Removing the __unreachable() statement
from WILL_LJMP() fixes it. It's very strange and unclear whether it's an
issue with WILL_LJMP() not fullfilling its promise of not returning, if
the code emitted with __unreachable() gets broken, or anything else. Let's
revert this for now.
Willy Tarreau [Tue, 16 Oct 2018 14:11:56 +0000 (16:11 +0200)]
BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
There is a bug in this function used to release other threads. It leaves
the current thread marked as harmless. If after this another thread does
a thread_isolate(), but before the first one reaches poll(), the second
thread will believe it's alone while it's not.
This must be backported to 1.8 since the rendez-vous point was merged
into 1.8.14.
Willy Tarreau [Tue, 16 Oct 2018 08:28:54 +0000 (10:28 +0200)]
MEDIUM: pools: implement a thread-local cache for pool entries
Each thread now keeps the last ~512 kB of freed objects into a local
cache. There are some heuristics involved so that a specific pool cannot
use more than 1/8 of the total cache in number of objects. Tests have
shown that 512 kB is an optimal size on a 24-thread test running on a
dual-socket machine, resulting in an overall 7.5% performance increase
and a cache miss ratio reducing from 19.2 to 17.7%. Anyway it seems
pointless to keep more than an L2 cache, which probably explains why
sizes between 256 and 512 kB are optimal.
Cached objects appear in two lists, one per pool and one LRU to help
with fair eviction. Currently there is no way to check each thread's
cache state nor to flush it. This cache cannot be disabled and is
enabled as soon as the lockless pools are enabled (i.e.: threads are
enabled, no pool debugging is in use and the CPU supports a double word
CAS).
Willy Tarreau [Tue, 16 Oct 2018 05:58:39 +0000 (07:58 +0200)]
MINOR: pools: allocate most memory pools from an array
For caching it will be convenient to have indexes associated with pools,
without having to dereference the pool itself. One solution could consist
in replacing all pool pointers with integers but this would limit the
number of allocatable pools. Instead here we allocate the 32 first pools
from a pre-allocated array whose base address is known so that it's trivial
to convert a pool to an index in this array. Pools that cannot fit there
will be allocated normally.
Willy Tarreau [Mon, 15 Oct 2018 14:12:48 +0000 (16:12 +0200)]
OPTIM: tasks: group all tree roots per cache line
Currently we have per-thread arrays of trees and counts, but these
ones unfortunately share cache lines and are accessed very often. This
patch moves the task-specific stuff into a structure taking a multiple
of a cache line, and has one such per thread. Just doing this has
reduced the cache miss ratio from 19.2% to 18.7% and increased the
12-thread test performance by 3%.
It starts to become visible that we really need a process-wide per-thread
storage area that would cover more than just these parts of the tasks.
The code was arranged so that it's easy to move the pieces elsewhere if
needed.
Willy Tarreau [Mon, 15 Oct 2018 12:52:21 +0000 (14:52 +0200)]
MAJOR: tasks: create per-thread wait queues
Now we still have a main contention point with the timers in the main
wait queue, but the vast majority of the tasks are pinned to a single
thread. This patch creates a per-thread wait queue and queues a task
to the local wait queue without any locking if the task is bound to a
single thread (the current one) otherwise to the shared queue using
locking. This significantly reduces contention on the wait queue. A
test with 12 threads showed 11 ms spent in the WQ lock compared to
4.7 seconds in the same test without this change. The cache miss ratio
decreased from 19.7% to 19.2% on the 12-thread test, and its performance
increased by 1.5%.
Another indirect benefit is that the average queue size is divided
by the number of threads, which roughly removes log(nbthreads) levels
in the tree and further speeds up lookups.
Willy Tarreau [Mon, 15 Oct 2018 07:44:46 +0000 (09:44 +0200)]
MEDIUM: fd/threads: only grab the fd's lock if the FD has more than one thread
The vast majority of FDs are only seen by one thread. Currently the lock
on FDs costs a lot because it's touched often, though there should be very
little contention. This patch ensures that the lock is only grabbed if the
FD is shared by more than one thread, since otherwise the situation is safe.
Doing so resulted in a 15% performance boost on a 12-threads test.
Willy Tarreau [Mon, 15 Oct 2018 09:18:03 +0000 (11:18 +0200)]
BUILD: peers: check allocation error during peers_init_sync()
peers_init_sync() doesn't check task_new()'s return value and doesn't
return any result to indicate success or failure. Let's make it return
an int and check it from the caller.
Willy Tarreau [Mon, 15 Oct 2018 09:12:15 +0000 (11:12 +0200)]
BUILD: stick-table: make sure not to fail on task_new() during initialization
Gcc reports a potential null-deref error in the stick-table init code.
While not critical there, it's trivial to fix. This check has been
missing since 1.4 so this fix can be backported to all supported versions.
Willy Tarreau [Mon, 15 Oct 2018 09:01:59 +0000 (11:01 +0200)]
BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
Gcc 6.4 detects a potential null-deref warning in smp_fetch_ssl_fc_cl_str().
This one is not real since already addressed a few lines above. Let's use
__objt_conn() instead of objt_conn() to avoid the extra test that confuses
it.
Willy Tarreau [Mon, 15 Oct 2018 09:55:18 +0000 (11:55 +0200)]
BUILD: lua: silence some compiler warnings about potential null derefs
These ones are on error paths that are properly handled by luaL_error()
which does a longjmp() but the compiler cannot know it. By adding an
__unreachable() statement in WILL_LJMP(), there is no ambiguity anymore.
This may be backported to 1.8 but the previous patch (BUILD: compiler:
add a new statement "__unreachable()") is needed for this.
projects / thirdparty / haproxy.git / log
