git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Amaury Denoyelle <adenoyelle@haproxy.com>
	Thu, 4 Jul 2024 12:54:15 +0000 (14:54 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Thu, 4 Jul 2024 15:28:56 +0000 (17:28 +0200)
commit	95f624540b87e06e7a3c36b8c1ed4d76f0add2dc
tree	3cb4b5af89609124ce2e7bc5189c422e9455434d	tree
parent	1a43b9f32c71267e3cb514aa70a13c75adb20742	commit \| diff

BUG/MEDIUM: quic: prevent crash on accept queue full

Handshake for quic_conn instances runs on a single non-chosen thread. On
completion, listener_accept() is performed to select the less loaded
thread before initializing connection instance. As such, quic_conn
instance is migrated to the thread with its upper connection.

In case accept queue is full, listener_accept() fallback to local accept
mode, which cause the connection to be assigned to the current thread.
However, this is not supported by QUIC as quic_conn instance is left on
the previously selected thread. In most cases, this will cause a
BUG_ON() due to a task manipulation from an outside thread.

To fix this, handle quic_conn thread rebind in multiple steps using the
new extended protocol API. Several operations have been moved from
qc_set_tid_affinity1() to newly defined qc_set_tid_affinity2(), in
particular CID TID update. This ensures that quic_conn instance is not
prematurely accessed on the new thread until accept queue push is
guaranteed to succeed.

qc_reset_tid_affinity() is also newly defined to reassign the newly
created tasks and tasklets to the current thread. This is necessary to
prevent the BUG_ON() crash described above.

This must be backported up to 2.8 after a period of observation. Note
that it depends on previous patch :
MINOR: proto: extend connection thread rebind API

include/haproxy/quic_conn.h		diff \| blob \| blame \| history
src/proto_quic.c		diff \| blob \| blame \| history
src/quic_conn.c		diff \| blob \| blame \| history