mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-19 18:28:33 +00:00
BUG/MINOR: quic: prevent crash on qc_kill_conn()
Ensure idle_timer task is allocated in qc_kill_conn() before waking it up. It can be NULL if idle timer has already fired but MUX layer is still present, which prevents immediate quic_conn release. qc_kill_conn() is only used on send() syscall fatal error to notify upper layer of an error and close the whole connection asap. This crash occurence is pretty rare as it relies on timing issues. It happens only if idle timer occurs before the MUX release (a bigger client timeout is thus required) and any send() syscall detected error. For now, it was only reproduced using GDB to interrupt haproxy longer than the idle timeout. This should be backported up to 2.6.
This commit is contained in:
parent
792a645ec2
commit
f7ae84e7d1
@ -161,7 +161,9 @@ void qc_kill_conn(struct quic_conn *qc)
|
||||
TRACE_PROTO("killing the connection", QUIC_EV_CONN_KILL, qc);
|
||||
qc->flags |= QUIC_FL_CONN_TO_KILL;
|
||||
qc->flags &= ~QUIC_FL_CONN_RETRANS_NEEDED;
|
||||
task_wakeup(qc->idle_timer_task, TASK_WOKEN_OTHER);
|
||||
|
||||
if (!(qc->flags & QUIC_FL_CONN_EXP_TIMER))
|
||||
task_wakeup(qc->idle_timer_task, TASK_WOKEN_OTHER);
|
||||
|
||||
qc_notify_err(qc);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user