RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-20 10:40:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: quic: prevent crash on qc_kill_conn()

Browse Source 
Ensure idle_timer task is allocated in qc_kill_conn() before waking it
up. It can be NULL if idle timer has already fired but MUX layer is
still present, which prevents immediate quic_conn release.

qc_kill_conn() is only used on send() syscall fatal error to notify
upper layer of an error and close the whole connection asap.

This crash occurence is pretty rare as it relies on timing issues. It
happens only if idle timer occurs before the MUX release (a bigger
client timeout is thus required) and any send() syscall detected error.
For now, it was only reproduced using GDB to interrupt haproxy longer
than the idle timeout.

This should be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2024-06-04 11:56:09 +02:00
parent 792a645ec2
commit f7ae84e7d1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/quic_conn.c
View File

@ -161,6 +161,8 @@ void qc_kill_conn(struct quic_conn *qc)
TRACE_PROTO("killing the connection", QUIC_EV_CONN_KILL, qc); TRACE_PROTO("killing the connection", QUIC_EV_CONN_KILL, qc);
qc->flags |= QUIC_FL_CONN_TO_KILL; qc->flags |= QUIC_FL_CONN_TO_KILL;
qc->flags &= ~QUIC_FL_CONN_RETRANS_NEEDED; qc->flags &= ~QUIC_FL_CONN_RETRANS_NEEDED;
if (!(qc->flags & QUIC_FL_CONN_EXP_TIMER))
task_wakeup(qc->idle_timer_task, TASK_WOKEN_OTHER); task_wakeup(qc->idle_timer_task, TASK_WOKEN_OTHER);
qc_notify_err(qc); qc_notify_err(qc);