RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2024-12-21 20:00:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
efc46dede9
haproxy/src
History
Willy Tarreau efc46dede9 DEBUG: pools: inspect pools on fatal error and dump information found 
It's a bit frustrating sometimes to see pool checks catch a bug but not
provide exploitable information without a core.

Here we're adding a function "pool_inspect_item()" which is called just
before aborting in pool_check_pattern() and POOL_DEBUG_CHECK_MARK() and
which will display the error type, the pool's pointer and name, and will
try to check if the item's tag matches the pool, and if not, will iterate
over all pools to see if one would be a better candidate, then will try
to figure the last known caller and possibly other likely candidates if
the pool's tag is not sufficiently trusted. This typically helps better
diagnose corruption in use-after-free scenarios, or freeing to a pool
that differs from the one the object was allocated from, and will also
indicate calling points that may help figure where an object was last
released or allocated. The info is printed on stderr just before the
backtrace.

For example, the recent off-by-one test in the PPv2 changes would have
produced the following output in vtest logs:

  ***  h1    debug|FATAL: pool inconsistency detected in thread 1: tag mismatch on free().
  ***  h1    debug|  caller: 0x62bb87 (conn_free+0x147/0x3c5)
  ***  h1    debug|  pool: 0x2211ec0 ('pp_tlv_256', size 304, real 320, users 1)
  ***  h1    debug|Tag does not match. Possible origin pool(s):
  ***  h1    debug|  tag: @0x2565530 = 0x2216740 (pp_tlv_128, size 176, real 192, users 1)
  ***  h1    debug|Recorded caller if pool 'pp_tlv_128':
  ***  h1    debug|  @0x2565538 (+0184) = 0x62c76d (conn_recv_proxy+0x4cd/0xa24)

A mismatch in the allocated/released pool is already visible, and the
callers confirm it once resolved, where the allocator indeed allocates
from pp_tlv_128 and conn_free() releases to pp_tlv_256:

  $ addr2line -spafe ./haproxy <<< $'0x62bb87\n0x62c76d'
  0x000000000062bb87: conn_free at connection.c:568
  0x000000000062c76d: conn_recv_proxy at connection.c:1177
2023-09-11 15:46:14 +02:00
..
acl.c MINOR: acl: add acl() sample fetch 2023-08-01 10:49:06 +02:00
action.c
activity.c MINOR: checks: maintain counters of active checks per thread 2023-09-01 08:26:06 +02:00
applet.c NUG/MEDIUM: stconn: Always update stream's expiration date after I/O 2023-09-06 09:29:27 +02:00
arg.c
auth.c
backend.c MAJOR: connection: purge idle conn by last usage 2023-08-25 15:57:48 +02:00
base64.c
cache.c MINOR: cache: Change hash function in default normalizer used in case of "vary" 2023-09-06 16:11:31 +02:00
calltrace.c
cbuf.c
cfgcond.c
cfgdiag.c
cfgparse-global.c BUG/MINOR: quic: Wrong cluster secret initialization 2023-09-08 09:50:58 +02:00
cfgparse-listen.c REORG: cfgparse: extract curproxy as a global variable 2023-08-01 10:48:28 +02:00
cfgparse-quic.c
cfgparse-ssl.c MINOR: ssl: add support for 'curves' keyword on server lines 2023-09-07 23:29:10 +02:00
cfgparse-tcp.c
cfgparse-unix.c
cfgparse.c REORG: cpuset: move parse_cpu_set() and parse_cpumap() to cpuset.c 2023-09-08 16:25:19 +02:00
channel.c
check.c BUILD: checks: shut up yet another stupid gcc warning 2023-09-04 19:38:51 +02:00
chunk.c MEDIUM: init: initialize the trash earlier 2023-09-08 16:25:19 +02:00
cli.c BUG/MINOR: applet: Always expect data when CLI is waiting for a new command 2023-09-06 09:36:19 +02:00
clock.c
compression.c MINOR: compression/slz: add support for a pure flush of pending bytes 2023-06-30 16:12:36 +02:00
connection.c BUG/MEDIUM: connection: fix pool free regression with recent ppv2 TLV patches 2023-09-04 11:45:37 +02:00
cpuset.c REORG: cpuset: move parse_cpu_set() and parse_cpumap() to cpuset.c 2023-09-08 16:25:19 +02:00
debug.c BUILD: debug: avoid a build warning related to epoll_wait() in debug code 2023-07-02 11:01:37 +02:00
dgram.c
dict.c
dns.c
dynbuf.c DEBUG: pools: always record the caller for uncached allocs as well 2023-09-11 15:19:49 +02:00
eb32sctree.c
eb32tree.c
eb64tree.c
ebimtree.c
ebistree.c
ebmbtree.c
ebpttree.c
ebsttree.c
ebtree.c
errors.c
ev_epoll.c
ev_evports.c
ev_kqueue.c
ev_poll.c
ev_select.c
event_hdl.c
extcheck.c
fcgi-app.c MEDIUM: fcgi-app: properly postresolve logsrvs 2023-09-06 16:06:39 +02:00
fcgi.c
fd.c
filters.c MEDIUM: filters/htx: Don't rely on HTX extra field if payload is filtered 2023-06-20 13:34:46 +02:00
fix.c
flt_bwlim.c BUG/MEDIUM: bwlim: Reset analyse expiration date when then channel analyse ends 2023-08-01 11:33:45 +02:00
flt_http_comp.c
flt_spoe.c MEDIUM: spoe-agent: properly postresolve log rings 2023-09-06 16:06:39 +02:00
flt_trace.c
freq_ctr.c
frontend.c
h1_htx.c BUG/MEDIUM: h1-htx: Ensure chunked parsing with full output buffer 2023-09-04 12:15:36 +02:00
h1.c BUG/MINOR: http: skip leading zeroes in content-length values 2023-08-09 11:28:48 +02:00
h2.c BUG/MINOR: h2: reject more chars from the :path pseudo header 2023-08-08 19:56:41 +02:00
h3_stats.c
h3.c BUG/MINOR: h3: reject more chars from the :path pseudo header 2023-08-08 19:56:41 +02:00
haproxy.c MINOR: cpuset: dynamically allocate cpu_map 2023-09-08 16:25:19 +02:00
hash.c
hlua_fcn.c BUG/MINOR: hlua_fcn: potentially unsafe stktable_data_ptr usage 2023-08-25 11:52:43 +02:00
hlua.c BUG/MINOR: hlua/action: incorrect message on E_YIELD error 2023-09-06 11:42:34 +02:00
hpack-dec.c
hpack-enc.c
hpack-huff.c
hpack-tbl.c
hq_interop.c
http_acl.c
http_act.c MEDIUM: map/acl: Replace map/acl spin lock by a read/write lock. 2023-08-25 15:42:03 +02:00
http_ana.c MINOR: http_ana: position the FINAL flag for http_after_res execution 2023-09-06 11:42:34 +02:00
http_client.c MINOR: log: add dup_logsrv() helper function 2023-09-06 16:06:39 +02:00
http_conv.c
http_ext.c BUG/MINOR: http_ext: unhandled ERR_ABORT in proxy_http_parse_7239() 2023-07-06 15:41:17 +02:00
http_fetch.c MEDIUM: tree-wide: fetches that may return IPV4+IPV6 now return ADDR 2023-07-03 16:32:01 +02:00
http_htx.c
http_rules.c
http.c BUG/MINOR: http: skip leading zeroes in content-length values 2023-08-09 11:28:48 +02:00
htx.c
init.c
jwt.c
lb_chash.c
lb_fas.c
lb_fwlc.c
lb_fwrr.c
lb_map.c
linuxcap.c MEDIUM: capabilities: enable support for Linux capabilities 2023-08-29 11:11:50 +02:00
listener.c MEDIUM: proto_reverse_connect: bootstrap active reverse connection 2023-08-24 17:03:06 +02:00
log.c CLEANUP: log: remove unnecessary trim in __do_send_log 2023-09-06 16:06:39 +02:00
lru.c
mailers.c
map.c MEDIUM: map/acl: Replace map/acl spin lock by a read/write lock. 2023-08-25 15:42:03 +02:00
mjson.c
mqtt.c
mux_fcgi.c MINOR: server: move idle tree insert in a dedicated function 2023-08-25 15:57:48 +02:00
mux_h1.c MINOR: server: move idle tree insert in a dedicated function 2023-08-25 15:57:48 +02:00
mux_h2.c BUG/MEDIUM: mux-h2: fix crash when checking for reverse connection after error 2023-08-26 17:05:19 +02:00
mux_pt.c
mux_quic.c MINOR: h3: abort request if not completed before full response 2023-08-04 16:17:16 +02:00
mworker-prog.c
mworker.c MEDIUM: mworker: display a more accessible message when a worker crash 2023-09-05 15:31:04 +02:00
namespace.c
ncbuf.c
pattern.c MEDIUM: map/acl: Replace map/acl spin lock by a read/write lock. 2023-08-25 15:42:03 +02:00
payload.c MEDIUM: tree-wide: fetches that may return IPV4+IPV6 now return ADDR 2023-07-03 16:32:01 +02:00
peers.c MEDIUM: peers: drop the stick-table lock before entering peer_send_teachmsgs() 2023-08-11 19:03:35 +02:00
pipe.c
pool.c DEBUG: pools: inspect pools on fatal error and dump information found 2023-09-11 15:46:14 +02:00
proto_quic.c
proto_reverse_connect.c MEDIUM: h2: prevent stream opening before connection reverse completed 2023-08-24 17:03:08 +02:00
proto_sockpair.c
proto_tcp.c
proto_udp.c
proto_uxdg.c
proto_uxst.c
protocol.c MINOR: quic+openssl_compat: Do not start without "limited-quic" 2023-08-17 15:44:03 +02:00
proxy.c MINOR: log: add dup_logsrv() helper function 2023-09-06 16:06:39 +02:00
qmux_http.c
qmux_trace.c
qpack-dec.c
qpack-enc.c
qpack-tbl.c
queue.c
quic_ack.c MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements 2023-07-27 10:51:03 +02:00
quic_cc_cubic.c
quic_cc_newreno.c
quic_cc_nocc.c
quic_cc.c
quic_cli.c BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) 2023-09-05 17:14:51 +02:00
quic_conn.c BUG/MINOR: quic: fdtab array underflow access 2023-09-11 15:14:22 +02:00
quic_frame.c MINOR: quic: Add a trace to quic_release_frm() 2023-09-04 11:29:35 +02:00
quic_loss.c BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) 2023-09-05 17:14:51 +02:00
quic_openssl_compat.c BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels 2023-07-31 15:18:36 +02:00
quic_rx.c BUG/MINOR: quic: Wrong cluster secret initialization 2023-09-08 09:50:58 +02:00
quic_sock.c BUG/MEDIUM: quic: fix tasklet_wakeup loop on connection closing 2023-08-11 17:04:20 +02:00
quic_ssl.c BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code 2023-08-21 15:35:17 +02:00
quic_stats.c
quic_stream.c
quic_tls.c MINOR: quic: Add a new quic_ack.c C module for QUIC acknowledgements 2023-07-27 10:51:03 +02:00
quic_tp.c
quic_trace.c BUG/MINOR: quic: Wrong RTT computation (srtt and rrt_var) 2023-09-05 17:14:51 +02:00
quic_tx.c CLEANUP: quic: Remove useless free_quic_tx_pkts() function. 2023-09-08 10:17:25 +02:00
raw_sock.c
regex.c
resolvers.c
ring.c MINOR: ring: add a function to compute max ring payload 2023-09-06 16:06:39 +02:00
sample.c MINOR: sample: implement the T* timer tags from the log-format as fetches 2023-07-26 17:44:38 +02:00
server_state.c BUG/MINOR: server-state: Avoid warning on 'file not found' 2023-07-21 15:08:27 +02:00
server.c MAJOR: connection: purge idle conn by last usage 2023-08-25 15:57:48 +02:00
session.c MINOR: connection: prepare init code paths for active reverse 2023-08-24 17:02:37 +02:00
sha1.c
shctx.c
signal.c
sink.c MEDIUM: sink: add sink_finalize() function 2023-09-06 16:06:39 +02:00
slz.c IMPORT: slz: implement a synchronous flush() operation 2023-06-30 16:12:36 +02:00
sock_inet.c
sock_unix.c
sock.c
ssl_ckch.c MINOR: properly mark the end of the CLI command in error messages 2023-09-04 18:13:43 +02:00
ssl_crtlist.c
ssl_ocsp.c
ssl_sample.c MEDIUM: ssl: new sample fetch method to get curve name 2023-07-17 15:45:41 +02:00
ssl_sock.c MINOR: ssl: add support for 'curves' keyword on server lines 2023-09-07 23:29:10 +02:00
ssl_utils.c
stats.c MINOR: tasks/stats: report the number of niced tasks in "show info" 2023-09-06 17:44:44 +02:00
stconn.c NUG/MEDIUM: stconn: Always update stream's expiration date after I/O 2023-09-06 09:29:27 +02:00
stick_table.c BUG/MINOR: stktable: allow sc-add-gpc from tcp-request connection 2023-08-14 09:03:49 +02:00
stream.c BUG/MEDIUM: stconn/stream: Forward shutdown on write timeout 2023-09-06 09:29:27 +02:00
task.c
tcp_act.c MINOR: connection: use attach-srv name as SNI reuse parameter on reverse 2023-08-24 17:02:34 +02:00
tcp_rules.c
tcp_sample.c MINOR: sample: accept_date / request_date return %Ts / %tr timestamp values 2023-07-24 17:12:29 +02:00
tcpcheck.c
thread.c MEDIUM: threads: detect excessive thread counts vs cpu-map 2023-09-04 19:39:17 +02:00
time.c
tools.c MINOR: tools: add function read_line_to_trash() to read a line of a file 2023-09-08 16:25:19 +02:00
trace.c MINOR: sink/api: pass explicit maxlen parameter to sink_write() 2023-07-10 18:28:08 +02:00
uri_auth.c
uri_normalizer.c
vars.c
version.c
wdt.c
xprt_handshake.c
xprt_quic.c MINOR: quic: Release asap quic_conn memory from ->close() xprt callback. 2023-08-08 14:59:17 +02:00