From b15e8a1c96dc370e9c5d47463106b662f123c29e Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 19 Nov 2021 17:29:23 +0100 Subject: [PATCH] BUG/MEDIUM: shctx: leave the block allocator when enough blocks are found In shctx_row_reserve_hot(), a missing break allows the avail loop to loop for a while after having allocated the required blocks, possibly leading to the point where it could trigger the watchdog after checking up to 2 million blocks. In addition, the extra iteration may leave one block assigned with size zero at the head of the avail list, and mark it as being an isolated chain of 1 block. It's unclear whether this could have had other consequences. There is a non-negligible chance that it addreses bugs #1451 and #1284, as the pattern observed in the loop looks exactly the same as the one reported there in the crashes. It's only marked medium because it is extremely hard to trigger. Here the conditions were reproduced when starting 4k connections at once requesting objects of random sizes between 0 and 20k to store them into a small 1MB cache. However the watchdog will never trigger in such a case so one needs to instrument the functions. Thanks to Sohaib Ahmad and @g0uZ for providing useful traces. This will need to be backported to all stable branches. --- src/shctx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/shctx.c b/src/shctx.c index 774540365..7567645a1 100644 --- a/src/shctx.c +++ b/src/shctx.c @@ -111,6 +111,7 @@ struct shared_block *shctx_row_reserve_hot(struct shared_context *shctx, ret->refcount = 1; ret->last_reserved = block; enough = 1; + break; } } count++;