BUG/MINOR: listener: close tiny race between resume_listener() and stopping

Pierre Cheynier reported a very rare race condition on soft-stop in the
listeners. What happens is that if a previously limited listener is
being resumed by another thread finishing an accept loop, and at the
same time a soft-stop is performed, the soft-stop will turn the
listener's state to LI_INIT, and once the listener's lock is released,
resume_listener() in the second thread will try to resume this listener
which has an fd==-1, yielding a crash in listener_set_state():

  FATAL: bug condition "l->rx.fd == -1" matched at src/listener.c:288

The reason is that resume_listener() only checks for LI_READY, but doesn't
consider being called with a non-initialized or a stopped listener. Let's
also make sure we don't try to ressuscitate such a listener there.

This will have to be backported to all versions.

(cherry picked from commit d1ebee1774)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 87a566b86d0e7c2af9c59ef1c6ba1681c3b4fd21)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
This commit is contained in:
Willy Tarreau 2023-01-19 11:34:21 +01:00 committed by Christopher Faulet
parent 4b9991f443
commit 7b27b7d06e

View File

@ -530,6 +530,10 @@ int resume_listener(struct listener *l, int lpx)
if (l->state == LI_READY) if (l->state == LI_READY)
goto end; goto end;
/* the listener might have been stopped in parallel */
if (l->state < LI_PAUSED)
goto end;
if (l->rx.proto->resume) if (l->rx.proto->resume)
ret = l->rx.proto->resume(l); ret = l->rx.proto->resume(l);