2cadfe2340
There is a possible segfault when accessing qc->timer_task in quic_conn_io_cb() without testing it. It seems however very rare as it requires several condition to be encounter. * quic_conn must be in CLOSING state after having sent a CONNECTION_CLOSE which free the qc.timer_task * quic_conn handshake must still be in progress : in fact, qc.timer_task is accessed on this path because of the anti-amplification limit lifted. I was unable thus far to trigger it but benchmarking tests seems to have fire it with the following backtrace as a result : #0 _task_wakeup (f=4096, caller=0x5620ed004a40 <_.46868>, t=0x0) at include/haproxy/task.h:195 195 state = _HA_ATOMIC_OR_FETCH(&t->state, f); [Current thread is 1 (Thread 0x7fc714ff1700 (LWP 14305))] (gdb) bt #0 _task_wakeup (f=4096, caller=0x5620ed004a40 <_.46868>, t=0x0) at include/haproxy/task.h:195 #1 quic_conn_io_cb (t=0x7fc5d0e07060, context=0x7fc5d0df49c0, state=<optimized out>) at src/quic_conn.c:4393 #2 0x00005620ecedab6e in run_tasks_from_lists (budgets=<optimized out>) at src/task.c:596 #3 0x00005620ecedb63c in process_runnable_tasks () at src/task.c:861 #4 0x00005620ecea971a in run_poll_loop () at src/haproxy.c:2913 #5 0x00005620ecea9cf9 in run_thread_poll_loop (data=<optimized out>) at src/haproxy.c:3102 #6 0x00007fc773c3f609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0 #7 0x00007fc77372d133 in clone () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) up #1 quic_conn_io_cb (t=0x7fc5d0e07060, context=0x7fc5d0df49c0, state=<optimized out>) at src/quic_conn.c:4393 4393 task_wakeup(qc->timer_task, TASK_WOKEN_MSG); (gdb) p qc $1 = (struct quic_conn *) 0x7fc5d0df49c0 (gdb) p qc->timer_task $2 = (struct task *) 0x0 This fix should be backported up to 2.6. (cherry picked from commit 5ac6b3b12504e86a5be478b28f219a758e042fd7) Signed-off-by: William Lallemand <wlallemand@haproxy.org> (cherry picked from commit e8d7fdf498e37ced00683159ca2797018e93b37c) Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)