[Varnish] #144: Race in backend socket address replacement.

Varnish varnish-bugs at projects.linpro.no
Tue Aug 7 12:40:32 CEST 2007

#144: Race in backend socket address replacement.
 Reporter:  anders                     |        Owner:  phk     
     Type:  defect                     |       Status:  assigned
 Priority:  normal                     |    Milestone:          
Component:  varnishd                   |      Version:  1.1     
 Severity:  normal                     |   Resolution:          
 Keywords:  varnishd core dump sig 10  |  
Changes (by phk):

  * priority:  high => normal
  * status:  new => assigned
  * severity:  major => normal
  * summary:  Varnishd core dumps because of bus error => Race in backend
              socket address replacement.


 there is a race in the backend code where failure to connect to the
 backend will trigger a new socket address lookup (DNS or numeric).

 However, other threads may be using the old address still.

 I have minimized the race so that undefined data is not present at any
 time, and that reduces the propability and changes the failure mode to
 access to free'ed memory.

 The right solution needs a bit of thinking, but it is something along the
 lines of caching the socket address in the vbe at a point where we have
 the lock anyway, and then do the replacement (but not the actual lookup!)
 under lock.

Ticket URL: <http://varnish.projects.linpro.no/ticket/144#comment:1>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list