[Varnish] #144: Race in backend socket address replacement.
Varnish
varnish-bugs at projects.linpro.no
Tue Aug 7 12:40:32 CEST 2007
#144: Race in backend socket address replacement.
---------------------------------------+------------------------------------
Reporter: anders | Owner: phk
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: varnishd | Version: 1.1
Severity: normal | Resolution:
Keywords: varnishd core dump sig 10 |
---------------------------------------+------------------------------------
Changes (by phk):
* priority: high => normal
* status: new => assigned
* severity: major => normal
* summary: Varnishd core dumps because of bus error => Race in backend
socket address replacement.
Comment:
there is a race in the backend code where failure to connect to the
backend will trigger a new socket address lookup (DNS or numeric).
However, other threads may be using the old address still.
I have minimized the race so that undefined data is not present at any
time, and that reduces the propability and changes the failure mode to
access to free'ed memory.
The right solution needs a bit of thinking, but it is something along the
lines of caching the socket address in the vbe at a point where we have
the lock anyway, and then do the replacement (but not the actual lookup!)
under lock.
--
Ticket URL: <http://varnish.projects.linpro.no/ticket/144#comment:1>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list