[Varnish] #418: Segfault in cnt_lookup

Varnish varnish-bugs at projects.linpro.no
Wed Jan 14 21:42:24 CET 2009

#418: Segfault in cnt_lookup
 Reporter:  sky     |        Owner:  sky   
     Type:  defect  |       Status:  closed
 Priority:  normal  |    Milestone:        
Component:  build   |      Version:  trunk 
 Severity:  normal  |   Resolution:  fixed 
 Keywords:          |  
Changes (by phk):

  * status:  new => closed
  * resolution:  => fixed


 Fixed in r3512 and r3513:

 After HSH_Lookup() returns NULL indicating a busy object, we diddled
 the session a bit to transfer the per-request stats to the session
 counters with SES_Charge().

 Not only was it inconsistent to charge accounting data in the middle
 of a request, it was also illegal because after the hash lock was
 released we no longer owned the session.

 Once a system is under sufficient load that there is a queue for the
 CPU, a race could happen where upon hitting a busy object, the hash lock
 was released, another thread would schedule, finish the busy object,
 start the sessions on the waiting list, finish off the request we had
 and then when we get the cpu again and access it, it's gone.

 The previous commit (r3512) eliminated the need to call SES_Charge,
 this commit removes the (option) shmlog message inside the hash lock
 thus, hopefully, eliminating the race that caused #418.

Ticket URL: <http://varnish.projects.linpro.no/ticket/418#comment:2>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list