[master] 57155c045 Close potential race: Do not access a request after HSH_BUSY
Nils Goroll
nils.goroll at uplex.de
Wed Sep 29 15:22:06 UTC 2021
commit 57155c045e9a0027c230880657815a3d56394664
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Wed Sep 29 17:04:47 2021 +0200
Close potential race: Do not access a request after HSH_BUSY
Conceptually, when HSH_Lookup() returns with HSH_BUSY, ownership of
the request has been ceded: Right after Lck_Unlock(&oh->mtx) in
HSH_Lookup(), it could have got picked up from the waitinglist by
another thread and, in the extreme, could already be done with when
HSH_Lookup() returns.
diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
index 24c87bd1b..cb4d3fa1a 100644
--- a/bin/varnishd/cache/cache_req_fsm.c
+++ b/bin/varnishd/cache/cache_req_fsm.c
@@ -555,10 +555,6 @@ cnt_lookup(struct worker *wrk, struct req *req)
had_objhead = 1;
wrk->strangelove = 0;
lr = HSH_Lookup(req, &oc, &busy);
- assert(wrk->strangelove >= 0);
- if ((unsigned)wrk->strangelove >= cache_param->vary_notice)
- VSLb(req->vsl, SLT_Notice, "vsl: High number of variants (%d)",
- wrk->strangelove);
if (lr == HSH_BUSY) {
/*
* We lost the session to a busy object, disembark the
@@ -568,6 +564,10 @@ cnt_lookup(struct worker *wrk, struct req *req)
*/
return (REQ_FSM_DISEMBARK);
}
+ assert(wrk->strangelove >= 0);
+ if ((unsigned)wrk->strangelove >= cache_param->vary_notice)
+ VSLb(req->vsl, SLT_Notice, "vsl: High number of variants (%d)",
+ wrk->strangelove);
if (had_objhead)
VSLb_ts_req(req, "Waitinglist", W_TIM_real(wrk));
More information about the varnish-commit
mailing list