Race condition in storeClose() from Adrian Chadd on 2000-11-22 (squid-dev)

From: Adrian Chadd <adrian@dont-contact.us>
Date: Wed, 22 Nov 2000 23:36:14 +0800

Ok,

Can someone check my logic here ?

If there's a problem with an client FD, it will destroy the connection.
Eventually it hits storeUnregister(), but it doesn't check if there are
pending disk IOs (and close them if they DO exist.)

I think this is a bad thing, and could be causing our problems with
random memory trashings, since a pending read would complete, and
you'd overwrite the memory if you're not careful.

The diskd code doesn't check (correctly to me) in storeDiskdReadDone()
to make sure the IO is still valid.

The aufs code has the concept of a cancelled disk op, but one of
the crashes Andres showed me in private indicates that the IO isn't
being cancelled through aioCancel() (from aioClose()) at the
"correct" place.

Obviously, ufs isn't a problem. :-)

So, ideas here? Should the FS handle killing pending disk IOs on a
storeIOState on a storeClose() / storeUnlink() ? Or should we
implement a storeCancel() call to cancel an IO, which is called from
storeUnregister() .. ?

Or, or, or .. ? :-)

People running squid-HEAD / squid-2.4 and aufs, and can replicate
the crashes, please try this patch just to try:

Index: store_io_aufs.c
===================================================================
RCS file: /server/cvs-server/squid/squid/src/fs/aufs/store_io_aufs.c,v
retrieving revision 1.5
diff -u -r1.5 store_io_aufs.c
--- store_io_aufs.c 2000/11/10 21:42:03 1.5
+++ store_io_aufs.c 2000/11/22 15:15:55
@@ -143,7 +143,7 @@
        sio->swap_dirn, sio->swap_filen, aiostate->fd);
     if (storeAufsSomethingPending(sio)) {
        aiostate->flags.close_request = 1;
- return;
+ /* return; */
     }
     storeAufsIOCallback(sio, DISK_OK);
}

.. to replicate this on my linux box I would run an aufs squid at a
highish throughput (90-100 req is that on my box), and after a minute
or two hit ctrl-C on polyclt. This generates lots of dead clients,
which triggers this bug pretty reliably.

adrian

-- 
Adrian Chadd			"God: Damn! I left pot everywhere!
<adrian@creative.net.au>	  Now I'll have to create Republicans!"
				    - Bill Hicks

Received on Wed Nov 22 2000 - 08:36:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:00 MST