sync some pathes from upstream
(cherry picked from commit 25cd8bcf224f2c2a73cfb1473fa680ba11c9d0b5)
This commit is contained in:
yangl777
openeuler-sync-bot
parent
8591a94bd7
commit
3e4c12149c
@ -0,0 +1,87 @@
|
||||
From 4fb445fe5769172354d08f4a726f99e9815494c1 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Houchard <ohouchard@haproxy.com>
|
||||
Date: Mon, 23 Dec 2024 14:17:25 +0000
|
||||
Subject: [PATCH] BUG/MEDIUM: queue: Make process_srv_queue return the number
|
||||
of streams
|
||||
|
||||
Make process_srv_queue() return the number of streams unqueued, as
|
||||
pendconn_grab_from_px() did, as that number is used by
|
||||
srv_update_status() to generate logs.
|
||||
|
||||
This should be backported up to 2.6 with
|
||||
111ea83ed4e13ac3ab028ed5e95201a1b4aa82b8
|
||||
|
||||
(cherry picked from commit 5b8899b6ccc7dab3a54a51dcb8ba1512bd0c886c)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit 70588a16903002709cf3c84255ad8ded73f8e584)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit 365378bfdf283650ce1ac152348ca59b6d4c32c1)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://git.haproxy.org/?p=haproxy-2.9.git;a=patch;h=4fb445fe5769172354d08f4a726f99e9815494c1
|
||||
---
|
||||
include/haproxy/queue.h | 2 +-
|
||||
src/queue.c | 3 ++-
|
||||
src/server.c | 4 ++--
|
||||
3 files changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/include/haproxy/queue.h b/include/haproxy/queue.h
|
||||
index e4201fb..4896f71 100644
|
||||
--- a/include/haproxy/queue.h
|
||||
+++ b/include/haproxy/queue.h
|
||||
@@ -34,7 +34,7 @@ extern struct pool_head *pool_head_pendconn;
|
||||
|
||||
struct pendconn *pendconn_add(struct stream *strm);
|
||||
int pendconn_dequeue(struct stream *strm);
|
||||
-void process_srv_queue(struct server *s);
|
||||
+int process_srv_queue(struct server *s);
|
||||
unsigned int srv_dynamic_maxconn(const struct server *s);
|
||||
int pendconn_redistribute(struct server *s);
|
||||
int pendconn_grab_from_px(struct server *s);
|
||||
diff --git a/src/queue.c b/src/queue.c
|
||||
index 7555e2d..b93edf2 100644
|
||||
--- a/src/queue.c
|
||||
+++ b/src/queue.c
|
||||
@@ -354,7 +354,7 @@ static int pendconn_process_next_strm(struct server *srv, struct proxy *px, int
|
||||
/* Manages a server's connection queue. This function will try to dequeue as
|
||||
* many pending streams as possible, and wake them up.
|
||||
*/
|
||||
-void process_srv_queue(struct server *s)
|
||||
+int process_srv_queue(struct server *s)
|
||||
{
|
||||
struct server *ref = s->track ? s->track : s;
|
||||
struct proxy *p = s->proxy;
|
||||
@@ -413,6 +413,7 @@ void process_srv_queue(struct server *s)
|
||||
if (p->lbprm.server_take_conn)
|
||||
p->lbprm.server_take_conn(s);
|
||||
}
|
||||
+ return done;
|
||||
}
|
||||
|
||||
/* Adds the stream <strm> to the pending connection queue of server <strm>->srv
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index 512fecd..cc2311a 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -6012,7 +6012,7 @@ static int _srv_update_status_op(struct server *s, enum srv_op_st_chg_cause caus
|
||||
/* check if we can handle some connections queued.
|
||||
* We will take as many as we can handle.
|
||||
*/
|
||||
- process_srv_queue(s);
|
||||
+ xferred = process_srv_queue(s);
|
||||
|
||||
tmptrash = alloc_trash_chunk();
|
||||
if (tmptrash) {
|
||||
@@ -6198,7 +6198,7 @@ static int _srv_update_status_adm(struct server *s, enum srv_adm_st_chg_cause ca
|
||||
/* check if we can handle some connections queued.
|
||||
* We will take as many as we can handle.
|
||||
*/
|
||||
- process_srv_queue(s);
|
||||
+ xferred = process_srv_queue(s);
|
||||
}
|
||||
else if (s->next_admin & SRV_ADMF_MAINT) {
|
||||
/* remaining in maintenance mode, let's inform precisely about the
|
||||
--
|
||||
1.7.10.4
|
||||
|
||||
@ -0,0 +1,89 @@
|
||||
From e87aeeccfce15b27fb349c4a1f966c678d246417 Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Houchard <ohouchard@haproxy.com>
|
||||
Date: Tue, 17 Dec 2024 15:39:21 +0100
|
||||
Subject: [PATCH] BUG/MEDIUM: queues: Do not use pendconn_grab_from_px().
|
||||
|
||||
pendconn_grab_from_px() was called when a server was brought back up, to
|
||||
get some streams waiting in the proxy's queue and get them to run on the
|
||||
newly available server. It is very similar to process_srv_queue(),
|
||||
except it only goes through the proxy's queue, which can be a problem,
|
||||
because there is a small race condition that could lead us to add more
|
||||
streams to the server queue just as it's going down. If that happens,
|
||||
the server would just be ignored when back up by new streams, as its
|
||||
queue is not empty, and it would never try to process its queue.
|
||||
The other problem with pendconn_grab_from_px() is that it is very
|
||||
liberal with how it dequeues streams, and it is not very good at
|
||||
enforcing maxconn, it could lead to having 3*maxconn connections.
|
||||
For both those reasons, just get rid of pendconn_grab_from_px(), and
|
||||
just use process_srv_queue().
|
||||
Both problems are easy to reproduce, especially on a 64 threads machine,
|
||||
set a maxconn to 100, inject in H2 with 1000 concurrent connections
|
||||
containing up to 100 streams each, and after a few seconds/minutes the
|
||||
max number of concurrent output streams will be much higher than
|
||||
maxconn, and eventually the server will stop processing connections.
|
||||
|
||||
It may be related to github issue #2744. Note that it doesn't totally
|
||||
fix the problem, we can occasionally see a few more connections than
|
||||
maxconn, but the max that have been observed is 4 more connections, we
|
||||
no longer get multiple times maxconn.
|
||||
|
||||
have more outgoing connections than maxconn,
|
||||
This should be backported up to 2.6.
|
||||
|
||||
(cherry picked from commit 111ea83ed4e13ac3ab028ed5e95201a1b4aa82b8)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit ab4ff1b7a6c7685f28fbdea01b38caf7e816fddf)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit b495692898072d6a843d36d4e66aae42e88a7c95)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://git.haproxy.org/?p=haproxy-2.9.git;a=patch;h=e87aeeccfce15b27fb349c4a1f966c678d246417
|
||||
---
|
||||
src/server.c | 14 +++++++-------
|
||||
1 file changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/src/server.c b/src/server.c
|
||||
index 311b495..512fecd 100644
|
||||
--- a/src/server.c
|
||||
+++ b/src/server.c
|
||||
@@ -5305,7 +5305,7 @@ static struct task *server_warmup(struct task *t, void *context, unsigned int st
|
||||
server_recalc_eweight(s, 1);
|
||||
|
||||
/* probably that we can refill this server with a bit more connections */
|
||||
- pendconn_grab_from_px(s);
|
||||
+ process_srv_queue(s);
|
||||
|
||||
HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock);
|
||||
|
||||
@@ -6009,10 +6009,10 @@ static int _srv_update_status_op(struct server *s, enum srv_op_st_chg_cause caus
|
||||
!(s->flags & SRV_F_BACKUP) && s->next_eweight)
|
||||
srv_shutdown_backup_streams(s->proxy, SF_ERR_UP);
|
||||
|
||||
- /* check if we can handle some connections queued at the proxy. We
|
||||
- * will take as many as we can handle.
|
||||
+ /* check if we can handle some connections queued.
|
||||
+ * We will take as many as we can handle.
|
||||
*/
|
||||
- xferred = pendconn_grab_from_px(s);
|
||||
+ process_srv_queue(s);
|
||||
|
||||
tmptrash = alloc_trash_chunk();
|
||||
if (tmptrash) {
|
||||
@@ -6195,10 +6195,10 @@ static int _srv_update_status_adm(struct server *s, enum srv_adm_st_chg_cause ca
|
||||
!(s->flags & SRV_F_BACKUP) && s->next_eweight)
|
||||
srv_shutdown_backup_streams(s->proxy, SF_ERR_UP);
|
||||
|
||||
- /* check if we can handle some connections queued at the proxy. We
|
||||
- * will take as many as we can handle.
|
||||
+ /* check if we can handle some connections queued.
|
||||
+ * We will take as many as we can handle.
|
||||
*/
|
||||
- xferred = pendconn_grab_from_px(s);
|
||||
+ process_srv_queue(s);
|
||||
}
|
||||
else if (s->next_admin & SRV_ADMF_MAINT) {
|
||||
/* remaining in maintenance mode, let's inform precisely about the
|
||||
--
|
||||
1.7.10.4
|
||||
|
||||
@ -0,0 +1,50 @@
|
||||
From f0c756518e9bfabfb317d22aa3416bc84eb543ba Mon Sep 17 00:00:00 2001
|
||||
From: Olivier Houchard <ohouchard@haproxy.com>
|
||||
Date: Fri, 13 Dec 2024 17:11:05 +0000
|
||||
Subject: [PATCH] BUG/MEDIUM: queues: Make sure we call process_srv_queue()
|
||||
when leaving
|
||||
|
||||
In stream_free(), make sure we call process_srv_queue() each time we
|
||||
call sess_change_server(), otherwise a server may end up not dequeuing
|
||||
any stream when it could do so. In some extreme cases it could lead to
|
||||
an infinite loop, as the server would appear to be available, as its
|
||||
"served" parameter would be < maxconn, but would end up not being used,
|
||||
as there are elements still in its queue.
|
||||
|
||||
This should be backported up to 2.6.
|
||||
|
||||
(cherry picked from commit dc9ce9c26469e00ab71fe6387dbd13010d4930f0)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit 1385e4ca16b3797b0091a959b626935cd7f29b38)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
(cherry picked from commit 2de073ef00ee7d87aa82064dd2977645ec694730)
|
||||
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://git.haproxy.org/?p=haproxy-2.9.git;a=patch;h=f0c756518e9bfabfb317d22aa3416bc84eb543ba
|
||||
---
|
||||
src/stream.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/stream.c b/src/stream.c
|
||||
index f4a3298..c42cf95 100644
|
||||
--- a/src/stream.c
|
||||
+++ b/src/stream.c
|
||||
@@ -625,11 +625,14 @@ void stream_free(struct stream *s)
|
||||
}
|
||||
|
||||
if (unlikely(s->srv_conn)) {
|
||||
+ struct server *oldsrv = s->srv_conn;
|
||||
/* the stream still has a reserved slot on a server, but
|
||||
* it should normally be only the same as the one above,
|
||||
* so this should not happen in fact.
|
||||
*/
|
||||
sess_change_server(s, NULL);
|
||||
+ if (may_dequeue_tasks(oldsrv, s->be))
|
||||
+ process_srv_queue(oldsrv);
|
||||
}
|
||||
|
||||
/* We may still be present in the buffer wait queue */
|
||||
--
|
||||
1.7.10.4
|
||||
|
||||
13
haproxy.spec
13
haproxy.spec
@ -5,7 +5,7 @@
|
||||
|
||||
Name: haproxy
|
||||
Version: 2.9.5
|
||||
Release: 7
|
||||
Release: 8
|
||||
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
|
||||
|
||||
License: GPLv2+
|
||||
@ -22,6 +22,9 @@ Patch3: CVE-2024-49214.patch
|
||||
Patch4: backport-BUG-MEDIUM-stream-Prevent-mux-upgrades-if-client-con.patch
|
||||
Patch5: CVE-2024-53008-1.patch
|
||||
Patch6: CVE-2024-53008-2.patch
|
||||
Patch7: backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch
|
||||
Patch8: backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch
|
||||
Patch9: backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch
|
||||
|
||||
BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic
|
||||
Requires(pre): shadow-utils
|
||||
@ -126,6 +129,14 @@ exit 0
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Mon Mar 17 2025 yanglu <yanglu72@h-partners.com> - 2.9.5-8
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:queues:Do not use pendconn_grab_from_px
|
||||
queues:Make sure we call process_srv_queue when leaving
|
||||
queue:Make process_srv_queue return the number of streams
|
||||
|
||||
* Tue Dec 10 2024 wangkai <13474090681@163.com> - 2.9.5-7
|
||||
- Fix CVE-2024-53008
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user