nginx.git/src/http, branch release-1.11.7 nginx HTTP/2: prevented creating temp files for requests without body. 2016-12-10T10:23:38+00:00 Valentin Bartenev vbart@nginx.com 2016-12-10T10:23:38+00:00 27c7ed683bc28e537f39d7717cce4ec111068dca The problem was introduced by 52bd8cc17f34. 
The problem was introduced by 52bd8cc17f34.
HTTP/2: fixed posted streams handling. 2016-11-28T17:58:14+00:00 Valentin Bartenev vbart@nginx.com 2016-11-28T17:58:14+00:00 5d496d467d35abd4014f825de3c572eaa4011a24 A bug was introduced by 82efcedb310b that could lead to timing out of responses or segmentation fault, when accept_mutex was enabled. The output queue in HTTP/2 can contain frames from different streams. When the queue is sent, all related write handlers need to be called. In order to do so, the streams were added to the h2c->posted queue after handling sent frames. Then this queue was processed in ngx_http_v2_write_handler(). If accept_mutex is enabled, the event's "ready" flag is set but its handler is not called immediately. Instead, the event is added to the ngx_posted_events queue. At the same time in this queue can be events from upstream connections. Such events can result in sending output queue before ngx_http_v2_write_handler() is triggered. And at the time ngx_http_v2_write_handler() is called, the output queue can be already empty with some streams added to h2c->posted. But after 82efcedb310b, these streams weren't processed if all frames have already been sent and the output queue was empty. This might lead to a situation when a number of streams were get stuck in h2c->posted queue for a long time. Eventually these streams might get closed by the send timeout. In the worst case this might also lead to a segmentation fault, if already freed stream was left in the h2c->posted queue. This could happen if one of the streams was terminated but wasn't closed, due to the HEADERS frame or a partially sent DATA frame left in the output queue. If this happened the ngx_http_v2_filter_cleanup() handler removed the stream from the h2c->waiting or h2c->posted queue on termination stage, before the frame has been sent, and the stream was again added to the h2c->posted queue after the frame was sent. In order to fix all these problems and simplify the code, write events of fake stream connections are now added to ngx_posted_events instead of using a custom h2c->posted queue. 
A bug was introduced by 82efcedb310b that could lead to timing out of
responses or segmentation fault, when accept_mutex was enabled.

The output queue in HTTP/2 can contain frames from different streams.
When the queue is sent, all related write handlers need to be called.
In order to do so, the streams were added to the h2c->posted queue
after handling sent frames.  Then this queue was processed in
ngx_http_v2_write_handler().

If accept_mutex is enabled, the event's "ready" flag is set but its
handler is not called immediately.  Instead, the event is added to
the ngx_posted_events queue.  At the same time in this queue can be
events from upstream connections.  Such events can result in sending
output queue before ngx_http_v2_write_handler() is triggered.  And
at the time ngx_http_v2_write_handler() is called, the output queue
can be already empty with some streams added to h2c->posted.

But after 82efcedb310b, these streams weren't processed if all frames
have already been sent and the output queue was empty.  This might lead
to a situation when a number of streams were get stuck in h2c->posted
queue for a long time.  Eventually these streams might get closed by
the send timeout.

In the worst case this might also lead to a segmentation fault, if
already freed stream was left in the h2c->posted queue.  This could
happen if one of the streams was terminated but wasn't closed, due to
the HEADERS frame or a partially sent DATA frame left in the output
queue.  If this happened the ngx_http_v2_filter_cleanup() handler
removed the stream from the h2c->waiting or h2c->posted queue on
termination stage, before the frame has been sent, and the stream
was again added to the h2c->posted queue after the frame was sent.

In order to fix all these problems and simplify the code, write
events of fake stream connections are now added to ngx_posted_events
instead of using a custom h2c->posted queue.
Map: the "volatile" parameter. 2016-12-08T14:51:49+00:00 Ruslan Ermilov ru@nginx.com 2016-12-08T14:51:49+00:00 72ace363184d4768627c2fd2b0a5236887cdc036 By default, "map" creates cacheable variables [1]. With this parameter it creates a non-cacheable variable. An original idea was to deduce the cacheability of the "map" variable by checking the cacheability of variables specified in source and resulting values, but it turned to be too hard. For example, a cacheable variable can be overridden with the "set" directive or with the SSI "set" command. Also, keeping "map" variables cacheable by default is good for performance reasons. This required adding a new parameter. [1] Before db699978a33f (1.11.0), the cacheability of the "map" variable could vary depending on the cacheability of variables specified in resulting values (ticket #1090). This is believed to be a bug rather than a feature. 
By default, "map" creates cacheable variables [1].  With this
parameter it creates a non-cacheable variable.

An original idea was to deduce the cacheability of the "map"
variable by checking the cacheability of variables specified
in source and resulting values, but it turned to be too hard.
For example, a cacheable variable can be overridden with the
"set" directive or with the SSI "set" command.  Also, keeping
"map" variables cacheable by default is good for performance
reasons.  This required adding a new parameter.

[1] Before db699978a33f (1.11.0), the cacheability of the
"map" variable could vary depending on the cacheability of
variables specified in resulting values (ticket #1090).
This is believed to be a bug rather than a feature.
Map: simplified "map" block parser. 2016-12-08T14:29:01+00:00 Ruslan Ermilov ru@nginx.com 2016-12-08T14:29:01+00:00 41f06845cf5373d6a86e383f946006fd4ee87137 No functional changes. 
No functional changes.
Perl: added PERL_SET_INTERP(). 2016-12-07T16:03:19+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-07T16:03:19+00:00 408e49fed64873aa5b7c3affb2a227e15ccee025 For Perl compiled with threads, without PERL_SET_INTERP() the PL_curinterp remains set to the first interpreter created (that is, one created at original start). As a result after a reload Perl thinks that operations are done withing a thread, and, most notably, denies to change environment. For example, the following code properly works on original start, but fails after a reload: perl 'sub { my $r = shift; $r->send_http_header("text/plain"); $ENV{TZ} = "UTC"; $r->print("tz: " . $ENV{TZ} . " (localtime " . (localtime()) . ")\n"); $ENV{TZ} = "Europe/Moscow"; $r->print("tz: " . $ENV{TZ} . " (localtime " . (localtime()) . ")\n"); return OK; }'; To fix this, PERL_SET_INTERP() added anywhere where PERL_SET_CONTEXT() was previously used. Note that PERL_SET_INTERP() doesn't seem to be documented anywhere. Yet it is used in some other software, and also seems to be the only solution possible. 
For Perl compiled with threads, without PERL_SET_INTERP() the PL_curinterp
remains set to the first interpreter created (that is, one created at
original start).  As a result after a reload Perl thinks that operations
are done withing a thread, and, most notably, denies to change environment.

For example, the following code properly works on original start,
but fails after a reload:

    perl 'sub {
        my $r = shift;

        $r->send_http_header("text/plain");

        $ENV{TZ} = "UTC";
        $r->print("tz: " . $ENV{TZ} . " (localtime " . (localtime()) . ")\n");
        $ENV{TZ} = "Europe/Moscow";
        $r->print("tz: " . $ENV{TZ} . " (localtime " . (localtime()) . ")\n");

        return OK;
    }';

To fix this, PERL_SET_INTERP() added anywhere where PERL_SET_CONTEXT()
was previously used.

Note that PERL_SET_INTERP() doesn't seem to be documented anywhere.
Yet it is used in some other software, and also seems to be the only
solution possible.
Mp4: fixed setting wrong mdat atom size in very rare cases. 2016-11-22T05:40:08+00:00 hucongcong hucong.c@foxmail.com 2016-11-22T05:40:08+00:00 8b8b6f41e62407979cbd3d2a91afcdfdd1a0afd8 Atom size is the sum of atom header size and atom data size. The specification says that the first 4 bytes are set to one when the atom size is greater than the maximum unsigned 32-bit value. Which means atom header size should be considered when the comparison takes place between atom data size and 0xffffffff. 
Atom size is the sum of atom header size and atom data size. The
specification says that the first 4 bytes are set to one when
the atom size is greater than the maximum unsigned 32-bit value.
Which means atom header size should be considered when the
comparison takes place between atom data size and 0xffffffff.
SSL: $ssl_curves (ticket #1088). 2016-12-05T19:23:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-05T19:23:23+00:00 551091951a479e2f512062c51bdcc6157a211164 The variable contains a list of curves as supported by the client. Known curves are listed by their names, unknown ones are shown in hex, e.g., "0x001d:prime256v1:secp521r1:secp384r1". Note that OpenSSL uses session data for SSL_get1_curves(), and it doesn't store full list of curves supported by the client when serializing a session. As a result $ssl_curves is only available for new sessions (and will be empty for reused ones). The variable is only meaningful when using OpenSSL 1.0.2 and above. With older versions the variable is empty. 
The variable contains a list of curves as supported by the client.
Known curves are listed by their names, unknown ones are shown
in hex, e.g., "0x001d:prime256v1:secp521r1:secp384r1".

Note that OpenSSL uses session data for SSL_get1_curves(), and
it doesn't store full list of curves supported by the client when
serializing a session.  As a result $ssl_curves is only available
for new sessions (and will be empty for reused ones).

The variable is only meaningful when using OpenSSL 1.0.2 and above.
With older versions the variable is empty.
SSL: $ssl_ciphers (ticket #870). 2016-12-05T19:23:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-05T19:23:23+00:00 2daf78867bb60bee5e5ca517f20339211391635b The variable contains list of ciphers as supported by the client. Known ciphers are listed by their names, unknown ones are shown in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff". The variable is fully supported only when using OpenSSL 1.0.2 and above. With older version there is an attempt to provide some information using SSL_get_shared_ciphers(). It only lists known ciphers though. Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(), and it doesn't store relevant data when serializing a session. As a result $ssl_ciphers is only available for new sessions (and not available for reused ones) when using OpenSSL older than 1.0.2. 
The variable contains list of ciphers as supported by the client.
Known ciphers are listed by their names, unknown ones are shown
in hex, e.g., ""AES128-SHA:AES256-SHA:0x00ff".

The variable is fully supported only when using OpenSSL 1.0.2 and above.
With older version there is an attempt to provide some information
using SSL_get_shared_ciphers().  It only lists known ciphers though.
Moreover, as OpenSSL uses session data for SSL_get_shared_ciphers(),
and it doesn't store relevant data when serializing a session.  As
a result $ssl_ciphers is only available for new sessions (and not
available for reused ones) when using OpenSSL older than 1.0.2.
SSL: $ssl_client_v_start, $ssl_client_v_end, $ssl_client_v_remain. 2016-12-05T19:23:23+00:00 Maxim Dounin mdounin@mdounin.ru 2016-12-05T19:23:23+00:00 53092ad782c4647c212ff3b23870f7927da9e293 






HTTP/2: fixed saving preread buffer to temp file (ticket #1143).
2016-11-28T16:19:21+00:00

Valentin Bartenev
vbart@nginx.com

2016-11-28T16:19:21+00:00

89f92b32430c1df2a25580d15f1b047cde8fb792

Previously, a request body bigger than "client_body_buffer_size" wasn't written
into a temporary file if it has been pre-read entirely.  The preread buffer
is freed after processing, thus subsequent use of it might result in sending
corrupted body or cause a segfault.





Previously, a request body bigger than "client_body_buffer_size" wasn't written
into a temporary file if it has been pre-read entirely.  The preread buffer
is freed after processing, thus subsequent use of it might result in sending
corrupted body or cause a segfault.