| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, the recursion was only limited for cached responses.
|
|
When several requests were waiting for a response, then after getting
a CNAME response only the last request's context had the name updated.
Contexts of other requests had the wrong name. This name was used by
ngx_resolve_name_done() to find the node to remove the request context
from. When the name was wrong, the request could not be properly
cancelled, its context was freed but stayed linked to the node's waiting
list. This happened e.g. when the first request was aborted or timed
out before the resolving completed. When it completed, this triggered
a use-after-free memory access by calling ctx->handler of already freed
request context. The bug manifests itself by
"could not cancel <name> resolving" alerts in error_log.
When a request was responded with a CNAME, the request context kept
the pointer to the original node's rn->u.cname. If the original node
expired before the resolving timed out or completed with an error,
this would trigger a use-after-free memory access via ctx->name in
ctx->handler().
The fix is to keep ctx->name unmodified. The name from context
is no longer used by ngx_resolve_name_done(). Instead, we now keep
the pointer to resolver node to which this request is linked.
Keeping the original name intact also improves logging.
|
|
No functional changes.
This is needed by the following change.
|
|
When several requests were waiting for a response, then after getting
a CNAME response only the last request was properly processed, while
others were left waiting.
|
|
If one or more requests were waiting for a response, then after
getting a CNAME response, the timeout event on the first request
remained active, pointing to the wrong node with an empty
rn->waiting list, and that could cause either null pointer
dereference or use-after-free memory access if this timeout
expired.
If several requests were waiting for a response, and the first
request terminated (e.g., due to client closing a connection),
other requests were left without a timeout and could potentially
wait indefinitely.
This is fixed by introducing per-request independent timeouts.
This change also reverts 954867a2f0a6 and 5004210e8c78.
|
|
|
|
The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m". The bug manifested
itself when the expires directive was used with variables.
Found by Roman Arutyunyan.
|
|
|
|
This fixes compilation of various 3rd party modules when nginx is
configured with threads.
|
|
|
|
Casting a "const char *" to "char *" doesn't work on older gcc versions.
|
|
|
|
|
|
The new thread pools code uses spinlocks.
|
|
Similar to ngx_http_file_cache_set_slot(), the last component of file->name
with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is
used as a source for the names of intermediate subdirectories with each one
taking its own part. Ensure that the sum of specified levels with slashes
fits into the length (ticket #731).
|
|
Level hierarchy is pre-zeroed in ngx_pcalloc() of the surrounding ngx_path_t.
|
|
|
|
|
|
|
|
Now we log a "zero size buf in chain writer" alert if we encounter a zero
sized buffer in ngx_chain_writer(), and skip the buffer.
|
|
|
|
No functional changes.
|
|
It's not needed for completed tasks queue since the previous change.
No functional changes.
|
|
|
|
|
|
Example of usage:
error_log memory:16m debug;
This allows to configure debug logging with minimum impact on performance.
It's especially useful when rare crashes are experienced under high load.
The log can be extracted from a coredump using the following gdb script:
set $log = ngx_cycle->log
while $log->writer != ngx_log_memory_writer
set $log = $log->next
end
set $buf = (ngx_log_memory_buf_t *) $log->wdata
dump binary memory debug_log.txt $buf->start $buf->end
|
|
|
|
Work around pthread_cond_destroy() and pthread_mutex_destroy() returning
EBUSY. A proper solution would be to ensure all threads are terminated.
|
|
Behave like POSIX semaphores. If N worker threads are waiting for tasks,
at least that number of tasks should be allowed to be put into the queue.
|
|
It's not needed for completed tasks queue.
No functional changes.
|
|
|
|
|
|
|
|
It's mostly dead code and the original idea of worker threads has been rejected.
|
|
|
|
|
|
No functional changes.
|
|
|
|
These are needed to detect overflows.
|
|
|
|
Initial size as calculated from the number of elements may be bigger
than max_size. If this happens, make sure to set size to max_size.
Reported by Chris West.
|
|
Previously, this function checked for connection local address existence
and returned error if it was missing. Now a new address is assigned in this
case making it possible to call this function not only for accepted connections.
|
|
It appeared that the NGX_HAVE_AIO_SENDFILE macro was defined regardless of
the "--with-file-aio" configure option and the NGX_HAVE_FILE_AIO macro.
Now they are related.
Additionally, fixed one macro.
|
|
This reduces layering violation and simplifies the logic of AIO preread, since
it's now triggered by the send chain function itself without falling back to
the copy filter. The context of AIO operation is now stored per file buffer,
which makes it possible to properly handle cases when multiple buffers come
from different locations, each with its own configuration.
|
|
|
|
There was a typo in NGX_EACCES.
Reported by Goetz T. Fischer.
|
|
The mtx->wait counter was not decremented if we were able to obtain the lock
right after incrementing it. This resulted in unneeded sem_post() calls,
eventually leading to EOVERFLOW errors being logged, "sem_post() failed
while wake shmtx (75: Value too large for defined data type)".
To close the race, mtx->wait is now decremented if we obtain the lock right
after incrementing it in ngx_shmtx_lock(). The result can become -1 if a
concurrent ngx_shmtx_unlock() decrements mtx->wait before the added code does.
However, that only leads to one extra iteration in the next call of
ngx_shmtx_lock().
|
|
The use_temp_path http cache feature is now implemented using a separate temp
hierarchy in cache directory. Prefix-based temp files are no longer needed.
|
|
If pre_tree_handler() returns NGX_DECLINED, the directory is ignored.
|
|
The ctx->aio flag must be taken into account in the short path too.
|
