From 593bb543873ac57efade09dbcc2f93ab6b4d5ab0 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 23 Nov 2022 23:12:04 +0300 Subject: Disabled cloning of sockets without master process (ticket #2403). Cloning of listening sockets for each worker process does not make sense when working without master process, and causes some of the connections not to be accepted if worker_processes is set to more than one and there are listening sockets configured with the reuseport flag. Fix is to disable cloning when master process is disabled. --- src/event/ngx_event.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/event') diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index 47229b507..77b07f6e1 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -416,6 +416,7 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf) { #if (NGX_HAVE_REUSEPORT) ngx_uint_t i; + ngx_core_conf_t *ccf; ngx_listening_t *ls; #endif @@ -442,7 +443,9 @@ ngx_event_init_conf(ngx_cycle_t *cycle, void *conf) #if (NGX_HAVE_REUSEPORT) - if (!ngx_test_config) { + ccf = (ngx_core_conf_t *) ngx_get_conf(cycle->conf_ctx, ngx_core_module); + + if (!ngx_test_config && ccf->master) { ls = cycle->listening.elts; for (i = 0; i < cycle->listening.nelts; i++) { -- cgit From d52e5684437aedd6bb74d6b2b602b7306f4212ba Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 23 Nov 2022 23:48:53 +0300 Subject: Fixed segfault when switching off master process during upgrade. Binary upgrades are not supported without master process, but it is, however, possible, that nginx running with master process is asked to upgrade binary, and the configuration file as available on disk at this time includes "master_process off;". If this happens, listening sockets inherited from the previous binary will have ls[i].previous set. But the old cycle on initial process startup, including startup after binary upgrade, is destroyed by ngx_init_cycle() once configuration parsing is complete. As a result, an attempt to dereference ls[i].previous in ngx_event_process_init() accesses already freed memory. Fix is to avoid looking into ls[i].previous if the old cycle is already freed. With this change it is also no longer needed to clear ls[i].previous in worker processes, so the relevant code was removed. --- src/event/ngx_event.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/event') diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index 77b07f6e1..d81547af4 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -813,7 +813,9 @@ ngx_event_process_init(ngx_cycle_t *cycle) rev->deferred_accept = ls[i].deferred_accept; #endif - if (!(ngx_event_flags & NGX_USE_IOCP_EVENT)) { + if (!(ngx_event_flags & NGX_USE_IOCP_EVENT) + && cycle->old_cycle) + { if (ls[i].previous) { /* -- cgit From 765ef1098d169622ada67eb4eccad1d45d47a61c Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Thu, 24 Nov 2022 23:08:30 +0400 Subject: SSL: fixed debug logging of SSL_sendfile() return value. --- src/event/ngx_event_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/event') diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 3be64b6c2..702e8d877 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -3020,7 +3020,7 @@ ngx_ssl_sendfile(ngx_connection_t *c, ngx_buf_t *file, size_t size) n = SSL_sendfile(c->ssl->connection, file->file->fd, file->file_pos, size, flags); - ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %d", n); + ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_sendfile: %z", n); if (n > 0) { -- cgit From 39892c6265bb36604bbcbd5e315ec3ee0e91c277 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Thu, 1 Dec 2022 04:22:31 +0300 Subject: SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors. With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(), which used to always reset c->read->ready to 0 when returning errors. This fixes an infinite loop in unbuffered SSL proxying if writing to the client is blocked and an SSL error happens (ticket #2418). With this change, the fix for a similar issue in the stream module (6868:ee3645078759), which used a different approach of explicitly testing c->read->error instead, is no longer needed and was reverted. --- src/event/ngx_event_openssl.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/event') diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 702e8d877..5f9ff5f0f 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -2204,6 +2204,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) #endif if (c->ssl->last == NGX_ERROR) { + c->read->ready = 0; c->read->error = 1; return NGX_ERROR; } @@ -2270,6 +2271,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) #if (NGX_HAVE_FIONREAD) if (ngx_socket_nread(c->fd, &c->read->available) == -1) { + c->read->ready = 0; c->read->error = 1; ngx_connection_error(c, ngx_socket_errno, ngx_socket_nread_n " failed"); @@ -2306,6 +2308,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) return 0; case NGX_ERROR: + c->read->ready = 0; c->read->error = 1; /* fall through */ @@ -2326,6 +2329,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size) size_t readbytes; if (c->ssl->last == NGX_ERROR) { + c->read->ready = 0; c->read->error = 1; return NGX_ERROR; } @@ -2425,6 +2429,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size) return 0; case NGX_ERROR: + c->read->ready = 0; c->read->error = 1; /* fall through */ -- cgit