BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in process_srv_queue()
A problem involving server slowstart was reported by @max2k1 in issue #197.
The problem is that pendconn_grab_from_px() takes the proxy lock while
already under the server's lock while process_srv_queue() first takes the
proxy's lock then the server's lock.
While the latter seems more natural, it is fundamentally incompatible with
mayn other operations performed on servers, namely state change propagation,
where the proxy is only known after the server and cannot be locked around
the servers. Howwever reversing the lock in process_srv_queue() is trivial
and only the few functions related to dynamic cookies need to be adjusted
for this so that the proxy's lock is taken for each server operation. This
is possible because the proxy's server list is built once at boot time and
remains stable. So this is what this patch does.
The comments in the proxy and server structs were updated to mention this
rule that the server's lock may not be taken under the proxy's lock but
may enclose it.
Another approach could consist in using a second lock for the proxy's queue
which would be different from the regular proxy's lock, but given that the
operations above are rare and operate on small servers list, there is no
reason for overdesigning a solution.
This fix was successfully tested with 10000 servers in a backend where
adjusting the dyncookies in loops over the CLI didn't have a measurable
impact on the traffic.
The only workaround without the fix is to disable any occurrence of
"slowstart" on server lines, or to disable threads using "nbthread 1".
This must be backported as far as 1.8.
(cherry picked from commit 5e83d996cf965ee5ac625f702a446f4d8c80a220)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/server.c b/src/server.c
index a96f1ef..236d6ba 100644
--- a/src/server.c
+++ b/src/server.c
@@ -125,7 +125,7 @@
}
/*
- * Must be called with the server lock held.
+ * Must be called with the server lock held, and will grab the proxy lock.
*/
void srv_set_dyncookie(struct server *s)
{
@@ -137,15 +137,17 @@
int addr_len;
int port;
+ HA_SPIN_LOCK(PROXY_LOCK, &p->lock);
+
if ((s->flags & SRV_F_COOKIESET) ||
!(s->proxy->ck_opts & PR_CK_DYNAMIC) ||
s->proxy->dyncookie_key == NULL)
- return;
+ goto out;
key_len = strlen(p->dyncookie_key);
if (s->addr.ss_family != AF_INET &&
s->addr.ss_family != AF_INET6)
- return;
+ goto out;
/*
* Buffer to calculate the cookie value.
* The buffer contains the secret key + the server IP address
@@ -174,7 +176,7 @@
hash_value = XXH64(tmpbuf, buffer_len, 0);
memprintf(&s->cookie, "%016llx", hash_value);
if (!s->cookie)
- return;
+ goto out;
s->cklen = 16;
/* Don't bother checking if the dyncookie is duplicated if
@@ -183,6 +185,8 @@
*/
if (!(s->next_admin & SRV_ADMF_FMAINT))
srv_check_for_dup_dyncookie(s);
+ out:
+ HA_SPIN_UNLOCK(PROXY_LOCK, &p->lock);
}
/*