BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn
The server lock must be held when server_take_conn() and server_drop_conn()
lbprm callback functions are called. It is a documented prerequisite but it is
not always performed. It only affects leastconn and fas lb algorithm. Others
don't use these callback functions.
A race condition on the next pending effecive weight (next_eweight) may be
encountered with the leastconn lb algorithm. An agent check may set it to 0
while fwlc_srv_reposition() is called. The server is locked during the
next_eweight update. But because the server lock is not acquired when
fwlc_srv_reposition() is called, we may use it to recompute the server key,
leading to a division by 0.
This patch must be backported as far as 1.8.
diff --git a/src/backend.c b/src/backend.c
index ba642d9..34e5e7a 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1593,8 +1593,11 @@
s->flags |= SF_CURR_SESS;
count = _HA_ATOMIC_ADD(&srv->cur_sess, 1);
HA_ATOMIC_UPDATE_MAX(&srv->counters.cur_sess_max, count);
- if (s->be->lbprm.server_take_conn)
+ if (s->be->lbprm.server_take_conn) {
+ HA_SPIN_LOCK(SERVER_LOCK, &srv->lock);
s->be->lbprm.server_take_conn(srv);
+ HA_SPIN_UNLOCK(SERVER_LOCK, &srv->lock);
+ }
}
/* Now handle synchronously connected sockets. We know the stream-int