BUG/MINOR: fd: Don't clear the update_mask in fd_insert. Clearing the update_mask bit in fd_insert may lead to duplicate insertion of fd in fd_updt, that could lead to a write past the end of the array. Instead, make sure the update_mask bit is cleared by the pollers no matter what. This should be backported to 1.8. [wt: warning: 1.8 doesn't have the lockless fdcache changes and will require some careful changes in the pollers]

commit: 8ef1a6b0d8c2ea1d8075e0b757007f05527952b8 [log] [tgz]
author: Olivier Houchard <ohouchard@haproxy.com> Tue Apr 03 19:06:18 2018 +0200
committer: Willy Tarreau <w@1wt.eu> Tue Apr 03 19:38:15 2018 +0200
tree: 8365d6fd87bef189283b3b50fd29745244f1ce77
parent: 2500fc2c3443f69bc05de53d0516da373d2f0cc1 [diff] [blame]
diff --git a/src/ev_epoll.c b/src/ev_epoll.c
index b98ca8c..a8e5797 100644
--- a/src/ev_epoll.c
+++ b/src/ev_epoll.c

@@ -74,13 +74,13 @@
 	for (updt_idx = 0; updt_idx < fd_nbupdt; updt_idx++) {
 		fd = fd_updt[updt_idx];
 
+		HA_ATOMIC_AND(&fdtab[fd].update_mask, ~tid_bit);
 		if (!fdtab[fd].owner) {
 			activity[tid].poll_drop++;
 			continue;
 		}
 
 		en = fdtab[fd].state;
-		HA_ATOMIC_AND(&fdtab[fd].update_mask, ~tid_bit);
 
 		if (fdtab[fd].polled_mask & tid_bit) {
 			if (!(fdtab[fd].thread_mask & tid_bit) || !(en & FD_EV_POLLED_RW)) {
commit	8ef1a6b0d8c2ea1d8075e0b757007f05527952b8	[log] [tgz]
author	Olivier Houchard <ohouchard@haproxy.com>	Tue Apr 03 19:06:18 2018 +0200
committer	Willy Tarreau <w@1wt.eu>	Tue Apr 03 19:38:15 2018 +0200
tree	8365d6fd87bef189283b3b50fd29745244f1ce77
parent	2500fc2c3443f69bc05de53d0516da373d2f0cc1 [diff] [blame]