Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / d4df5623598ce25c7f560180c22170d95d6ac144
commitd4df5623598ce25c7f560180c22170d95d6ac144[log] [tgz]
authorAurelien DARRAGON <adarragon@haproxy.com>Mon Mar 04 11:17:58 2024 +0100
committerChristopher Faulet <cfaulet@haproxy.com>Wed Apr 03 17:14:14 2024 +0200
tree11e3bcd44da8f580a9271e631c06bbfd3dee0341
parenta374161766de2e2fdb0b9ba3bcb652bd9f68ee5f [diff]
BUG/MEDIUM: hlua: improper lock usage with SET_SAFE_LJMP()

When we want to perform some unsafe lua stack manipulations from an
unprotected lua environment, we use SET_SAFE_LJMP() RESET_SAFE_LJMP()
combination to lock lua stack and catch potential lua exceptions that
may occur between the two.

Hence, we regularly find this pattern (duplicated over and over):

  |if (!SET_SAFE_LJMP(hlua)) {
  |        const char *error;
  |
  |        if (lua_type(hlua->T, -1) == LUA_TSTRING)
  |                error = hlua_tostring_safe(hlua->T, -1);
  |         else
  |                error = "critical error";
  |        SEND_ERR(NULL, "*: %s.\n", error);
  |}

This is wrong because when SET_SAFE_LJMP() returns false (meaning that an
exception was caught), then the lua lock was released already, thus the
caller is not expected to perform lua stack manipulations (because the
main lua stack may be shared between multiple threads). In the pattern
above we only want to retrieve the lua exception message which may be
found at the top of the stack, to do so we now explicitly take the lua
lock before accessing the lua stack. Note that hlua_lock() doesn't catch
lua exceptions so only safe lua functions are expected to be used there
(lua functions that may NOT raise exceptions).

It should be backported to every stable versions.

[ada: some ctx adj will be required for older versions as event_hdl
 doesn't exist prior to 2.8 and filters were implemented in 2.5, thus
 some chunks won't apply, but other fixes should stay relevant]

(cherry picked from commit 19b016f9f8b921b40f5ab0496254f7cbb9103488)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 63cfa3ea8be50146e407c098d451eeee14d67abe)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit cddf622feb738695f43a540ad7dbe1b91e142cc9)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 119a2b7a3e0eec1a2d13dcb2dfc437fea39ff4ba)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 50631d970938b96b94da6ff4d0b74e60ba846858)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
1 file changed
tree: 11e3bcd44da8f580a9271e631c06bbfd3dee0341
  1. .github/
  2. addons/
  3. admin/
  4. dev/
  5. doc/
  6. examples/
  7. include/
  8. reg-tests/
  9. scripts/
  10. src/
  11. tests/
  12. .cirrus.yml
  13. .gitattributes
  14. .gitignore
  15. .travis.yml
  16. BRANCHES
  17. CHANGELOG
  18. CONTRIBUTING
  19. INSTALL
  20. LICENSE
  21. MAINTAINERS
  22. Makefile
  23. README
  24. ROADMAP
  25. SUBVERS
  26. VERDATE
  27. VERSION