[nginx] HTTP/2: fixed posted streams handling.
|
Valentin Bartenev
December 09, 2016 09:42AM
|
details: http://hg.nginx.org/nginx/rev/3834951e32ab
branches:
changeset: 6833:3834951e32ab
user: Valentin Bartenev <vbart@nginx.com>
date: Mon Nov 28 20:58:14 2016 +0300
description:
HTTP/2: fixed posted streams handling.
A bug was introduced by 82efcedb310b that could lead to timing out of
responses or segmentation fault, when accept_mutex was enabled.
The output queue in HTTP/2 can contain frames from different streams.
When the queue is sent, all related write handlers need to be called.
In order to do so, the streams were added to the h2c->posted queue
after handling sent frames. Then this queue was processed in
ngx_http_v2_write_handler().
If accept_mutex is enabled, the event's "ready" flag is set but its
handler is not called immediately. Instead, the event is added to
the ngx_posted_events queue. At the same time in this queue can be
events from upstream connections. Such events can result in sending
output queue before ngx_http_v2_write_handler() is triggered. And
at the time ngx_http_v2_write_handler() is called, the output queue
can be already empty with some streams added to h2c->posted.
But after 82efcedb310b, these streams weren't processed if all frames
have already been sent and the output queue was empty. This might lead
to a situation when a number of streams were get stuck in h2c->posted
queue for a long time. Eventually these streams might get closed by
the send timeout.
In the worst case this might also lead to a segmentation fault, if
already freed stream was left in the h2c->posted queue. This could
happen if one of the streams was terminated but wasn't closed, due to
the HEADERS frame or a partially sent DATA frame left in the output
queue. If this happened the ngx_http_v2_filter_cleanup() handler
removed the stream from the h2c->waiting or h2c->posted queue on
termination stage, before the frame has been sent, and the stream
was again added to the h2c->posted queue after the frame was sent.
In order to fix all these problems and simplify the code, write
events of fake stream connections are now added to ngx_posted_events
instead of using a custom h2c->posted queue.
diffstat:
src/http/v2/ngx_http_v2.c | 27 +----------------
src/http/v2/ngx_http_v2.h | 3 +-
src/http/v2/ngx_http_v2_filter_module.c | 50 +++++++++++++++++++++++++-------
3 files changed, 42 insertions(+), 38 deletions(-)
diffs (183 lines):
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2.c Mon Nov 28 20:58:14 2016 +0300
@@ -286,7 +286,6 @@ ngx_http_v2_init(ngx_event_t *rev)
: ngx_http_v2_state_preface;
ngx_queue_init(&h2c->waiting);
- ngx_queue_init(&h2c->posted);
ngx_queue_init(&h2c->dependencies);
ngx_queue_init(&h2c->closed);
@@ -420,9 +419,7 @@ static void
ngx_http_v2_write_handler(ngx_event_t *wev)
{
ngx_int_t rc;
- ngx_queue_t *q;
ngx_connection_t *c;
- ngx_http_v2_stream_t *stream;
ngx_http_v2_connection_t *h2c;
c = wev->data;
@@ -457,26 +454,6 @@ ngx_http_v2_write_handler(ngx_event_t *w
return;
}
- while (!ngx_queue_empty(&h2c->posted)) {
- q = ngx_queue_head(&h2c->posted);
-
- ngx_queue_remove(q);
-
- stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
-
- stream->handled = 0;
-
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "run http2 stream %ui", stream->node->id);
-
- wev = stream->request->connection->write;
-
- wev->active = 0;
- wev->ready = 1;
-
- wev->handler(wev);
- }
-
h2c->blocked = 0;
if (rc == NGX_AGAIN) {
@@ -2254,7 +2231,7 @@ ngx_http_v2_state_window_update(ngx_http
stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
- stream->handled = 0;
+ stream->waiting = 0;
wev = stream->request->connection->write;
@@ -4274,7 +4251,7 @@ ngx_http_v2_finalize_connection(ngx_http
continue;
}
- stream->handled = 0;
+ stream->waiting = 0;
r = stream->request;
fc = r->connection;
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2.h Mon Nov 28 20:58:14 2016 +0300
@@ -137,7 +137,6 @@ struct ngx_http_v2_connection_s {
ngx_http_v2_out_frame_t *last_out;
- ngx_queue_t posted;
ngx_queue_t dependencies;
ngx_queue_t closed;
@@ -192,7 +191,7 @@ struct ngx_http_v2_stream_s {
ngx_pool_t *pool;
- unsigned handled:1;
+ unsigned waiting:1;
unsigned blocked:1;
unsigned exhausted:1;
unsigned in_closed:1;
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Mon Nov 28 20:58:14 2016 +0300
@@ -1104,11 +1104,11 @@ ngx_http_v2_waiting_queue(ngx_http_v2_co
ngx_queue_t *q;
ngx_http_v2_stream_t *s;
- if (stream->handled) {
+ if (stream->waiting) {
return;
}
- stream->handled = 1;
+ stream->waiting = 1;
for (q = ngx_queue_last(&h2c->waiting);
q != ngx_queue_sentinel(&h2c->waiting);
@@ -1298,20 +1298,29 @@ static ngx_inline void
ngx_http_v2_handle_stream(ngx_http_v2_connection_t *h2c,
ngx_http_v2_stream_t *stream)
{
+ ngx_event_t *wev;
ngx_connection_t *fc;
- if (stream->handled || stream->blocked) {
+ if (stream->waiting || stream->blocked) {
return;
}
fc = stream->request->connection;
- if (!fc->error && (stream->exhausted || fc->write->delayed)) {
+ if (!fc->error && stream->exhausted) {
return;
}
- stream->handled = 1;
- ngx_queue_insert_tail(&h2c->posted, &stream->queue);
+ wev = fc->write;
+
+ wev->active = 0;
+ wev->ready = 1;
+
+ if (!fc->error && wev->delayed) {
+ return;
+ }
+
+ ngx_post_event(wev, &ngx_posted_events);
}
@@ -1321,11 +1330,13 @@ ngx_http_v2_filter_cleanup(void *data)
ngx_http_v2_stream_t *stream = data;
size_t window;
+ ngx_event_t *wev;
+ ngx_queue_t *q;
ngx_http_v2_out_frame_t *frame, **fn;
ngx_http_v2_connection_t *h2c;
- if (stream->handled) {
- stream->handled = 0;
+ if (stream->waiting) {
+ stream->waiting = 0;
ngx_queue_remove(&stream->queue);
}
@@ -1359,9 +1370,26 @@ ngx_http_v2_filter_cleanup(void *data)
fn = &frame->next;
}
- if (h2c->send_window == 0 && window && !ngx_queue_empty(&h2c->waiting)) {
- ngx_queue_add(&h2c->posted, &h2c->waiting);
- ngx_queue_init(&h2c->waiting);
+ if (h2c->send_window == 0 && window) {
+
+ while (!ngx_queue_empty(&h2c->waiting)) {
+ q = ngx_queue_head(&h2c->waiting);
+
+ ngx_queue_remove(q);
+
+ stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
+
+ stream->waiting = 0;
+
+ wev = stream->request->connection->write;
+
+ wev->active = 0;
+ wev->ready = 1;
+
+ if (!wev->delayed) {
+ ngx_post_event(wev, &ngx_posted_events);
+ }
+ }
}
h2c->send_window += window;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
branches:
changeset: 6833:3834951e32ab
user: Valentin Bartenev <vbart@nginx.com>
date: Mon Nov 28 20:58:14 2016 +0300
description:
HTTP/2: fixed posted streams handling.
A bug was introduced by 82efcedb310b that could lead to timing out of
responses or segmentation fault, when accept_mutex was enabled.
The output queue in HTTP/2 can contain frames from different streams.
When the queue is sent, all related write handlers need to be called.
In order to do so, the streams were added to the h2c->posted queue
after handling sent frames. Then this queue was processed in
ngx_http_v2_write_handler().
If accept_mutex is enabled, the event's "ready" flag is set but its
handler is not called immediately. Instead, the event is added to
the ngx_posted_events queue. At the same time in this queue can be
events from upstream connections. Such events can result in sending
output queue before ngx_http_v2_write_handler() is triggered. And
at the time ngx_http_v2_write_handler() is called, the output queue
can be already empty with some streams added to h2c->posted.
But after 82efcedb310b, these streams weren't processed if all frames
have already been sent and the output queue was empty. This might lead
to a situation when a number of streams were get stuck in h2c->posted
queue for a long time. Eventually these streams might get closed by
the send timeout.
In the worst case this might also lead to a segmentation fault, if
already freed stream was left in the h2c->posted queue. This could
happen if one of the streams was terminated but wasn't closed, due to
the HEADERS frame or a partially sent DATA frame left in the output
queue. If this happened the ngx_http_v2_filter_cleanup() handler
removed the stream from the h2c->waiting or h2c->posted queue on
termination stage, before the frame has been sent, and the stream
was again added to the h2c->posted queue after the frame was sent.
In order to fix all these problems and simplify the code, write
events of fake stream connections are now added to ngx_posted_events
instead of using a custom h2c->posted queue.
diffstat:
src/http/v2/ngx_http_v2.c | 27 +----------------
src/http/v2/ngx_http_v2.h | 3 +-
src/http/v2/ngx_http_v2_filter_module.c | 50 +++++++++++++++++++++++++-------
3 files changed, 42 insertions(+), 38 deletions(-)
diffs (183 lines):
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2.c Mon Nov 28 20:58:14 2016 +0300
@@ -286,7 +286,6 @@ ngx_http_v2_init(ngx_event_t *rev)
: ngx_http_v2_state_preface;
ngx_queue_init(&h2c->waiting);
- ngx_queue_init(&h2c->posted);
ngx_queue_init(&h2c->dependencies);
ngx_queue_init(&h2c->closed);
@@ -420,9 +419,7 @@ static void
ngx_http_v2_write_handler(ngx_event_t *wev)
{
ngx_int_t rc;
- ngx_queue_t *q;
ngx_connection_t *c;
- ngx_http_v2_stream_t *stream;
ngx_http_v2_connection_t *h2c;
c = wev->data;
@@ -457,26 +454,6 @@ ngx_http_v2_write_handler(ngx_event_t *w
return;
}
- while (!ngx_queue_empty(&h2c->posted)) {
- q = ngx_queue_head(&h2c->posted);
-
- ngx_queue_remove(q);
-
- stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
-
- stream->handled = 0;
-
- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
- "run http2 stream %ui", stream->node->id);
-
- wev = stream->request->connection->write;
-
- wev->active = 0;
- wev->ready = 1;
-
- wev->handler(wev);
- }
-
h2c->blocked = 0;
if (rc == NGX_AGAIN) {
@@ -2254,7 +2231,7 @@ ngx_http_v2_state_window_update(ngx_http
stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
- stream->handled = 0;
+ stream->waiting = 0;
wev = stream->request->connection->write;
@@ -4274,7 +4251,7 @@ ngx_http_v2_finalize_connection(ngx_http
continue;
}
- stream->handled = 0;
+ stream->waiting = 0;
r = stream->request;
fc = r->connection;
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2.h Mon Nov 28 20:58:14 2016 +0300
@@ -137,7 +137,6 @@ struct ngx_http_v2_connection_s {
ngx_http_v2_out_frame_t *last_out;
- ngx_queue_t posted;
ngx_queue_t dependencies;
ngx_queue_t closed;
@@ -192,7 +191,7 @@ struct ngx_http_v2_stream_s {
ngx_pool_t *pool;
- unsigned handled:1;
+ unsigned waiting:1;
unsigned blocked:1;
unsigned exhausted:1;
unsigned in_closed:1;
diff -r ec10ce307dc0 -r 3834951e32ab src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Thu Dec 08 17:51:49 2016 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Mon Nov 28 20:58:14 2016 +0300
@@ -1104,11 +1104,11 @@ ngx_http_v2_waiting_queue(ngx_http_v2_co
ngx_queue_t *q;
ngx_http_v2_stream_t *s;
- if (stream->handled) {
+ if (stream->waiting) {
return;
}
- stream->handled = 1;
+ stream->waiting = 1;
for (q = ngx_queue_last(&h2c->waiting);
q != ngx_queue_sentinel(&h2c->waiting);
@@ -1298,20 +1298,29 @@ static ngx_inline void
ngx_http_v2_handle_stream(ngx_http_v2_connection_t *h2c,
ngx_http_v2_stream_t *stream)
{
+ ngx_event_t *wev;
ngx_connection_t *fc;
- if (stream->handled || stream->blocked) {
+ if (stream->waiting || stream->blocked) {
return;
}
fc = stream->request->connection;
- if (!fc->error && (stream->exhausted || fc->write->delayed)) {
+ if (!fc->error && stream->exhausted) {
return;
}
- stream->handled = 1;
- ngx_queue_insert_tail(&h2c->posted, &stream->queue);
+ wev = fc->write;
+
+ wev->active = 0;
+ wev->ready = 1;
+
+ if (!fc->error && wev->delayed) {
+ return;
+ }
+
+ ngx_post_event(wev, &ngx_posted_events);
}
@@ -1321,11 +1330,13 @@ ngx_http_v2_filter_cleanup(void *data)
ngx_http_v2_stream_t *stream = data;
size_t window;
+ ngx_event_t *wev;
+ ngx_queue_t *q;
ngx_http_v2_out_frame_t *frame, **fn;
ngx_http_v2_connection_t *h2c;
- if (stream->handled) {
- stream->handled = 0;
+ if (stream->waiting) {
+ stream->waiting = 0;
ngx_queue_remove(&stream->queue);
}
@@ -1359,9 +1370,26 @@ ngx_http_v2_filter_cleanup(void *data)
fn = &frame->next;
}
- if (h2c->send_window == 0 && window && !ngx_queue_empty(&h2c->waiting)) {
- ngx_queue_add(&h2c->posted, &h2c->waiting);
- ngx_queue_init(&h2c->waiting);
+ if (h2c->send_window == 0 && window) {
+
+ while (!ngx_queue_empty(&h2c->waiting)) {
+ q = ngx_queue_head(&h2c->waiting);
+
+ ngx_queue_remove(q);
+
+ stream = ngx_queue_data(q, ngx_http_v2_stream_t, queue);
+
+ stream->waiting = 0;
+
+ wev = stream->request->connection->write;
+
+ wev->active = 0;
+ wev->ready = 1;
+
+ if (!wev->delayed) {
+ ngx_post_event(wev, &ngx_posted_events);
+ }
+ }
}
h2c->send_window += window;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
| Subject | Author | Views | Posted |
|---|---|---|---|
|
Valentin Bartenev | 751 | December 09, 2016 09:42AM |
Sorry, you do not have permission to post/reply in this forum.
Online Users
Guests:
269
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|