New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A crash bugfix for ngx_http_dyups_module #1133
base: master
Are you sure you want to change the base?
Conversation
|
我理解 修复代码中,楼主为了复用函数ngx_http_variables_init_vars,做了很多准备工作,只是为新变量结构体设置get_handler、data、flag,是否可以直接遍历cmcf->variables,针对get_handler为空的情况 按照prefix_variables类别,设置对应的get_handler、data、flags就行了? |
cmcf->variables_keys = &vk; | ||
|
||
v = va_prev.elts; | ||
for (i = 0; i < va_prev.nelts; i++) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里是不是可以逆序遍历,遇到get_hander不为NULL,直接退出?减少遍历的时间
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
我觉得修改成逆序遍历提前退出带来的提升并不会太大, 理由有如下两个
- 相比于 dyups 的消耗, 遍历 cmcf->variables 的成本并不高
- cmcf->variables 的遍历是顺序访存
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FengXingYuXin 已修改为逆序遍历 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cuber 还有一个疑问,如果请求ngx_http_request_t中已经分配了variables(存储变量值),正处于接收请求body的阶段(可能会有多次网络IO),如果dyups有更新(consistent_hash+新自定义变量),那在请求接收完body被转发时,触发渲染新变量的逻辑,但新变量并没有在variables中分配对应内存,所以ngx_http_get_indexed_variable时,还是会导致r->variables[index]的index越界吧?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FengXingYuXin
的确有越界风险,而且是从 ngx_http_script_run
入口开始就会有风险了
考虑如下情况:
- 请求 A 创建时
r->variables
是按照cmcf->variables
个数来alloc
的 - A 正在异步等待
upstream body
- 来了个
dyups
的请求 B,把cmcf->variables
给 append 了一个 element - 前面异步等待的
body
的请求 A 回来了以后,在ngx_http_script_run
阶段就会越界
cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module);
for (i = 0; i < cmcf->variables.nelts; i++) {
if (r->variables[i].no_cacheable) {
r->variables[i].valid = 0;
r->variables[i].not_found = 0;
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@FengXingYuXin
改了下,现在应该 ok 了
69e1f10
to
c08394a
Compare
c08394a
to
f108aec
Compare
@ https://github.com/yzprofile/ngx_http_dyups_module |
@cuber could you resolve the conflict ? THX. |
Upstream request will crash if there is a first shown prefix variable in dynamic. server { listen 8000; location / { dyups_interface; } } server { listen 8080; location / { proxy_pass http://$host; } } $curl "127.0.0.1:8000/upstream/dyhost" -d 'consistent_hash $arg_ds; server 127.0.0.1:8081; server 127.0.0.1:8082;' success $curl "127.0.0.1:8080/foobar" -H'host: dyhost' crash happened
f108aec
to
61710a1
Compare
@wangfakang I have adapted this patch to the new version of Tengine, please take a look :-) |
Hi all, this issue has been fixed in dyups module, see yzprofile/ngx_http_dyups_module#104 |
Hi @cuber I will close this issue later, because we have one pullrequest to update yzprofile/dyups module: #1255. But I note that this pull request has one difference with yzprofile/dyups bugfix pr.
Can yzprofile/dyups bugfix pr replace this pull request? We hope that tengine/dyups can keep pace with yzprofile/dyups. |
Hi @chobits, |
Hi @chobits @wangfakang |
Upstream request will crash if there is a first shown prefix variable in dynamic update.