From 273aea479de6c50a1a4f2cc329aa91ef11f8a829 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Fri, 17 Jul 2020 14:37:51 +0200 Subject: [PATCH] BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed In run_tasks_from_task_list() we may free some tasks that have been killed. Before doing so we unlink them from the wait queue. But if such a task is in the global wait queue, the queue isn't locked so this can result in corrupting the global task list and causing loops or crashes. It's very likely one cause of issue #758. This must be backported to 2.2. For 2.1 there doesn't seem to be any case where a task could be freed this way while in the global queue, but it doesn't cost much to apply the same change (the code is in process_runnable_task there). --- src/task.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/task.c b/src/task.c index ea3d80830..1a924c18c 100644 --- a/src/task.c +++ b/src/task.c @@ -476,8 +476,7 @@ unsigned int run_tasks_from_lists(unsigned int budgets[]) else if (!(state & TASK_KILLED) && process != NULL) t = process(t, ctx, state); else { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); sched->current = NULL; __ha_barrier_store(); @@ -500,8 +499,7 @@ unsigned int run_tasks_from_lists(unsigned int budgets[]) state = _HA_ATOMIC_AND(&t->state, ~TASK_RUNNING); if (unlikely(state & TASK_KILLED)) { - if (task_in_wq(t)) - __task_unlink_wq(t); + task_unlink_wq(t); __task_free(t); } else if (state & TASK_WOKEN_ANY)