BUG/MINOR: mux-quic: fix crash with app ops install failure

On MUX initialization, the application layer is setup via
qcc_install_app_ops(). If this function fails MUX is deallocated and an
error is returned.

This code path causes a crash before connection has been registered
prior into the mux_stopping_data::list for stopping idle frontend conns.
To fix this, insert the connection later in qc_init() once no error can
occured.

The crash was seen on the process closing with SUGUSR1 with a segfault
on mux_stopping_process(). This was reproduced using -dMfail.

This regression was introduced by the following patch :
  commit b4d119f0c7
  BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission

This should be backported up to 2.7.
This commit is contained in:
Amaury Denoyelle 2023-04-19 17:58:39 +02:00
parent d07421331f
commit ed820823f0

View File

@ -2379,13 +2379,6 @@ static int qc_init(struct connection *conn, struct proxy *prx,
qcc_reset_idle_start(qcc); qcc_reset_idle_start(qcc);
LIST_INIT(&qcc->opening_list); LIST_INIT(&qcc->opening_list);
if (!conn_is_back(conn)) {
if (!LIST_INLIST(&conn->stopping_list)) {
LIST_APPEND(&mux_stopping_data[tid].list,
&conn->stopping_list);
}
}
HA_ATOMIC_STORE(&conn->handle.qc->qcc, qcc); HA_ATOMIC_STORE(&conn->handle.qc->qcc, qcc);
if (qcc_install_app_ops(qcc, conn->handle.qc->app_ops)) { if (qcc_install_app_ops(qcc, conn->handle.qc->app_ops)) {
@ -2398,6 +2391,10 @@ static int qc_init(struct connection *conn, struct proxy *prx,
if (qcc->app_ops == &h3_ops) if (qcc->app_ops == &h3_ops)
proxy_inc_fe_cum_sess_ver_ctr(sess->listener, prx, 3); proxy_inc_fe_cum_sess_ver_ctr(sess->listener, prx, 3);
/* Register conn for idle front closing. This is done once everything is allocated. */
if (!conn_is_back(conn))
LIST_APPEND(&mux_stopping_data[tid].list, &conn->stopping_list);
/* init read cycle */ /* init read cycle */
tasklet_wakeup(qcc->wait_event.tasklet); tasklet_wakeup(qcc->wait_event.tasklet);