mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-22 06:11:32 +02:00
14673fe54d
h3_resp_data_send() is used to transcode HTX data into H3 data frames. If QCS Tx buffer is not aligned when first invoked, two separate frames may be built, first until buffer end, then with remaining space in front. If buffer space is not enough for at least the H3 frame header, -1 is returned with the flag QC_SF_BLK_MROOM set to await for more room. An issue arises if this occurs for the second frame : -1 is returned even though HTX data were properly transcoded and removed on the first step. This causes snd_buf callback to return an incorrect value to the stream layer, which in the end will corrupt the channel output buffer. To fix this, stop considering that not enough remaining space is an error case. Instead, return 0 if this is encountered for the first frame or the HTX removed block size for the second one. As QC_SF_BLK_MROOM is set, this will correctly interrupt H3 encoding. Label err is thus only properly limited to fatal error which should cause a connection closure. A new BUG_ON() has been added which should prevent similar issues in the future. This issue was detected using the following client : $ ngtcp2-client --no-quic-dump --no-http-dump --exit-on-all-streams-close \ 127.0.0.1 20443 -n2 "http://127.0.0.1:20443/?s=50k" This triggers the following CHECK_IF statement. Note that it may be necessary to disable fast forwarding to enforce snd_buf usage. Thread 1 "haproxy" received signal SIGILL, Illegal instruction. 0x00005555558bc48a in co_data (c=0x5555561ed428) at include/haproxy/channel.h:130 130 CHECK_IF_HOT(c->output > c_data(c)); [ ## gdb ## ] bt #0 0x00005555558bc48a in co_data (c=0x5555561ed428) at include/haproxy/channel.h:130 #1 0x00005555558c1d69 in sc_conn_send (sc=0x5555561f92d0) at src/stconn.c:1637 #2 0x00005555558c2683 in sc_conn_io_cb (t=0x5555561f7f10, ctx=0x5555561f92d0, state=32832) at src/stconn.c:1824 #3 0x000055555590c48f in run_tasks_from_lists (budgets=0x7fffffffdaa0) at src/task.c:596 #4 0x000055555590cf88 in process_runnable_tasks () at src/task.c:876 #5 0x00005555558aae3b in run_poll_loop () at src/haproxy.c:3049 #6 0x00005555558ab57e in run_thread_poll_loop (data=0x555555d9fa00 <ha_thread_info>) at src/haproxy.c:3251 #7 0x00005555558ad053 in main (argc=6, argv=0x7fffffffddd8) at src/haproxy.c:3948 In case CHECK_IF are not activated, it may cause crash or incorrect transfers. This was introduced by the following commit commit 2144d2418651c1f76b91cc1f6e745feecdefcb00 BUG/MINOR: h3: close connection on sending alloc errors This must be backported wherever the above patch is.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)