Commit 4e6a490fa7ecb227296e277e2c3b7664441e5b40 - nginx

HTTP/2: always use temporary pool for processing headers. This is required for implementing per request timeouts. Previously, the temporary pool was used only during skipping of headers and the request pool was used otherwise. That required switching of pools if the request was closed while parsing. It wasn't a problem since the request could be closed only after the validation of the fully parsed header. With the per request timeouts, the request can be closed at any moment, and switching of pools in the middle of parsing header name or value becomes a problem. To overcome this, the temporary pool is now always created and used. Special checks are added to keep it when either the stream is being processed or until header block is fully parsed. Valentin Bartenev 6 years ago

2 changed file(s) with 38 addition(s) and 26 deletion(s). Raw diff Collapse all Expand all

+35

-26

src/http/v2/ngx_http_v2.c less more

111	111	u_char pos, u_char end);
112	112	static u_char ngx_http_v2_state_skip(ngx_http_v2_connection_t h2c,
113	113	u_char pos, u_char end);
114		static u_char ngx_http_v2_state_skip_headers(ngx_http_v2_connection_t h2c,
115		u_char pos, u_char end);
116	114	static u_char ngx_http_v2_state_save(ngx_http_v2_connection_t h2c,
117	115	u_char pos, u_char end, ngx_http_v2_handler_pt handler);
118	116	static u_char ngx_http_v2_connection_error(ngx_http_v2_connection_t h2c,

1132	1130
1133	1131	h2c->last_sid = h2c->state.sid;
1134	1132
	1133	h2c->state.pool = ngx_create_pool(1024, h2c->connection->log);
	1134	if (h2c->state.pool == NULL) {
	1135	return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
	1136	}
	1137
1135	1138	if (depend == h2c->state.sid) {
1136	1139	ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
1137	1140	"client sent HEADERS frame for stream %ui "

1145	1148	NGX_HTTP_V2_INTERNAL_ERROR);
1146	1149	}
1147	1150
1148		return ngx_http_v2_state_skip_headers(h2c, pos, end);
	1151	return ngx_http_v2_state_header_block(h2c, pos, end);
1149	1152	}
1150	1153
1151	1154	h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,

1165	1168	NGX_HTTP_V2_INTERNAL_ERROR);
1166	1169	}
1167	1170
1168		return ngx_http_v2_state_skip_headers(h2c, pos, end);
	1171	return ngx_http_v2_state_header_block(h2c, pos, end);
1169	1172	}
1170	1173
1171	1174	node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 1);

1184	1187	return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
1185	1188	}
1186	1189
	1190	h2c->state.stream = stream;
	1191
	1192	stream->pool = h2c->state.pool;
	1193	h2c->state.keep_pool = 1;
	1194
1187	1195	stream->request->request_length = h2c->state.length;
1188	1196
1189	1197	stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG;
1190	1198	stream->node = node;
1191	1199
1192	1200	node->stream = stream;
1193
1194		h2c->state.stream = stream;
1195		h2c->state.pool = stream->request->pool;
1196	1201
1197	1202	if (priority \|\| node->parent == NULL) {
1198	1203	node->weight = weight;

1685	1690	error:
1686	1691
1687	1692	h2c->state.stream = NULL;
1688		h2c->state.pool = NULL;
1689	1693
1690	1694	return ngx_http_v2_state_header_complete(h2c, pos, end);
1691	1695	}

1698	1702	ngx_http_v2_stream_t *stream;
1699	1703
1700	1704	if (h2c->state.length) {
1701		h2c->state.handler = h2c->state.pool ? ngx_http_v2_state_header_block
1702		: ngx_http_v2_state_skip_headers;
	1705	h2c->state.handler = ngx_http_v2_state_header_block;
1703	1706	return pos;
1704	1707	}
1705	1708

1712	1715
1713	1716	if (stream) {
1714	1717	ngx_http_v2_run_request(stream->request);
1715
1716		} else if (h2c->state.pool) {
	1718	}
	1719
	1720	if (!h2c->state.keep_pool) {
1717	1721	ngx_destroy_pool(h2c->state.pool);
1718	1722	}
1719	1723
1720	1724	h2c->state.pool = NULL;
	1725	h2c->state.keep_pool = 0;
1721	1726
1722	1727	if (h2c->state.padding) {
1723	1728	return ngx_http_v2_state_skip_padded(h2c, pos, end);

2332	2337	"http2 frame skip %uz", h2c->state.length);
2333	2338
2334	2339	return ngx_http_v2_state_complete(h2c, pos + h2c->state.length, end);
2335		}
2336
2337
2338		static u_char *
2339		ngx_http_v2_state_skip_headers(ngx_http_v2_connection_t h2c, u_char pos,
2340		u_char *end)
2341		{
2342		h2c->state.pool = ngx_create_pool(1024, h2c->connection->log);
2343		if (h2c->state.pool == NULL) {
2344		return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
2345		}
2346
2347		return ngx_http_v2_state_header_block(h2c, pos, end);
2348	2340	}
2349	2341
2350	2342

3632	3624	void
3633	3625	ngx_http_v2_close_stream(ngx_http_v2_stream_t *stream, ngx_int_t rc)
3634	3626	{
	3627	ngx_pool_t *pool;
3635	3628	ngx_event_t *ev;
3636	3629	ngx_connection_t *fc;
3637	3630	ngx_http_v2_node_t *node;

3669	3662	ngx_queue_insert_tail(&h2c->closed, &node->reuse);
3670	3663	h2c->closed_nodes++;
3671	3664
	3665	/*
	3666	* This pool keeps decoded request headers which can be used by log phase
	3667	* handlers in ngx_http_free_request().
	3668	*
	3669	* The pointer is stored into local variable because the stream object
	3670	* will be destroyed after a call to ngx_http_free_request().
	3671	*/
	3672	pool = stream->pool;
	3673
3672	3674	ngx_http_free_request(stream->request, rc);
	3675
	3676	if (pool != h2c->state.pool) {
	3677	ngx_destroy_pool(pool);
	3678
	3679	} else {
	3680	/* pool will be destroyed when the complete header is parsed */
	3681	h2c->state.keep_pool = 0;
	3682	}
3673	3683
3674	3684	ev = fc->read;
3675	3685

3824	3834
3825	3835	if (h2c->state.stream) {
3826	3836	h2c->state.stream->out_closed = 1;
3827		h2c->state.pool = NULL;
3828	3837	ngx_http_v2_close_stream(h2c->state.stream, NGX_HTTP_BAD_REQUEST);
3829	3838	}
3830	3839

-0

src/http/v2/ngx_http_v2.h less more

72	72	unsigned flags:8;
73	73
74	74	unsigned incomplete:1;
	75	unsigned keep_pool:1;
75	76
76	77	/* HPACK */
77	78	unsigned parse_name:1;

185	186
186	187	size_t header_limit;
187	188
	189	ngx_pool_t *pool;
	190
188	191	unsigned handled:1;
189	192	unsigned blocked:1;
190	193	unsigned exhausted:1;