fix race condition if during reconfiguration two cache managers try
to delete old inactive entries: one of them removes a entry just locked by
other manager from the queue and the rbtree as long inactive entry,
causes the latter manager to segfault leaving cache mutex locked,
the bug has been introduced in r3727
Igor Sysoev
11 years ago
| 42 | 42 | unsigned error:10; |
| 43 | 43 | unsigned exists:1; |
| 44 | 44 | unsigned updating:1; |
| 45 | /* 12 unused bits */ | |
| 45 | unsigned deleting:1; | |
| 46 | /* 11 unused bits */ | |
| 46 | 47 | |
| 47 | 48 | ngx_file_uniq_t uniq; |
| 48 | 49 | time_t expire; |
| 581 | 581 | fcn->uses = 1; |
| 582 | 582 | fcn->count = 1; |
| 583 | 583 | fcn->updating = 0; |
| 584 | fcn->deleting = 0; | |
| 584 | 585 | |
| 585 | 586 | renew: |
| 586 | 587 | |
| 1101 | 1102 | continue; |
| 1102 | 1103 | } |
| 1103 | 1104 | |
| 1105 | if (fcn->deleting) { | |
| 1106 | continue; | |
| 1107 | } | |
| 1108 | ||
| 1104 | 1109 | p = ngx_hex_dump(key, (u_char *) &fcn->node.key, |
| 1105 | 1110 | sizeof(ngx_rbtree_key_t)); |
| 1106 | 1111 | len = NGX_HTTP_CACHE_KEY_LEN - sizeof(ngx_rbtree_key_t); |
| 1152 | 1157 | *p = '\0'; |
| 1153 | 1158 | |
| 1154 | 1159 | fcn->count++; |
| 1160 | fcn->deleting = 1; | |
| 1155 | 1161 | ngx_shmtx_unlock(&cache->shpool->mutex); |
| 1156 | 1162 | |
| 1157 | 1163 | len = path->name.len + 1 + path->len + 2 * NGX_HTTP_CACHE_KEY_LEN; |
| 1167 | 1173 | |
| 1168 | 1174 | ngx_shmtx_lock(&cache->shpool->mutex); |
| 1169 | 1175 | fcn->count--; |
| 1176 | fcn->deleting = 0; | |
| 1170 | 1177 | } |
| 1171 | 1178 | |
| 1172 | 1179 | if (fcn->count == 0) { |
| 1430 | 1437 | fcn->error = 0; |
| 1431 | 1438 | fcn->exists = 1; |
| 1432 | 1439 | fcn->updating = 0; |
| 1440 | fcn->deleting = 0; | |
| 1433 | 1441 | fcn->uniq = c->uniq; |
| 1434 | 1442 | fcn->valid_sec = c->valid_sec; |
| 1435 | 1443 | fcn->body_start = c->body_start; |