diff --git a/backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch b/backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch new file mode 100644 index 0000000000000000000000000000000000000000..0febdc8c05b32acb0d659e1dbb60e488ae9967e3 --- /dev/null +++ b/backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch @@ -0,0 +1,85 @@ +From 365378bfdf283650ce1ac152348ca59b6d4c32c1 Mon Sep 17 00:00:00 2001 +From: Olivier Houchard +Date: Mon, 23 Dec 2024 14:17:25 +0000 +Subject: [PATCH] BUG/MEDIUM: queue: Make process_srv_queue return the number + of streams + +Make process_srv_queue() return the number of streams unqueued, as +pendconn_grab_from_px() did, as that number is used by +srv_update_status() to generate logs. + +This should be backported up to 2.6 with +111ea83ed4e13ac3ab028ed5e95201a1b4aa82b8 + +(cherry picked from commit 5b8899b6ccc7dab3a54a51dcb8ba1512bd0c886c) +Signed-off-by: Christopher Faulet +(cherry picked from commit 70588a16903002709cf3c84255ad8ded73f8e584) +Signed-off-by: Christopher Faulet + +Conflict:NA +Reference:https://git.haproxy.org/?p=haproxy-3.0.git;a=patch;h=365378bfdf283650ce1ac152348ca59b6d4c32c1 +--- + include/haproxy/queue.h | 2 +- + src/queue.c | 3 ++- + src/server.c | 4 ++-- + 3 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/include/haproxy/queue.h b/include/haproxy/queue.h +index e4201fb..4896f71 100644 +--- a/include/haproxy/queue.h ++++ b/include/haproxy/queue.h +@@ -34,7 +34,7 @@ extern struct pool_head *pool_head_pendconn; + + struct pendconn *pendconn_add(struct stream *strm); + int pendconn_dequeue(struct stream *strm); +-void process_srv_queue(struct server *s); ++int process_srv_queue(struct server *s); + unsigned int srv_dynamic_maxconn(const struct server *s); + int pendconn_redistribute(struct server *s); + int pendconn_grab_from_px(struct server *s); +diff --git a/src/queue.c b/src/queue.c +index a5537fc..892c942 100644 +--- a/src/queue.c ++++ b/src/queue.c +@@ -354,7 +354,7 @@ static int pendconn_process_next_strm(struct server *srv, struct proxy *px, int + /* Manages a server's connection queue. This function will try to dequeue as + * many pending streams as possible, and wake them up. + */ +-void process_srv_queue(struct server *s) ++int process_srv_queue(struct server *s) + { + struct server *ref = s->track ? s->track : s; + struct proxy *p = s->proxy; +@@ -413,6 +413,7 @@ void process_srv_queue(struct server *s) + if (p->lbprm.server_take_conn) + p->lbprm.server_take_conn(s); + } ++ return done; + } + + /* Adds the stream to the pending connection queue of server ->srv +diff --git a/src/server.c b/src/server.c +index 95a8b67..281db13 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -6396,7 +6396,7 @@ static int _srv_update_status_op(struct server *s, enum srv_op_st_chg_cause caus + /* check if we can handle some connections queued. + * We will take as many as we can handle. + */ +- process_srv_queue(s); ++ xferred = process_srv_queue(s); + + tmptrash = alloc_trash_chunk(); + if (tmptrash) { +@@ -6582,7 +6582,7 @@ static int _srv_update_status_adm(struct server *s, enum srv_adm_st_chg_cause ca + /* check if we can handle some connections queued. + * We will take as many as we can handle. + */ +- process_srv_queue(s); ++ xferred = process_srv_queue(s); + } + else if (s->next_admin & SRV_ADMF_MAINT) { + /* remaining in maintenance mode, let's inform precisely about the +-- +1.7.10.4 + diff --git a/backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch b/backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch new file mode 100644 index 0000000000000000000000000000000000000000..81ba2d8a874a838288bfb25e98eeeab311ebf87a --- /dev/null +++ b/backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch @@ -0,0 +1,87 @@ +From b495692898072d6a843d36d4e66aae42e88a7c95 Mon Sep 17 00:00:00 2001 +From: Olivier Houchard +Date: Tue, 17 Dec 2024 15:39:21 +0100 +Subject: [PATCH] BUG/MEDIUM: queues: Do not use pendconn_grab_from_px(). + +pendconn_grab_from_px() was called when a server was brought back up, to +get some streams waiting in the proxy's queue and get them to run on the +newly available server. It is very similar to process_srv_queue(), +except it only goes through the proxy's queue, which can be a problem, +because there is a small race condition that could lead us to add more +streams to the server queue just as it's going down. If that happens, +the server would just be ignored when back up by new streams, as its +queue is not empty, and it would never try to process its queue. +The other problem with pendconn_grab_from_px() is that it is very +liberal with how it dequeues streams, and it is not very good at +enforcing maxconn, it could lead to having 3*maxconn connections. +For both those reasons, just get rid of pendconn_grab_from_px(), and +just use process_srv_queue(). +Both problems are easy to reproduce, especially on a 64 threads machine, +set a maxconn to 100, inject in H2 with 1000 concurrent connections +containing up to 100 streams each, and after a few seconds/minutes the +max number of concurrent output streams will be much higher than +maxconn, and eventually the server will stop processing connections. + +It may be related to github issue #2744. Note that it doesn't totally +fix the problem, we can occasionally see a few more connections than +maxconn, but the max that have been observed is 4 more connections, we +no longer get multiple times maxconn. + +have more outgoing connections than maxconn, +This should be backported up to 2.6. + +(cherry picked from commit 111ea83ed4e13ac3ab028ed5e95201a1b4aa82b8) +Signed-off-by: Christopher Faulet +(cherry picked from commit ab4ff1b7a6c7685f28fbdea01b38caf7e816fddf) +Signed-off-by: Christopher Faulet + +Conflict:NA +Reference:https://git.haproxy.org/?p=haproxy-3.0.git;a=patch;h=b495692898072d6a843d36d4e66aae42e88a7c95 +--- + src/server.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/server.c b/src/server.c +index 5b0f9f3..95a8b67 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -5587,7 +5587,7 @@ static struct task *server_warmup(struct task *t, void *context, unsigned int st + server_recalc_eweight(s, 1); + + /* probably that we can refill this server with a bit more connections */ +- pendconn_grab_from_px(s); ++ process_srv_queue(s); + + HA_SPIN_UNLOCK(SERVER_LOCK, &s->lock); + +@@ -6393,10 +6393,10 @@ static int _srv_update_status_op(struct server *s, enum srv_op_st_chg_cause caus + !(s->flags & SRV_F_BACKUP) && s->next_eweight) + srv_shutdown_backup_streams(s->proxy, SF_ERR_UP); + +- /* check if we can handle some connections queued at the proxy. We +- * will take as many as we can handle. ++ /* check if we can handle some connections queued. ++ * We will take as many as we can handle. + */ +- xferred = pendconn_grab_from_px(s); ++ process_srv_queue(s); + + tmptrash = alloc_trash_chunk(); + if (tmptrash) { +@@ -6579,10 +6579,10 @@ static int _srv_update_status_adm(struct server *s, enum srv_adm_st_chg_cause ca + !(s->flags & SRV_F_BACKUP) && s->next_eweight) + srv_shutdown_backup_streams(s->proxy, SF_ERR_UP); + +- /* check if we can handle some connections queued at the proxy. We +- * will take as many as we can handle. ++ /* check if we can handle some connections queued. ++ * We will take as many as we can handle. + */ +- xferred = pendconn_grab_from_px(s); ++ process_srv_queue(s); + } + else if (s->next_admin & SRV_ADMF_MAINT) { + /* remaining in maintenance mode, let's inform precisely about the +-- +1.7.10.4 + diff --git a/backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch b/backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch new file mode 100644 index 0000000000000000000000000000000000000000..1ef1b5c406888990486f81e291a32ef9b88945fb --- /dev/null +++ b/backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch @@ -0,0 +1,48 @@ +From 2de073ef00ee7d87aa82064dd2977645ec694730 Mon Sep 17 00:00:00 2001 +From: Olivier Houchard +Date: Fri, 13 Dec 2024 17:11:05 +0000 +Subject: [PATCH] BUG/MEDIUM: queues: Make sure we call process_srv_queue() + when leaving + +In stream_free(), make sure we call process_srv_queue() each time we +call sess_change_server(), otherwise a server may end up not dequeuing +any stream when it could do so. In some extreme cases it could lead to +an infinite loop, as the server would appear to be available, as its +"served" parameter would be < maxconn, but would end up not being used, +as there are elements still in its queue. + +This should be backported up to 2.6. + +(cherry picked from commit dc9ce9c26469e00ab71fe6387dbd13010d4930f0) +Signed-off-by: Christopher Faulet +(cherry picked from commit 1385e4ca16b3797b0091a959b626935cd7f29b38) +Signed-off-by: Christopher Faulet + +Conflict:NA +Reference:https://git.haproxy.org/?p=haproxy-3.0.git;a=patch;h=2de073ef00ee7d87aa82064dd2977645ec694730 +--- + src/stream.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/stream.c b/src/stream.c +index 72d0f37..1a801b2 100644 +--- a/src/stream.c ++++ b/src/stream.c +@@ -624,11 +624,14 @@ void stream_free(struct stream *s) + } + + if (unlikely(s->srv_conn)) { ++ struct server *oldsrv = s->srv_conn; + /* the stream still has a reserved slot on a server, but + * it should normally be only the same as the one above, + * so this should not happen in fact. + */ + sess_change_server(s, NULL); ++ if (may_dequeue_tasks(oldsrv, s->be)) ++ process_srv_queue(oldsrv); + } + + /* We may still be present in the buffer wait queue */ +-- +1.7.10.4 + diff --git a/haproxy.spec b/haproxy.spec index f4169a533cb156ecfbd4e0707d488e68e962afc3..bfa073cdc3c0c43c15010e2f2377f7da5f8b1643 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -5,7 +5,7 @@ Name: haproxy Version: 3.0.7 -Release: 1 +Release: 2 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPL-2.0-or-later @@ -16,6 +16,10 @@ Source2: %{name}.cfg Source3: %{name}.logrotate Source4: %{name}.sysconfig +Patch1: backport-BUG-MEDIUM-queues-Do-not-use-pendconn_grab_from_px.patch +Patch2: backport-BUG-MEDIUM-queues-Make-sure-we-call-process_srv_queu.patch +Patch3: backport-BUG-MEDIUM-queue-Make-process_srv_queue-return-the-n.patch + BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic Requires(pre): shadow-utils %{?systemd_requires} @@ -114,6 +118,14 @@ exit 0 %{_mandir}/man1/* %changelog +* Wed Mar 19 2025 yanglu - 3.0.7-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:queues:Do not use pendconn_grab_from_px + queues:Make sure we call process_srv_queue when leaving + queue:Make process_srv_queue return the number of streams + * Thu Jan 02 2025 Funda Wang - 3.0.7-1 - Update to 3.0.7