https://issues.apache.org/bugzilla/show_bug.cgi?id=56639
Bug ID: 56639
Summary: Race condition in Event MPM
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Keywords: PatchAvailable
Severity: normal
Priority: P2
Component: mpm_event
Assignee: [email protected]
Reporter: [email protected]
Created attachment 31725
--> https://issues.apache.org/bugzilla/attachment.cgi?id=31725&action=edit
Fix event MPM race condition on connection scoreboard handle
In event.c, process_socket(), if a worker thread is put into the lingering
close state, it is put into the linger_q (or short_linger_q). Shortly
afterward, the scoreboard handle of the connection handled by that thread is
set to NULL. Meanwhile, in the listener thread, process_lingering_close() is
called on any connections in the linger_q that are closed. This also clears the
transaction pool, making it available for other workers to use. Most of the
time, this is fine, but in the worst case, this can result in a race condition;
the listener thread may assign the pool to another thread between the time the
pool is cleared and the time c->sbh is set to NULL. This can be a problem for
third-party modules which access the scoreboard using the connection scoreboard
handle at arbitrary times.
This problem appears to be very close to revision 1538490, but that fix covers
every case except for the lingering close fixed here.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
