Fwd: 1.17.5 regression

Maxim Dounin mdounin at mdounin.ru
Tue Dec 24 16:46:02 UTC 2019 

Hello!

On Tue, Dec 24, 2019 at 04:45:20PM +0100, Gábor Boskovits wrote:

> Maxim Dounin <mdounin at mdounin.ru> ezt írta (időpont: 2019. dec. 23., H, 20:28):
> >
> > Hello!
> >
> > On Wed, Dec 18, 2019 at 08:24:25PM +0300, Maxim Dounin wrote:
> >
> > > On Mon, Dec 16, 2019 at 03:02:37PM +0100, Gábor Boskovits wrote:
> > >
> > > > On berlin.guix.gnu.org we observed a regression upon upgrading nginx
> > > > to 1.17.5. The problem was, when pipelining request to a proxy using
> > > > tls, we suddenly started to get 408 client timeouts, manifesting in
> > > > dropped connections. Currently we worked around the issue by
> > > > downgrading to 1.17.4. I have collected some information about the
> > > > problem here:
> > > > https://gitlab.com/g_bor/fix-nginx-tls
> > > > It contains the logs from the good and the bad version, a full nginx
> > > > config, some info about how nginx was built. I managed to bisect the
> > > > problem down to changeset 9d2ad2fb4423, which introduced the problem.
> > > > Any help in further debuggin this would be greatly appreciated.
> > >
> > > Thanks for the report, it indeed looks like a bug introduced
> > > in 9d2ad2fb4423.
> > >
> > > The problem is that c->read->handler is overwritted when switching
> > > to the next pipelined request, ngx_ssl_next_read_handler() is not
> > > called, and c->read->ready remains not set.  I'll take a look how
> > > to fix it properly.
> >
> > Please try the following patch:
> >
> > # HG changeset patch
> > # User Maxim Dounin <mdounin at mdounin.ru>
> > # Date 1577129029 -10800
> > #      Mon Dec 23 22:23:49 2019 +0300
> > # Node ID c2dc6bfd2a0bce28618ef96b87fbdb63c6010575
> > # Parent  8e64e11aaca02d50649cd2d9b448508f5b268062
> > SSL: reworked posted next events.
> >
> > Introduced in 9d2ad2fb4423 available bytes handling in SSL relied
> > on connection read handler being overwritten to set the ready flag
> > and the amount of available bytes.  This approach is, however, does
> > not work properly when connection read handler is changed, for example,
> > when switching to a next pipelined request, and can result in unexpected
> > connection timeouts, see here:
> >
> > http://mailman.nginx.org/pipermail/nginx-devel/2019-December/012825.html
> >
> > Fix is to introduce ngx_event_process_posted_next() instead, which
> > will set ready and available regardless of how event handler is set.

[...]

> Thanks for having a  look at this. I will coordinate with others as
> when can we schedule a service restart.
> I will report back with the results soon.
> 
> I wish you a merry christmas, and thanks for the great work all around the year!

Just to make sure it's known: the patch above was committed after 
internal review/testing, and it is available as part of the 1.17.7 
release.

Merry Christmas!

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx-devel mailing list