Nginx 1.1.9 Linux AIO segfault

Maxim Dounin mdounin на mdounin.ru
Вт Ноя 29 14:38:56 UTC 2011


Hello!

On Tue, Nov 29, 2011 at 06:03:43AM -0500, INF[SZ] wrote:

> Игорь, вот 4 гига core dump меньше чем за
> минуту http://centos.alt.ru/pub/temp/nginx/core/
> 
> Проблема 100% повторяема при
> одновременном наличии двух опций в
> одной локации 
> 
> 1. aio on;
> 2. directio 512;
> 
> Пример 
> 
> location /repository {
>     root   /var/ftp/pub;
>     autoindex on;
>     aio on;
>     directio 256;
> }
> 
> 
> В Nginx 1.1.8 проблема отсутствует.

Патч прилагается.

Maxim Dounin
-------------- next part --------------
# HG changeset patch
# User Maxim Dounin <mdounin at mdounin.ru>
# Date 1322577234 -10800
# Node ID 22cdd4c1a352f25fa3c5a2ece4f1613da5cf815b
# Parent  583a3cd2773c95a8741a8e5c15f1afc61307b87e
Fixed AIO on Linux, broken in r4306.

Events from eventfd do not have c->write set, and the stale event
check added in r4306 causes null pointer dereference.

diff --git a/src/event/modules/ngx_epoll_module.c b/src/event/modules/ngx_epoll_module.c
--- a/src/event/modules/ngx_epoll_module.c
+++ b/src/event/modules/ngx_epoll_module.c
@@ -681,19 +681,19 @@ ngx_epoll_process_events(ngx_cycle_t *cy
 
         wev = c->write;
 
-        if (c->fd == -1 || wev->instance != instance) {
+        if ((revents & EPOLLOUT) && wev->active) {
 
-            /*
-             * the stale event from a file descriptor
-             * that was just closed in this iteration
-             */
+            if (c->fd == -1 || wev->instance != instance) {
 
-            ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
-                           "epoll: stale event %p", c);
-            continue;
-        }
+                /*
+                 * the stale event from a file descriptor
+                 * that was just closed in this iteration
+                 */
 
-        if ((revents & EPOLLOUT) && wev->active) {
+                ngx_log_debug1(NGX_LOG_DEBUG_EVENT, cycle->log, 0,
+                               "epoll: stale event %p", c);
+                continue;
+            }
 
             if (flags & NGX_POST_THREAD_EVENTS) {
                 wev->posted_ready = 1;


Подробная информация о списке рассылки nginx-ru