Nginx eats 100% cpu in ngx_event_pipe_write_to_downstream

Maxim Dounin mdounin at mdounin.ru
Sat May 11 22:56:34 UTC 2013 

Hello!

On Sat, May 11, 2013 at 04:23:00PM -0300, Breno Silva wrote:

> Hello list,
> 
> We are porting ModSecurity to NGINX. However we are seeing sometimes an
> issue. Nginx eats 100% of cpu and when i use gdb i see:
> 
> gdb -p 8645
> 
> ngx_event_pipe_write_to_downstream (p=0x9bbc720, do_write=0) at
> src/event/ngx_event_pipe.c:551
> 
> 551 if (cl->buf->recycled) {
> (gdb)
> 
> Looks like it is happening when we call ngx_http_modsecurity_body_filter()
> then go to this conditions;
> 
>     rc = move_chain_to_brigade(in, ctx->brigade, r->pool, 0);
> 
>     if (rc != NGX_OK)  {
> 
>         r->buffered |= NGX_HTTP_SSI_BUFFERED;
> 
>         return rc;
> 
>      }
> 
> move_chainto_brigade is defined as:
> 
> 
> ngx_int_t
> 
> move_chain_to_brigade(ngx_chain_t *chain, apr_bucket_brigade *bb,
> ngx_pool_t *pool, ngx_int_t last_buf) {
> 
>     apr_bucket         *e;
> 
>     ngx_chain_t        *cl;
> 
> 
>     while (chain) {
> 
>         e = ngx_buf_to_apr_bucket(chain->buf, bb->p, bb->bucket_alloc);
> 
>         if (e == NULL) {
> 
>             return NGX_ERROR;
> 
>         }
> 
> 
>         APR_BRIGADE_INSERT_TAIL(bb, e);
> 
>         if (chain->buf->last_buf) {
> 
>             e = apr_bucket_eos_create(bb->bucket_alloc);
> 
>             APR_BRIGADE_INSERT_TAIL(bb, e);
> 
>             chain->buf->last_buf = 0;
> 
>             return NGX_OK;
> 
>         }
> 
>         cl = chain;
> 
>         chain = chain->next;
> 
>         ngx_free_chain(pool, cl);
> 
>     }
> 
> 
>     if (last_buf) {
> 
>         e = apr_bucket_eos_create(bb->bucket_alloc);
> 
>         APR_BRIGADE_INSERT_TAIL(bb, e);
> 
>         return NGX_OK;
> 
>     }
> 
>     return NGX_AGAIN;
> 
> }
> Let me know if you guys can help us understanding why sometimes we trigger
> this issue

It looks like your code modify chain links (ngx_chain_t 
structures) as got by your response body filter.  This is not 
something filters are allowed to do, and results are undefined.  
If a filter needs to modify chain, it should allocate it's own 
chain links.

In the code quoted you probably don't want to touch chain links at 
all.  

-- 
Maxim Dounin
http://nginx.org/en/donation.html

More information about the nginx-devel mailing list