Potential bug in ngx_event.c
Maxim Dounin
mdounin at mdounin.ru
Fri Aug 30 14:19:29 UTC 2019
Hello!
On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote:
> While browsing the source I noticed something that seemed wrong, even
> though I haven't observed any buggy behavior or have reproduced this bug
> myself. In ngx_event.c there is a line:
>
> if (ngx_shmtx_create(&ngx_accept_mutex, (ngx_shmtx_sh_t *) shared,
> cycle->lock_file.data)
> != NGX_OK)
> {
> return NGX_ERROR;
> }
>
> ngx_shmtx_create() is passed &ngx_accept_mutex, but this must be a
> pointer to a shared memory region otherwise the sem_wait()/sem_post()
> calls in ngx_shmtx.c will not function correctly. &ngx_accept_mutex is a
> pointer to BSS, ngx_accept_mutex_ptr is a pointer to shared memory. Is
> this intentional?
Yes, this is intentional.
The first agument of the ngx_shmtx_create() function is a pointer
to the ngx_shmtx_t structure, which is not expected to be shared
between processes. Copy of the structure as created by fork() is
enough.
Only ngx_shmtx_sh_t - which is used to store atomic variables with
lock and wait counter - needs to be shared. And it is shared, as
"(ngx_shmtx_sh_t *) shared" is used as the second argument.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list