Fwd: 1.17.5 regression
Gábor Boskovits
boskovits at gmail.com
Tue Dec 24 16:54:01 UTC 2019
Maxim Dounin <mdounin at mdounin.ru> ezt írta (időpont: 2019. dec. 24., K, 17:46):
>
> Hello!
>
> On Tue, Dec 24, 2019 at 04:45:20PM +0100, Gábor Boskovits wrote:
>
> > Maxim Dounin <mdounin at mdounin.ru> ezt írta (időpont: 2019. dec. 23., H, 20:28):
> > >
> > > Hello!
> > >
> > > On Wed, Dec 18, 2019 at 08:24:25PM +0300, Maxim Dounin wrote:
> > >
> > > > On Mon, Dec 16, 2019 at 03:02:37PM +0100, Gábor Boskovits wrote:
> > > >
> > > > > On berlin.guix.gnu.org we observed a regression upon upgrading nginx
> > > > > to 1.17.5. The problem was, when pipelining request to a proxy using
> > > > > tls, we suddenly started to get 408 client timeouts, manifesting in
> > > > > dropped connections. Currently we worked around the issue by
> > > > > downgrading to 1.17.4. I have collected some information about the
> > > > > problem here:
> > > > > https://gitlab.com/g_bor/fix-nginx-tls
> > > > > It contains the logs from the good and the bad version, a full nginx
> > > > > config, some info about how nginx was built. I managed to bisect the
> > > > > problem down to changeset 9d2ad2fb4423, which introduced the problem.
> > > > > Any help in further debuggin this would be greatly appreciated.
> > > >
> > > > Thanks for the report, it indeed looks like a bug introduced
> > > > in 9d2ad2fb4423.
> > > >
> > > > The problem is that c->read->handler is overwritted when switching
> > > > to the next pipelined request, ngx_ssl_next_read_handler() is not
> > > > called, and c->read->ready remains not set. I'll take a look how
> > > > to fix it properly.
> > >
> > > Please try the following patch:
> > >
> > > # HG changeset patch
> > > # User Maxim Dounin <mdounin at mdounin.ru>
> > > # Date 1577129029 -10800
> > > # Mon Dec 23 22:23:49 2019 +0300
> > > # Node ID c2dc6bfd2a0bce28618ef96b87fbdb63c6010575
> > > # Parent 8e64e11aaca02d50649cd2d9b448508f5b268062
> > > SSL: reworked posted next events.
> > >
> > > Introduced in 9d2ad2fb4423 available bytes handling in SSL relied
> > > on connection read handler being overwritten to set the ready flag
> > > and the amount of available bytes. This approach is, however, does
> > > not work properly when connection read handler is changed, for example,
> > > when switching to a next pipelined request, and can result in unexpected
> > > connection timeouts, see here:
> > >
> > > http://mailman.nginx.org/pipermail/nginx-devel/2019-December/012825.html
> > >
> > > Fix is to introduce ngx_event_process_posted_next() instead, which
> > > will set ready and available regardless of how event handler is set.
>
> [...]
>
> > Thanks for having a look at this. I will coordinate with others as
> > when can we schedule a service restart.
> > I will report back with the results soon.
> >
> > I wish you a merry christmas, and thanks for the great work all around the year!
>
> Just to make sure it's known: the patch above was committed after
> internal review/testing, and it is available as part of the 1.17.7
> release.
Thanks very much for the info.
>
> Merry Christmas!
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
Best regards,
g_bor
--
OpenPGP Key Fingerprint: 7988:3B9F:7D6A:4DBF:3719:0367:2506:A96C:CF63:0B21
More information about the nginx-devel
mailing list