[PATCH] HTTP/2: fixed closed_nodes overflow (ticket #1708)
Sergey Kandaurov
pluknet at nginx.com
Thu Feb 3 17:49:58 UTC 2022
> On 2 Feb 2022, at 06:26, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> # HG changeset patch
> # User Maxim Dounin <mdounin at mdounin.ru>
> # Date 1643772371 -10800
> # Wed Feb 02 06:26:11 2022 +0300
> # Node ID 0b272d5fd6bd0dcca6dcca8f27f8fcde33119159
> # Parent dd718d1cef3c2ca2754a21176be3318b00be9e62
> HTTP/2: fixed closed_nodes overflow (ticket #1708).
>
> With large http2_max_concurrent_streams or http2_max_concurrent_pushes, more
> than 255 ngx_http_v2_node_t structures might be allocated, eventually leading
> to h2c->closed_nodes overflow when closing corresponding streams. This will
> in turn result in additional allocations in ngx_http_v2_get_node_by_id().
>
> While mostly harmless, it can result in excessive memory usage by a HTTP/2
> connection, notably in configurations with many keepalive_requests allowed.
> Fix is to use ngx_uint_t for h2c->closed_nodes instead of unsigned:8.
>
> diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
> --- a/src/http/v2/ngx_http_v2.h
> +++ b/src/http/v2/ngx_http_v2.h
> @@ -153,12 +153,12 @@ struct ngx_http_v2_connection_s {
> ngx_queue_t dependencies;
> ngx_queue_t closed;
>
> + ngx_uint_t closed_nodes;
> ngx_uint_t last_sid;
> ngx_uint_t last_push;
>
> time_t lingering_time;
>
> - unsigned closed_nodes:8;
> unsigned settings_ack:1;
> unsigned table_update:1;
> unsigned blocked:1;
>
Looks good.
A minor point is that now h2c will typically increase by 8 bytes.
--
Sergey Kandaurov
More information about the nginx-devel
mailing list