From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 22 Mar 2021 12:29:52 +0000 (+0100)
Subject: BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback
X-Git-Tag: v2.3.8~20
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=2b7a3c474c52ef89c48fb66f16b084b4ee196367;p=haproxy-2.3.git

BUG/MEDIUM: mux-fcgi: Fix locking of idle_conns lock in the FCGI I/O callback

When the commit e388f2fbc ("MEDIUM: muxes: mark idle conns tasklets with
TASK_F_USR1") was backported (commit id b360bb88 on the 2.3), a call to
HA_SPIN_UNLOCK() was missed and not moved in the right code block. Thus it
is possible to unlock the idle_conns lock while it was never acquired.

This patch should fix the issue #1191. It is 2.3 specific, thus there is no
upstream commid id. No backport is needed except if commit b360bb88 is
backported.
---

diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 08dde23..5f3989a 100644
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -2957,13 +2957,14 @@ struct task *fcgi_io_cb(struct task *t, void *ctx, unsigned short status)
 		conn_in_list = conn->flags & CO_FL_LIST_MASK;
 		if (conn_in_list)
 			MT_LIST_DEL(&conn->list);
+
+		HA_SPIN_UNLOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
 	} else {
 		/* we're certain the connection was not in an idle list */
 		conn = fconn->conn;
 		TRACE_ENTER(FCGI_EV_FCONN_WAKE, conn);
 		conn_in_list = 0;
 	}
-	HA_SPIN_UNLOCK(OTHER_LOCK, &idle_conns[tid].takeover_lock);
 
 	if (!(fconn->wait_event.events & SUB_RETRY_SEND))
 		ret = fcgi_send(fconn);