修正部分TCP处理流程中FD所有权转移有误,导致的fd潜在的double-free。
This commit is contained in:
luqiuwen
@@ -28,8 +28,6 @@ void ssl_stream_process_zero_eof(struct ssl_stream * s_stream, struct ssl_mgr* m
|
||||
|
||||
|
||||
enum ssl_stream_action ssl_upstream_create_result_release_action(future_result_t * result);
|
||||
evutil_socket_t ssl_upstream_create_result_release_fd(future_result_t * result);
|
||||
|
||||
struct ssl_stream * ssl_upstream_create_result_release_stream(future_result_t * result);
|
||||
struct bufferevent * ssl_upstream_create_result_release_bev(future_result_t * result);
|
||||
void ssl_async_upstream_create(struct future * f, struct ssl_mgr * mgr, evutil_socket_t fd_upstream,
|
||||
|
||||
@@ -950,14 +950,15 @@ void ssl_downstream_create_on_success(future_result_t * result, void * user)
|
||||
{
|
||||
struct tfe_stream_private * _stream = (struct tfe_stream_private *) user;
|
||||
struct ssl_stream * downstream = ssl_downstream_create_result_release_stream(result);
|
||||
|
||||
struct bufferevent * bev = ssl_downstream_create_result_release_bev(result);
|
||||
_stream->defer_fd_downstream = 0;
|
||||
|
||||
_stream->conn_downstream = __conn_private_create_by_bev(_stream, bev);
|
||||
_stream->ssl_downstream = downstream;
|
||||
|
||||
future_destroy(_stream->future_downstream_create);
|
||||
_stream->future_downstream_create = NULL;
|
||||
_stream->defer_fd_downstream = 0;
|
||||
|
||||
assert(_stream->conn_downstream != NULL && _stream->conn_upstream != NULL);
|
||||
|
||||
@@ -988,19 +989,17 @@ void ssl_downstream_create_on_fail(enum e_future_error err, const char * what, v
|
||||
void ssl_upstream_create_on_success(future_result_t * result, void * user)
|
||||
{
|
||||
struct tfe_stream_private * _stream = (struct tfe_stream_private *) user;
|
||||
evutil_socket_t fd=-1;
|
||||
enum ssl_stream_action ssl_action=ssl_upstream_create_result_release_action(result);
|
||||
if(SSL_ACTION_PASSTHROUGH==ssl_action)
|
||||
evutil_socket_t fd = -1;
|
||||
enum ssl_stream_action ssl_action = ssl_upstream_create_result_release_action(result);
|
||||
if (SSL_ACTION_PASSTHROUGH == ssl_action)
|
||||
{
|
||||
_stream->tcp_passthough=1;
|
||||
fd=ssl_upstream_create_result_release_fd(result);
|
||||
_stream->conn_upstream=__conn_private_create_by_fd(_stream, fd);
|
||||
_stream->conn_downstream=__conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
|
||||
_stream->tcp_passthough = 1;
|
||||
_stream->conn_upstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_upstream);
|
||||
_stream->conn_downstream = __conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
|
||||
__conn_private_enable(_stream->conn_downstream);
|
||||
__conn_private_enable(_stream->conn_upstream);
|
||||
|
||||
}
|
||||
else if(SSL_ACTION_SHUTDOWN==ssl_action)
|
||||
else if (SSL_ACTION_SHUTDOWN == ssl_action)
|
||||
{
|
||||
tfe_stream_destory(_stream);
|
||||
}
|
||||
@@ -1010,7 +1009,8 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
|
||||
struct bufferevent * bev = ssl_upstream_create_result_release_bev(result);
|
||||
assert(upstream != NULL && bev != NULL);
|
||||
|
||||
/* Create connection ctx by bev */
|
||||
/* Create connection ctx by bev, fd's ownership is transfer to bev */
|
||||
_stream->defer_fd_upstream = 0;
|
||||
_stream->conn_upstream = __conn_private_create_by_bev(_stream, bev);
|
||||
_stream->ssl_upstream = upstream;
|
||||
|
||||
@@ -1024,10 +1024,9 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
|
||||
ssl_async_downstream_create(_stream->future_downstream_create, _stream->ssl_mgr,
|
||||
_stream->ssl_upstream, _stream->defer_fd_downstream, &_stream->head);
|
||||
}
|
||||
|
||||
future_destroy(_stream->future_upstream_create);
|
||||
_stream->future_upstream_create = NULL;
|
||||
_stream->defer_fd_upstream = 0;
|
||||
|
||||
}
|
||||
|
||||
void ssl_upstream_create_on_fail(enum e_future_error err, const char * what, void * user)
|
||||
@@ -1327,13 +1326,21 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
|
||||
if (_stream->session_type == STREAM_PROTO_PLAIN)
|
||||
{
|
||||
_stream->conn_downstream = __conn_private_create_by_fd(_stream, fd_downstream);
|
||||
_stream->conn_upstream = __conn_private_create_by_fd(_stream, fd_upstream);
|
||||
|
||||
/* Defer FD has been transfer to conn_downstream/conn_upstream */
|
||||
if (_stream->conn_downstream != NULL)
|
||||
{
|
||||
_stream->defer_fd_downstream = 0;
|
||||
_stream->defer_fd_upstream = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
|
||||
if (unlikely(_stream->conn_downstream == NULL || _stream->conn_upstream == NULL))
|
||||
_stream->conn_upstream = __conn_private_create_by_fd(_stream, fd_upstream);
|
||||
if (_stream->conn_upstream != NULL)
|
||||
{
|
||||
_stream->defer_fd_downstream = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
goto __errout;
|
||||
}
|
||||
@@ -1364,6 +1371,12 @@ int tfe_stream_init_by_fds(struct tfe_stream * stream, evutil_socket_t fd_downst
|
||||
return 0;
|
||||
|
||||
__errout:
|
||||
/* The fds not been accept by this function, clear up and release at caller */
|
||||
_stream->defer_fd_downstream = 0;
|
||||
_stream->defer_fd_upstream = 0;
|
||||
_stream->log_fd_downstream = 0;
|
||||
_stream->log_fd_upstream = 0;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
install(PROGRAMS user/r2_tfe DESTINATION ./ COMPONENT Program)
|
||||
install(PROGRAMS user/r3_tfe DESTINATION ./ COMPONENT Program)
|
||||
install(FILES sysctl/80-tfe.conf DESTINATION /etc/sysctl.d/ COMPONENT Program)
|
||||
install(FILES service/tfe.service DESTINATION /usr/lib/systemd/system/ COMPONENT Program)
|
||||
install(FILES service/tfe-env.service DESTINATION /usr/lib/systemd/system/ COMPONENT Program)
|
||||
install(FILES service/tfe-env-config DESTINATION /etc/sysconfig/ COMPONENT Profile)
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
[Unit]
|
||||
Description=Tango Frontend Engine - Running Environment Setup
|
||||
Before=tfe.service
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/sysconfig/tfe-env-config
|
||||
@@ -10,7 +12,7 @@ RemainAfterExit=yes
|
||||
ExecStart=/bin/true
|
||||
ExecStop=/bin/true
|
||||
|
||||
# dataincoming interface
|
||||
ExecStartPost=/usr/sbin/modprobe tfe-kmod
|
||||
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} address ${TFE_LOCAL_MAC_DATA_INCOMING}
|
||||
ExecStartPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} up
|
||||
ExecStartPost=/usr/sbin/ip addr flush dev ${TFE_DEVICE_DATA_INCOMING}
|
||||
@@ -41,6 +43,8 @@ ExecStopPost=/usr/sbin/ip -6 route del default via fd00::01
|
||||
ExecStopPost=/usr/sbin/ip -6 route del local default dev lo table 102
|
||||
ExecStopPost=/usr/sbin/ip addr del fd00::02/64 dev ${TFE_DEVICE_DATA_INCOMING}
|
||||
ExecStopPost=/usr/sbin/ip link set ${TFE_DEVICE_DATA_INCOMING} down
|
||||
ExecStopPost=/usr/sbin/modprobe -r tfe-kmod
|
||||
|
||||
[Install]
|
||||
RequiredBy=tfe.service
|
||||
WantedBy=multi-user.target
|
||||
|
||||
20
script/service/tfe.service
Normal file
20
script/service/tfe.service
Normal file
@@ -0,0 +1,20 @@
|
||||
[Unit]
|
||||
Description=Tango Frontend Engine
|
||||
Requires=tfe-env.service
|
||||
After=tfe-env.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/tsg/tfe/bin/tfe
|
||||
TimeoutSec=180s
|
||||
RestartSec=10s
|
||||
Restart=always
|
||||
LimitNOFILE=infinity
|
||||
LimitNPROC=infinity
|
||||
LimitCORE=infinity
|
||||
TasksMax=infinity
|
||||
Delegate=yes
|
||||
KillMode=process
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user