Mercurial > hg > nginx
comparison src/os/unix/ngx_process_cycle.c @ 8106:8852f39311de
Fixed segfault when switching off master process during upgrade.
Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".
If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set. But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete. As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.
Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.
With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 23 Nov 2022 23:48:53 +0300 |
| parents | b809f53d3f5b |
| children | 791ead216b03 |
comparison
equal
deleted
inserted
replaced
| 8105:09463dd9c504 | 8106:8852f39311de |
|---|---|
| 757 ngx_time_t *tp; | 757 ngx_time_t *tp; |
| 758 ngx_uint_t i; | 758 ngx_uint_t i; |
| 759 ngx_cpuset_t *cpu_affinity; | 759 ngx_cpuset_t *cpu_affinity; |
| 760 struct rlimit rlmt; | 760 struct rlimit rlmt; |
| 761 ngx_core_conf_t *ccf; | 761 ngx_core_conf_t *ccf; |
| 762 ngx_listening_t *ls; | |
| 763 | 762 |
| 764 if (ngx_set_environment(cycle, NULL) == NULL) { | 763 if (ngx_set_environment(cycle, NULL) == NULL) { |
| 765 /* fatal */ | 764 /* fatal */ |
| 766 exit(2); | 765 exit(2); |
| 767 } | 766 } |
| 886 "sigprocmask() failed"); | 885 "sigprocmask() failed"); |
| 887 } | 886 } |
| 888 | 887 |
| 889 tp = ngx_timeofday(); | 888 tp = ngx_timeofday(); |
| 890 srandom(((unsigned) ngx_pid << 16) ^ tp->sec ^ tp->msec); | 889 srandom(((unsigned) ngx_pid << 16) ^ tp->sec ^ tp->msec); |
| 891 | |
| 892 /* | |
| 893 * disable deleting previous events for the listening sockets because | |
| 894 * in the worker processes there are no events at all at this point | |
| 895 */ | |
| 896 ls = cycle->listening.elts; | |
| 897 for (i = 0; i < cycle->listening.nelts; i++) { | |
| 898 ls[i].previous = NULL; | |
| 899 } | |
| 900 | 890 |
| 901 for (i = 0; cycle->modules[i]; i++) { | 891 for (i = 0; cycle->modules[i]; i++) { |
| 902 if (cycle->modules[i]->init_process) { | 892 if (cycle->modules[i]->init_process) { |
| 903 if (cycle->modules[i]->init_process(cycle) == NGX_ERROR) { | 893 if (cycle->modules[i]->init_process(cycle) == NGX_ERROR) { |
| 904 /* fatal */ | 894 /* fatal */ |