Mercurial > hg > nginx

view src/event/ngx_event_timer.c @ 5418:6961d52ebc49 stable-1.4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Core: fix misallocation at ngx_crypt_apr1 (ticket #412). Found by using auth_basic.t from mdounin nginx-tests under valgrind. ==10470== Invalid write of size 1 ==10470== at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168) ==10470== by 0x43648E: ngx_crypt (ngx_crypt.c:153) ==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297) ==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240) ==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121) ==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895) ==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878) ==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852) ==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283) ==10470== by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964) ==10470== by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486) ==10470== by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691) ==10470== Address 0x5866fab is 0 bytes after a block of size 27 alloc'd ==10470== at 0x4A074CD: malloc (vg_replace_malloc.c:236) ==10470== by 0x43B251: ngx_alloc (ngx_alloc.c:22) ==10470== by 0x421B0D: ngx_malloc (ngx_palloc.c:119) ==10470== by 0x421B65: ngx_pnalloc (ngx_palloc.c:147) ==10470== by 0x436368: ngx_crypt (ngx_crypt.c:140) ==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297) ==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240) ==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121) ==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895) ==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878) ==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852) ==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283) ==10470==
author Markus Linnala <Markus.Linnala@cybercom.com>
date Fri, 20 Sep 2013 17:57:21 +0300
parents 876e6b0814a5
children 3377f9459e99
line wrap: on
line source


/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) Nginx, Inc.
 */


#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_event.h>


#if (NGX_THREADS)
ngx_mutex_t  *ngx_event_timer_mutex;
#endif


ngx_thread_volatile ngx_rbtree_t  ngx_event_timer_rbtree;
static ngx_rbtree_node_t          ngx_event_timer_sentinel;

/*
 * the event timer rbtree may contain the duplicate keys, however,
 * it should not be a problem, because we use the rbtree to find
 * a minimum timer value only
 */

ngx_int_t
ngx_event_timer_init(ngx_log_t *log)
{
    ngx_rbtree_init(&ngx_event_timer_rbtree, &ngx_event_timer_sentinel,
                    ngx_rbtree_insert_timer_value);

#if (NGX_THREADS)

    if (ngx_event_timer_mutex) {
        ngx_event_timer_mutex->log = log;
        return NGX_OK;
    }

    ngx_event_timer_mutex = ngx_mutex_init(log, 0);
    if (ngx_event_timer_mutex == NULL) {
        return NGX_ERROR;
    }

#endif

    return NGX_OK;
}


ngx_msec_t
ngx_event_find_timer(void)
{
    ngx_msec_int_t      timer;
    ngx_rbtree_node_t  *node, *root, *sentinel;

    if (ngx_event_timer_rbtree.root == &ngx_event_timer_sentinel) {
        return NGX_TIMER_INFINITE;
    }

    ngx_mutex_lock(ngx_event_timer_mutex);

    root = ngx_event_timer_rbtree.root;
    sentinel = ngx_event_timer_rbtree.sentinel;

    node = ngx_rbtree_min(root, sentinel);

    ngx_mutex_unlock(ngx_event_timer_mutex);

    timer = (ngx_msec_int_t) (node->key - ngx_current_msec);

    return (ngx_msec_t) (timer > 0 ? timer : 0);
}


void
ngx_event_expire_timers(void)
{
    ngx_event_t        *ev;
    ngx_rbtree_node_t  *node, *root, *sentinel;

    sentinel = ngx_event_timer_rbtree.sentinel;

    for ( ;; ) {

        ngx_mutex_lock(ngx_event_timer_mutex);

        root = ngx_event_timer_rbtree.root;

        if (root == sentinel) {
            return;
        }

        node = ngx_rbtree_min(root, sentinel);

        /* node->key <= ngx_current_time */

        if ((ngx_msec_int_t) (node->key - ngx_current_msec) <= 0) {
            ev = (ngx_event_t *) ((char *) node - offsetof(ngx_event_t, timer));

#if (NGX_THREADS)

            if (ngx_threaded && ngx_trylock(ev->lock) == 0) {

                /*
                 * We cannot change the timer of the event that is being
                 * handled by another thread.  And we cannot easy walk
                 * the rbtree to find next expired timer so we exit the loop.
                 * However, it should be a rare case when the event that is
                 * being handled has an expired timer.
                 */

                ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0,
                               "event %p is busy in expire timers", ev);
                break;
            }
#endif

            ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0,
                           "event timer del: %d: %M",
                           ngx_event_ident(ev->data), ev->timer.key);

            ngx_rbtree_delete(&ngx_event_timer_rbtree, &ev->timer);

            ngx_mutex_unlock(ngx_event_timer_mutex);

#if (NGX_DEBUG)
            ev->timer.left = NULL;
            ev->timer.right = NULL;
            ev->timer.parent = NULL;
#endif

            ev->timer_set = 0;

#if (NGX_THREADS)
            if (ngx_threaded) {
                ev->posted_timedout = 1;

                ngx_post_event(ev, &ngx_posted_events);

                ngx_unlock(ev->lock);

                continue;
            }
#endif

            ev->timedout = 1;

            ev->handler(ev);

            continue;
        }

        break;
    }

    ngx_mutex_unlock(ngx_event_timer_mutex);
}