[Varnish] #1055: Long values of shm_reclen is unsafe
Varnish
varnish-bugs at varnish-cache.org
Wed Nov 9 12:58:04 CET 2011
#1055: Long values of shm_reclen is unsafe
----------------------+-----------------------------------------------------
Reporter: kristian | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
Setting and using long values of shm_reclen causes problems as we run into
other limits which are not dealt with properly, most notably the worker
workspace.
See:
{{{
varnishtest "Long shm_reclen"
server s1 {
rxreq
txresp
} -start
varnish v1 -vcl+backend {
import std;
sub vcl_recv {
std.log("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
}
} -start -cliok "param.set shm_reclen 65535"
client c1 {
txreq
rxresp
} -run
}}}
Output:
{{{
kristian at freud:~$ varnishtest overload.vtc
# top TEST overload.vtc passed (0.480)
kristian at freud:~$ varnishtest overload.vtc
**** top 0.0 macro def varnishd=varnishd
**** top 0.0 macro def pwd=/home/kristian
**** top 0.0 macro def topbuild=/home/kristian/../..
**** top 0.0 macro def bad_ip=10.255.255.255
**** top 0.0 macro def tmpdir=/tmp/vtc.23549.1ee7ed79
* top 0.0 TEST overload.vtc starting
*** top 0.0 varnishtest
* top 0.0 TEST Long shm_reclen
*** top 0.0 server
** s1 0.0 Starting server
**** s1 0.0 macro def s1_addr=127.0.0.1
**** s1 0.0 macro def s1_port=60755
**** s1 0.0 macro def s1_sock=127.0.0.1 60755
* s1 0.0 Listen on 127.0.0.1 60755
*** top 0.0 varnish
** s1 0.0 Started on 127.0.0.1 60755
** v1 0.0 Launch
*** v1 0.0 CMD: cd ${pwd} && ${varnishd} -d -d -n
/tmp/vtc.23549.1ee7ed79/v1 -l 10m,1m,- -p auto_restart=off -p
syslog_cli_traffic=off -a '127.0.0.1:0' -S /tmp/vtc.23549.1ee7ed79/v1/_S
-M '127.0.0.1 47106' -P /tmp/vtc.23549.1ee7ed79/v1/varnishd.pid
-sfile,/tmp/vtc.23549.1ee7ed79/v1,10M
*** v1 0.0 CMD: cd /home/kristian && varnishd -d -d -n
/tmp/vtc.23549.1ee7ed79/v1 -l 10m,1m,- -p auto_restart=off -p
syslog_cli_traffic=off -a '127.0.0.1:0' -S /tmp/vtc.23549.1ee7ed79/v1/_S
-M '127.0.0.1 47106' -P /tmp/vtc.23549.1ee7ed79/v1/varnishd.pid
-sfile,/tmp/vtc.23549.1ee7ed79/v1,10M
*** v1 0.0 PID: 23555
*** v1 0.0 debug| Platform: Linux,2.6.38-12-generic-
pae,i686,-sfile,-smalloc,-hcritbit\n
*** v1 0.0 debug| 200 245 \n
*** v1 0.0 debug| -----------------------------\n
*** v1 0.0 debug| Varnish Cache CLI 1.0\n
*** v1 0.0 debug| -----------------------------\n
*** v1 0.0 debug| Linux,2.6.38-12-generic-
pae,i686,-sfile,-smalloc,-hcritbit\n
*** v1 0.0 debug| \n
*** v1 0.0 debug| Type 'help' for command list.\n
*** v1 0.0 debug| Type 'quit' to close CLI session.\n
*** v1 0.0 debug| Type 'start' to launch worker process.\n
*** v1 0.0 debug| \n
**** v1 0.1 CLIPOLL 1 0x1 0x0
*** v1 0.1 CLI connection fd = 9
*** v1 0.1 CLI RX 107
**** v1 0.1 CLI RX| durjbesuecbyckgwozrzhzytnfqyucly\n
**** v1 0.1 CLI RX| \n
**** v1 0.1 CLI RX| Authentication required.\n
**** v1 0.1 CLI TX| auth
2c03d88f4efe5c174cd115f35d4aa8e311707ce289d00a2f5a532007214ac023\n
*** v1 0.1 CLI RX 200
**** v1 0.1 CLI RX| -----------------------------\n
**** v1 0.1 CLI RX| Varnish Cache CLI 1.0\n
**** v1 0.1 CLI RX| -----------------------------\n
**** v1 0.1 CLI RX| Linux,2.6.38-12-generic-
pae,i686,-sfile,-smalloc,-hcritbit\n
**** v1 0.1 CLI RX| \n
**** v1 0.1 CLI RX| Type 'help' for command list.\n
**** v1 0.1 CLI RX| Type 'quit' to close CLI session.\n
**** v1 0.1 CLI RX| Type 'start' to launch worker process.\n
**** v1 0.1 CLI TX| vcl.inline vcl1 << %XJEIFLH|)Xspa8P\n
**** v1 0.1 CLI TX| backend s1 { .host = "127.0.0.1"; .port = "60755";
}\n
**** v1 0.1 CLI TX| \n
**** v1 0.1 CLI TX| \n
**** v1 0.1 CLI TX| \timport std;\n
**** v1 0.1 CLI TX| \n
**** v1 0.1 CLI TX| \tsub vcl_recv {\n
**** v1 0.1 CLI TX|
\t\tstd.log("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...
*** v1 0.2 CLI RX 200
**** v1 0.2 CLI RX| VCL compiled.
**** v1 0.2 CLI TX| vcl.use vcl1
*** v1 0.2 CLI RX 200
** v1 0.2 Start
**** v1 0.2 CLI TX| start
*** v1 0.3 debug| child (23568) Started\n
**** v1 0.3 vsl| 0 WorkThread - 0xb50d200c start
**** v1 0.3 vsl| 0 CLI - Rd vcl.load "vcl1"
./vcl.5W0vwA9C.so
**** v1 0.3 vsl| 0 CLI - Wr 200 36 Loaded
"./vcl.5W0vwA9C.so" as "vcl1"
**** v1 0.3 vsl| 0 CLI - Rd vcl.use "vcl1"
**** v1 0.3 vsl| 0 CLI - Wr 200 0
**** v1 0.3 vsl| 0 CLI - Rd start
**** v1 0.3 vsl| 0 Debug - Acceptor is epoll
**** v1 0.3 vsl| 0 CLI - Wr 200 0
*** v1 0.3 CLI RX 200
**** v1 0.3 CLI TX| debug.xid 1000
*** v1 0.3 debug| Child (23568) said Not running as root, no priv-
sep\n
*** v1 0.3 debug| Child (23568) said Child starts\n
*** v1 0.3 debug| Child (23568) said SMF.s0 mmap'ed 10485760 bytes of
10485760\n
**** v1 0.3 vsl| 0 WorkThread - 0xb73ff00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb50c100c start
**** v1 0.3 vsl| 0 WorkThread - 0xb50b000c start
**** v1 0.3 vsl| 0 WorkThread - 0xb509f00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb508e00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb507d00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb506c00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb505b00c start
**** v1 0.3 vsl| 0 WorkThread - 0xb504a00c start
*** v1 0.3 CLI RX 200
**** v1 0.3 CLI RX| XID is 1000
**** v1 0.3 CLI TX| debug.listen_address
**** v1 0.3 vsl| 0 CLI - Rd debug.xid 1000
**** v1 0.3 vsl| 0 CLI - Wr 200 11 XID is 1000
*** v1 0.3 CLI RX 200
**** v1 0.3 CLI RX| 127.0.0.1 45836\n
** v1 0.3 Listen on 127.0.0.1 45836
**** v1 0.3 macro def v1_addr=127.0.0.1
**** v1 0.3 macro def v1_port=45836
**** v1 0.3 macro def v1_sock=127.0.0.1 45836
**** v1 0.3 CLI TX| param.set shm_reclen 65535
**** v1 0.4 vsl| 0 CLI - Rd debug.listen_address
**** v1 0.4 vsl| 0 CLI - Wr 200 16 127.0.0.1 45836
*** v1 0.4 CLI RX 200
** v1 0.4 CLI 200 <param.set shm_reclen 65535>
*** top 0.4 client
** c1 0.4 Starting client
** c1 0.4 Waiting for client
*** c1 0.4 Connect to 127.0.0.1 45836
*** c1 0.4 connected fd 10 from 127.0.0.1 36171 to 127.0.0.1 45836
*** c1 0.4 txreq
**** c1 0.4 txreq| GET / HTTP/1.1\r\n
**** c1 0.4 txreq| \r\n
*** c1 0.4 rxresp
---- c1 0.4 HTTP rx failed (fd:10 read: Connection reset by peer)
*** v1 0.4 debug| Child (23568) died signal=11\n
*** v1 0.4 debug| Child cleanup complete\n
* top 0.4 RESETTING after overload.vtc
** s1 0.4 Waiting for server
**** s1 0.4 macro undef s1_addr
**** s1 0.4 macro undef s1_port
**** s1 0.4 macro undef s1_sock
** v1 1.4 Wait
** v1 1.4 R 23555 Status: 0000
* top 1.4 TEST overload.vtc FAILED
# top TEST overload.vtc FAILED (1.423) exit=1
}}}
Note particularly that this did NOT segfault consistently.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1055>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list