From: Eric Covener <covener@apache.org>
Date: Fri, 14 Nov 2014 12:04:46 +0000 (+0000)
Subject: don't call notify_suspend() in a worker thread after
X-Git-Tag: 2.5.0-alpha~3713
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b38d5d59790a4403924add437a651e6f4a377693;p=apache

don't call notify_suspend() in a worker thread after
start_lingering_close_common may have put the socket back
into the pollset.

If it becomes readable too quickly, cs can be
free'ed or accessed concurrently.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1639614 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
index 436cf56eb6..d3607563dd 100644
--- a/server/mpm/event/event.c
+++ b/server/mpm/event/event.c
@@ -811,7 +811,19 @@ static void set_signals(void)
 #endif
 }
 
-static int start_lingering_close_common(event_conn_state_t *cs)
+static void notify_suspend(event_conn_state_t *cs)
+{
+    ap_run_suspend_connection(cs->c, cs->r);
+    cs->suspended = 1;
+}
+
+static void notify_resume(event_conn_state_t *cs)
+{
+    cs->suspended = 0;
+    ap_run_resume_connection(cs->c, cs->r);
+}
+
+static int start_lingering_close_common(event_conn_state_t *cs, int in_worker)
 {
     apr_status_t rv;
     struct timeout_queue *q;
@@ -849,6 +861,9 @@ static int start_lingering_close_common(event_conn_state_t *cs)
             cs->pub.sense == CONN_SENSE_WANT_WRITE ? APR_POLLOUT :
                     APR_POLLIN) | APR_POLLHUP | APR_POLLERR;
     cs->pub.sense = CONN_SENSE_DEFAULT;
+    if (in_worker) { 
+        notify_suspend(cs);
+    }
     rv = apr_pollset_add(event_pollset, &cs->pfd);
     apr_thread_mutex_unlock(timeout_mutex);
     if (rv != APR_SUCCESS && !APR_STATUS_IS_EEXIST(rv)) {
@@ -882,7 +897,7 @@ static int start_lingering_close_blocking(event_conn_state_t *cs)
         ap_push_pool(worker_queue_info, p);
         return 0;
     }
-    return start_lingering_close_common(cs);
+    return start_lingering_close_common(cs, 1);
 }
 
 /*
@@ -908,7 +923,7 @@ static int start_lingering_close_nonblocking(event_conn_state_t *cs)
         ap_push_pool(worker_queue_info, cs->p);
         return 0;
     }
-    return start_lingering_close_common(cs);
+    return start_lingering_close_common(cs, 0);
 }
 
 /*
@@ -934,18 +949,6 @@ static int stop_lingering_close(event_conn_state_t *cs)
     return 0;
 }
 
-static void notify_suspend(event_conn_state_t *cs)
-{
-    ap_run_suspend_connection(cs->c, cs->r);
-    cs->suspended = 1;
-}
-
-static void notify_resume(event_conn_state_t *cs)
-{
-    cs->suspended = 0;
-    ap_run_resume_connection(cs->c, cs->r);
-}
-
 /*
  * This runs before any non-MPM cleanup code on the connection;
  * if the connection is currently suspended as far as modules
@@ -1138,7 +1141,6 @@ read_request:
 
     if (cs->pub.state == CONN_STATE_LINGER) {
         start_lingering_close_blocking(cs);
-        notify_suspend(cs);
     }
     else if (cs->pub.state == CONN_STATE_CHECK_REQUEST_LINE_READABLE) {
         /* It greatly simplifies the logic to use a single timeout value here