commit 08d4e8045502c5c32796c62c6bb2574853a87e12
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Tue Apr 9 20:09:30 2024 +0200
hash: Close an expiry loophole
The opposite of 'EXP_Ttl(req, oc) > req->t_req' should not have been
'EXP_Ttl(NULL, oc) < req->t_req'. If we somehow enter the lookup when
the two operands are equal, the objcore suffers a phenomenon known as
Schrödinger's expiry.
The chances of running into this scenario range from epsilon to 100%.
Because 't_req' is stable across restarts, a soft purge will reliably
trigger this case.
Test case by Alve Elde who first demonstrated the problem.
diff --git a/bin/varnishd/cache/cache_hash.c b/bin/varnishd/cache/cache_hash.c
index 32f9340c7..54bea6192 100644
--- a/bin/varnishd/cache/cache_hash.c
+++ b/bin/varnishd/cache/cache_hash.c
@@ -485,7 +485,7 @@ HSH_Lookup(struct req *req, struct objcore **ocp, struct objcore **bocp)
break;
}
- if (EXP_Ttl(NULL, oc) < req->t_req && /* ignore req.ttl */
+ if (EXP_Ttl(NULL, oc) <= req->t_req && /* ignore req.ttl */
oc->t_origin > exp_t_origin) {
/* record the newest object */
exp_oc = oc;
diff --git a/bin/varnishtest/tests/c00132.vtc b/bin/varnishtest/tests/c00132.vtc
new file mode 100644
index 000000000..82df14512
--- /dev/null
+++ b/bin/varnishtest/tests/c00132.vtc
@@ -0,0 +1,39 @@
+varnishtest "304 revalidations with purge.soft()"
+
+server s1 {
+ rxreq
+ txresp -hdr "etag: foo" -body "foo"
+
+ rxreq
+ expect req.http.If-None-Match == "foo"
+ txresp -status 304 -hdr "etag: foo"
+} -start
+
+varnish v1 -vcl+backend {
+ import purge;
+
+ sub vcl_hit {
+ if (req.restarts == 0) {
+ purge.soft();
+ return (restart);
+ }
+ }
+
+ sub vcl_backend_response {
+ set beresp.ttl = 1d;
+ set beresp.grace = 1d;
+ set beresp.keep = 1d;
+ }
+} -start
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 200
+ expect resp.body == "foo"
+
+ txreq
+ rxresp
+ expect resp.status == 200
+ expect resp.body == "foo"
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Tue Apr 9 20:09:30 2024 +0200
hash: Close an expiry loophole
The opposite of 'EXP_Ttl(req, oc) > req->t_req' should not have been
'EXP_Ttl(NULL, oc) < req->t_req'. If we somehow enter the lookup when
the two operands are equal, the objcore suffers a phenomenon known as
Schrödinger's expiry.
The chances of running into this scenario range from epsilon to 100%.
Because 't_req' is stable across restarts, a soft purge will reliably
trigger this case.
Test case by Alve Elde who first demonstrated the problem.
diff --git a/bin/varnishd/cache/cache_hash.c b/bin/varnishd/cache/cache_hash.c
index 32f9340c7..54bea6192 100644
--- a/bin/varnishd/cache/cache_hash.c
+++ b/bin/varnishd/cache/cache_hash.c
@@ -485,7 +485,7 @@ HSH_Lookup(struct req *req, struct objcore **ocp, struct objcore **bocp)
break;
}
- if (EXP_Ttl(NULL, oc) < req->t_req && /* ignore req.ttl */
+ if (EXP_Ttl(NULL, oc) <= req->t_req && /* ignore req.ttl */
oc->t_origin > exp_t_origin) {
/* record the newest object */
exp_oc = oc;
diff --git a/bin/varnishtest/tests/c00132.vtc b/bin/varnishtest/tests/c00132.vtc
new file mode 100644
index 000000000..82df14512
--- /dev/null
+++ b/bin/varnishtest/tests/c00132.vtc
@@ -0,0 +1,39 @@
+varnishtest "304 revalidations with purge.soft()"
+
+server s1 {
+ rxreq
+ txresp -hdr "etag: foo" -body "foo"
+
+ rxreq
+ expect req.http.If-None-Match == "foo"
+ txresp -status 304 -hdr "etag: foo"
+} -start
+
+varnish v1 -vcl+backend {
+ import purge;
+
+ sub vcl_hit {
+ if (req.restarts == 0) {
+ purge.soft();
+ return (restart);
+ }
+ }
+
+ sub vcl_backend_response {
+ set beresp.ttl = 1d;
+ set beresp.grace = 1d;
+ set beresp.keep = 1d;
+ }
+} -start
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 200
+ expect resp.body == "foo"
+
+ txreq
+ rxresp
+ expect resp.status == 200
+ expect resp.body == "foo"
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit