laanwj
commented at 3:46 pm on September 24, 2015:
member
Shutting down the HTTP server currently breaks off all current requests. This can create a race condition with RPC stop command, where the calling process never receives confirmation.
This change removes the listening sockets on shutdown so that no new requests can come in, but no longer breaks off requests in progress.
dcousens
commented at 6:49 am on September 25, 2015:
contributor
but no longer breaks off requests in progress.
Possible attack vector by denying the service the ability to shut down / restart by keeping a connection open?
laanwj
commented at 7:40 am on September 25, 2015:
member
After -rpcservertimeout current connections will get booted, unless there is activity. If they do any requests they get a server unavailable error. But yes, if your application software is truly malicious they could keep the server busy by sending e.g. one header at a time, every timeout-1 seconds.
Note that this solution is cleaner in any case, it doesn’t rule out queuing a event_base_loopbreak(eventBase);, say, 30 seconds in the future to force a shutdown.
jonasschnelli
commented at 9:17 am on September 25, 2015:
contributor
utACK.
I agree that the attack vectors are out of scope for this PR maybe for the whole http-json-rpc-daemon (it’s not hardened enough to expose to potential malicious environments).
dcousens
commented at 10:00 am on September 25, 2015:
contributor
utACK, just thought I’d mention it.
laanwj
commented at 12:00 pm on September 25, 2015:
member
@dcousens It’s great that you mentioned it. It reminded me of potential issue of this: what happens if a timer is stilll running, will it block the event queue exit until it triggers?
Will test this scenario by stopping with an unlocked wallet.
Pushed another related fix:
http: Wait for worker threads to exit
Add a WaitExit() call to http’s WorkQueue to make StopHTTPServer delete the work queue only when all worker threads stopped.
This fixes a problem that was reproducable by pressing Ctrl-C during AppInit2:
I was assuming that threadGroup->join_all(); would always have been called when entering the Shutdown(). However this is not the case in bitcoind’s AppInit2-non-zero-exit case “was left out intentionally here”.
(now that the http module takes care of waiting for its own worker threads, we could even make it stop using threadGroup completely, but I leave that for a future refactor)
laanwj force-pushed
on Sep 25, 2015
laanwj
commented at 1:39 pm on September 25, 2015:
member
Pushed another commit to force-exit the event loop after a predefined time after interruption. This addresses @dcousens ’s issue, as well as the case that other events are still lingering (such as a wallet unlock timer).
dcousens
commented at 2:19 pm on September 25, 2015:
contributor
theuni
commented at 9:35 pm on September 25, 2015:
member
Concept ACK, btw. Definitely an improvement.
Make HTTP server shutdown more graceful
Shutting down the HTTP server currently breaks off all current requests.
This can create a race condition with RPC `stop` command, where the calling
process never receives confirmation.
This change removes the listening sockets on shutdown so that no new
requests can come in, but no longer breaks off requests in progress.
Meant to fix #6717.
5e0c221356
http: Wait for worker threads to exit
Add a WaitExit() call to http's WorkQueue to make it delete the work
queue only when all worker threads stopped.
This fixes a problem that was reproducable by pressing Ctrl-C during
AppInit2:
```
/usr/include/boost/thread/pthread/condition_variable_fwd.hpp:81: boost::condition_variable::~condition_variable(): Assertion `!ret' failed.
/usr/include/boost/thread/pthread/mutex.hpp:108: boost::mutex::~mutex(): Assertion `!posix::pthread_mutex_destroy(&m)' failed.
```
I was assuming that `threadGroup->join_all();` would always have been
called when entering the Shutdown(). However this is not the case in
bitcoind's AppInit2-non-zero-exit case "was left out intentionally
here".
de9de2de36
http: Force-exit event loop after predefined time
This makes sure that the event loop eventually terminates, even if an
event (like an open timeout, or a hanging connection) happens to be
holding it up.
ec908d5f7a
laanwj force-pushed
on Sep 28, 2015
laanwj
commented at 1:09 pm on September 28, 2015:
member
Processed @theuni ’s comments. WIll merge as soon as Travis passes.
theuni
commented at 1:35 pm on September 28, 2015:
member
Thanks. ut ACK.
laanwj merged this
on Sep 28, 2015
laanwj closed this
on Sep 28, 2015
laanwj referenced this in commit
1a9f19a78d
on Sep 28, 2015
laanwj referenced this in commit
856be4fe46
on Nov 11, 2015
laanwj referenced this in commit
1ec9198c68
on Nov 13, 2015
laanwj referenced this in commit
febcc13b18
on Nov 13, 2015
laanwj referenced this in commit
a264c32e33
on Nov 13, 2015
zkbot referenced this in commit
fb2f98e00b
on Oct 23, 2017
sickpig referenced this in commit
46b5b86be5
on Mar 9, 2018
sickpig referenced this in commit
dadc2880a1
on Mar 9, 2018
sickpig referenced this in commit
6d4a55878a
on Mar 12, 2018
sickpig referenced this in commit
6db640a393
on Mar 12, 2018
sickpig referenced this in commit
76cf243311
on Mar 12, 2018
sickpig referenced this in commit
4428056252
on Mar 12, 2018
marlengit referenced this in commit
297ac08c3a
on Sep 25, 2018
This is a metadata mirror of the GitHub repository
bitcoin/bitcoin.
This site is not affiliated with GitHub.
Content is generated from a GitHub metadata backup.
generated: 2024-12-23 00:13 UTC
This site is hosted by @0xB10C More mirrored repositories can be found on mirror.b10c.me