Cyril is correct - I simply waited for a segfault, but didn't actually test through the load balancer. I'm using SSL on haproxy, and yes, when I try to hit a web page behind haproxy, CPU spins at 100% for a good while.
Steve Ruiz Manager - Hosting Operations Mirth [email protected] <[email protected]> On Thu, Jan 16, 2014 at 1:48 PM, Cyril Bonté <[email protected]> wrote: > Hi Willy, > > Le 15/01/2014 01:08, Willy Tarreau a écrit : > > On Tue, Jan 14, 2014 at 12:25:37PM -0800, Steve Ruiz wrote: >> >>> Patched and confirmed in our environment that this is now working / seems >>> to have fixed the issue. Thanks! >>> >> >> Great, many thanks to you both guys. We've got rid of another pretty >> old bug, these are the ones that make me the happiest once fixed! >> >> I'm currently unpacking my laptop to push the fix so that it appears >> in todays snapshot. >> >> Excellent work! >> > > I fear there are some more work to do on this patch. > I made some tests on ssl and it looks to be broken since this commit :-( > > The shortest configuration I could find to reproduce the issue is : > listen test > bind 0.0.0.0:443 ssl crt cert.pem > mode http > timeout server 5s > timeout client 5s > > When a request is received by haproxy, the cpu raises to 100% in a > epoll_wait loop (timeouts are here to prevent an unlimited loop). > > $ curl -k https://localhost/ > ... > epoll_wait(3, {{EPOLLIN, {u32=5, u64=5}}}, 200, 0) = 1 > epoll_wait(3, {{EPOLLIN, {u32=5, u64=5}}}, 200, 0) = 1 > epoll_wait(3, {{EPOLLIN, {u32=5, u64=5}}}, 200, 0) = 1 > epoll_wait(3, {{EPOLLIN, {u32=5, u64=5}}}, 200, 0) = 1 > epoll_wait(3, {{EPOLLIN, {u32=5, u64=5}}}, 200, 0) = 1 > ... > The same issue occurs when a server is declared. > > The same also occurs when the proxy is in clear http and a server is in > https : > listen test > bind 0.0.0.0:80 > mode http > timeout server 5s > timeout client 5s > server ssl_backend 127.0.0.1:443 ssl > > $ curl http://localhost/ > ... > epoll_wait(3, {}, 200, 0) = 0 > epoll_wait(3, {}, 200, 0) = 0 > epoll_wait(3, {}, 200, 0) = 0 > epoll_wait(3, {}, 200, 0) = 0 > epoll_wait(3, {}, 200, 0) = 0 > ... > > > -- > Cyril Bonté > -- CONFIDENTIALITY NOTICE: The information contained in this electronic transmission may be confidential. If you are not an intended recipient, be aware that any disclosure, copying, distribution or use of the information contained in this transmission is prohibited and may be unlawful. If you have received this transmission in error, please notify us by email reply and then erase it from your computer system.
