On 5/7/19 1:24 PM, Marcin Deranek wrote: > Hi Emeric, > > On 5/7/19 11:44 AM, Emeric Brun wrote: >> Hi Marcin,>>>>>> As I use HAProxy 1.8 I had to adjust the patch (see >> attachment for end result). Unfortunately after applying the patch there is >> no change in behavior: we still leak /dev/usdm_drv descriptors and have >> "stuck" HAProxy instances after reload.. >>>>> Regards, >>>> >>>> >> >> Could you perform a test recompiling the usdm_drv and the engine with this >> patch, it applies on QAT 1.7 but I've no hardware to test this version here. >> >> It should fix the fd leak. > > It did fix fd leak: > > # ls -al /proc/2565/fd|fgrep dev > lr-x------ 1 root root 64 May 7 13:15 0 -> /dev/null > lrwx------ 1 root root 64 May 7 13:15 7 -> /dev/usdm_drv > > # systemctl reload haproxy.service > # ls -al /proc/2565/fd|fgrep dev > lr-x------ 1 root root 64 May 7 13:15 0 -> /dev/null > lrwx------ 1 root root 64 May 7 13:15 8 -> /dev/usdm_drv > > # systemctl reload haproxy.service > # ls -al /proc/2565/fd|fgrep dev > lr-x------ 1 root root 64 May 7 13:15 0 -> /dev/null > lrwx------ 1 root root 64 May 7 13:15 9 -> /dev/usdm_drv > > But there are still stuck processes :-( This is with both patches included: > for QAT and HAProxy. > Regards, > > Marcin Deranek
Thank you Marcin! Anyway it's was also a bug. Could you process a 'show fds' command on a stucked process adding the patch in attachement. R, Emeric
>From d0e095c2aa54f020de8fc50db867eff1ef73350e Mon Sep 17 00:00:00 2001 From: Emeric Brun <[email protected]> Date: Fri, 19 Apr 2019 17:15:28 +0200 Subject: [PATCH] MINOR: ssl/cli: async fd io-handlers printable on show fd This patch exports the async fd iohandlers and make them printable doing a 'show fd' on cli. --- include/proto/ssl_sock.h | 4 ++++ src/cli.c | 9 +++++++++ src/ssl_sock.c | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h index 62ebcb87..ce52fb74 100644 --- a/include/proto/ssl_sock.h +++ b/include/proto/ssl_sock.h @@ -85,6 +85,10 @@ SSL_CTX *ssl_sock_get_generated_cert(unsigned int key, struct bind_conf *bind_co int ssl_sock_set_generated_cert(SSL_CTX *ctx, unsigned int key, struct bind_conf *bind_conf); unsigned int ssl_sock_generated_cert_key(const void *data, size_t len); +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) +void ssl_async_fd_handler(int fd); +void ssl_async_fd_free(int fd); +#endif /* ssl shctx macro */ diff --git a/src/cli.c b/src/cli.c index 568ceba2..843c3d04 100644 --- a/src/cli.c +++ b/src/cli.c @@ -69,6 +69,9 @@ #include <proto/stream_interface.h> #include <proto/task.h> #include <proto/proto_udp.h> +#ifdef USE_OPENSSL +#include <proto/ssl_sock.h> +#endif #define PAYLOAD_PATTERN "<<" @@ -998,6 +1001,12 @@ static int cli_io_handler_show_fd(struct appctx *appctx) (fdt.iocb == listener_accept) ? "listener_accept" : (fdt.iocb == poller_pipe_io_handler) ? "poller_pipe_io_handler" : (fdt.iocb == mworker_accept_wrapper) ? "mworker_accept_wrapper" : +#ifdef USE_OPENSSL +#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) + (fdt.iocb == ssl_async_fd_free) ? "ssl_async_fd_free" : + (fdt.iocb == ssl_async_fd_handler) ? "ssl_async_fd_handler" : +#endif +#endif "unknown"); if (fdt.iocb == conn_fd_handler) { diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 112520c8..58ae8a26 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -573,7 +573,7 @@ fail_get: /* * openssl async fd handler */ -static void ssl_async_fd_handler(int fd) +void ssl_async_fd_handler(int fd) { struct connection *conn = fdtab[fd].owner; @@ -594,7 +594,7 @@ static void ssl_async_fd_handler(int fd) /* * openssl async delayed SSL_free handler */ -static void ssl_async_fd_free(int fd) +void ssl_async_fd_free(int fd) { SSL *ssl = fdtab[fd].owner; OSSL_ASYNC_FD all_fd[32]; -- 2.17.1
