serve: Add a killswitch that causes the server to uncleanly exit on hang
We define a hang as 120 seconds for now; that should be OK (famous last words). When I say unclean, I mean it; the control socket is left hanging around too. This is a workaround for the fact that the client can hang the whole server by sending a write request header specifying > 0 bytes, then uncleanly going away. On the server side, we acquire the IO mutex, and then try to read > 0 bytes from the socket; the data never arrives, and when the client reconnects, its requests never get a response (since we're waiting on that mutex). Getting rid of that mutex (which isn't actually needed, except for migration) would be better.
This commit is contained in:
nick
25
src/client.h
25
src/client.h
@@ -1,6 +1,9 @@
|
||||
#ifndef CLIENT_H
|
||||
#define CLIENT_H
|
||||
|
||||
#include <signal.h>
|
||||
#include <time.h>
|
||||
|
||||
/** CLIENT_MAX_WAIT_SECS
|
||||
* This is the length of time an inbound migration will wait for a fresh
|
||||
* write before assuming the source has Gone Away. Note: it is *not*
|
||||
@@ -9,6 +12,19 @@
|
||||
*/
|
||||
#define CLIENT_MAX_WAIT_SECS 5
|
||||
|
||||
/** CLIENT_HANDLER_TIMEOUT
|
||||
* This is the length of time (in seconds) any request can be outstanding for.
|
||||
* If we spend longer than this in a request, the whole server is killed.
|
||||
*/
|
||||
#define CLIENT_HANDLER_TIMEOUT 120
|
||||
|
||||
/** CLIENT_KILLSWITCH_SIGNAL
|
||||
* The signal number we use to kill the server when *any* killswitch timer
|
||||
* fires. We don't actually need to install a signal handler for it, the default
|
||||
* behaviour is perfectly fine.
|
||||
*/
|
||||
#define CLIENT_KILLSWITCH_SIGNAL ( SIGRTMIN + 1 )
|
||||
|
||||
|
||||
struct client {
|
||||
/* When we call pthread_join, if the thread is already dead
|
||||
@@ -20,16 +36,20 @@ struct client {
|
||||
*/
|
||||
int stopped;
|
||||
int socket;
|
||||
|
||||
|
||||
int fileno;
|
||||
char* mapped;
|
||||
|
||||
struct self_pipe * stop_signal;
|
||||
|
||||
|
||||
struct server* serve; /* FIXME: remove above duplication */
|
||||
|
||||
/* Have we seen a REQUEST_DISCONNECT message? */
|
||||
int disconnect;
|
||||
|
||||
/* kill the whole server if a request has been outstanding too long */
|
||||
timer_t killswitch;
|
||||
|
||||
};
|
||||
|
||||
|
||||
@@ -39,3 +59,4 @@ void client_destroy( struct client * client );
|
||||
void client_signal_stop( struct client * client );
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
Reference in New Issue
Block a user