Merge of r5082: SSL: retry "sess_id" and "id" allocations.

SSL: retry "sess_id" and "id" allocations. In case of fully populated SSL session cache with no memory left for new allocations, ngx_ssl_new_session() will try to expire the oldest non-expired session and retry, but only in case when slab allocation fails for "cached_sess", not when slab allocation fails for either "sess_id" or "id", which can happen for number of reasons and results in new session not being cached. Patch fixes this by adding retry logic to "sess_id" & "id" allocations. Patch by Piotr Sikora.
2013-03-29 17:17:45 +00:00 · 2013-03-29 17:17:45 +00:00 · b90ec1b1a2
parent f121aa193d
commit b90ec1b1a2
1 changed files with 22 additions and 2 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -1716,8 +1716,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
    }

    sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+
    if (sess_id == NULL) {
-        goto failed;
+
+        /* drop the oldest non-expired session and try once more */
+
+        ngx_ssl_expire_sessions(cache, shpool, 0);
+
+        sess_id = ngx_slab_alloc_locked(shpool, sizeof(ngx_ssl_sess_id_t));
+
+        if (sess_id == NULL) {
+            goto failed;
+        }
    }

 #if (NGX_PTR_SIZE == 8)
@ -1727,8 +1737,18 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
 #else

    id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
+
    if (id == NULL) {
-        goto failed;
+
+        /* drop the oldest non-expired session and try once more */
+
+        ngx_ssl_expire_sessions(cache, shpool, 0);
+
+        id = ngx_slab_alloc_locked(shpool, sess->session_id_length);
+
+        if (id == NULL) {
+            goto failed;
+        }
    }

 #endif