Fix server assert on ACL LOAD and resetchannels#3182
Conversation
Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com>
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## unstable #3182 +/- ##
============================================
+ Coverage 74.92% 74.94% +0.01%
============================================
Files 129 129
Lines 71329 71333 +4
============================================
+ Hits 53441 53457 +16
+ Misses 17888 17876 -12
🚀 New features to boost your workflow:
|
|
Hi @madolson, can you PTAL at small fix for freeing deleted ACL users from ACL LOAD? |
Nikhil-Manglore
left a comment
There was a problem hiding this comment.
Thanks for the quick fix
madolson
left a comment
There was a problem hiding this comment.
There is another crash pathway we should fix. More generally, I wonder if we should do something in the freeClient function to just not free the client if we're currently in a a command?
@madolson You mean like this? void freeClient(c) {
if (c == current_client) {
c->flag.close_after_command = 1;
return;
}
...
} |
Effectively yeah. I was tracing through the |
|
I don't think we can do this: void freeClient(c) {
if (c == current_client) {
c->flag.close_after_command = 1;
return;
}
...
}Because:
Maybe we can do this but IDK if this will break something else: if (c == server.current_client && c->flag.executing_command) {
c->flag.close_after_command = 1;
return;
} |
Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com>
These won't be in the context of a command, so server.current_client won't be set. I don't know, I was just hoping there was some better solution :/ |
madolson
left a comment
There was a problem hiding this comment.
Two small suggestions, otherwise it looks good functionality wise.
Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves #3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves #3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves #3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Roshan Khatri <rvkhatri@amazon.com>
If the client executing `ACL LOAD` is a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions. This causes `c->conn` pointer to become `null` and later `serverAssert(c->conn)` fails for that client on write in `prepareClientToWrite()`. Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async. Resolves valkey-io#3181 --------- Signed-off-by: Daniil Kashapov <daniil.kashapov.ykt@gmail.com> Co-authored-by: Madelyn Olson <madelyneolson@gmail.com> Signed-off-by: Harkrishn Patro <bunty.hari@gmail.com>
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker.io/valkey/valkey](https://github.com/valkey-io/valkey) | image | patch | `9.0.1` → `9.0.4` | --- ### Release Notes <details> <summary>valkey-io/valkey (docker.io/valkey/valkey)</summary> ### [`v9.0.4`](https://github.com/valkey-io/valkey/releases/tag/9.0.4) [Compare Source](valkey-io/valkey@9.0.3...9.0.4) Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. ##### Security fixes - (CVE-2026-23479) Use-After-Free in unblock client flow - (CVE-2026-25243) Invalid Memory Access in RESTORE command - (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution ### [`v9.0.3`](https://github.com/valkey-io/valkey/releases/tag/9.0.3) [Compare Source](valkey-io/valkey@9.0.2...9.0.3) ##### Valkey 9.0.3 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. ##### Security fixes - (CVE-2025-67733) RESP Protocol Injection via Lua error\_reply - (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message - (CVE-2026-27623) Reset request type after handling empty requests ##### Bug fixes - Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand ([#​3160](valkey-io/valkey#3160)) - Fix server assert on ACL LOAD when current user loses permission to channels ([#​3182](valkey-io/valkey#3182)) - Fix bug causing no response flush sometimes when IO threads are busy ([#​3205](valkey-io/valkey#3205)) ### [`v9.0.2`](https://github.com/valkey-io/valkey/releases/tag/9.0.2) [Compare Source](valkey-io/valkey@9.0.1...9.0.2) Upgrade urgency HIGH: There are critical bugs that may affect a subset of users. #### Bug fixes - Avoid memory leak of new argv when HEXPIRE commands target only non-exiting fields ([#​2973](valkey-io/valkey#2973)) - Fix HINCRBY and HINCRBYFLOAT to update volatile key tracking ([#​2974](valkey-io/valkey#2974)) - Avoid empty hash object when HSETEX added no fields ([#​2998](valkey-io/valkey#2998)) - Fix case-sensitive check for the FNX and FXX arguments in HSETEX ([#​3000](valkey-io/valkey#3000)) - Prevent assertion in active expiration job after a hash with volatile fields is overwritten ([#​3003](valkey-io/valkey#3003), [#​3007](valkey-io/valkey#3007)) - Fix HRANDFIELD to return null response when no field could be found ([#​3022](valkey-io/valkey#3022)) - Fix HEXPIRE to not delete items when validation rules fail and expiration is in the past ([#​3023](valkey-io/valkey#3023), [#​3048](valkey-io/valkey#3048)) - Fix how hash is handling overriding of expired fields overwrite ([#​3060](valkey-io/valkey#3060)) - HSETEX - Always issue keyspace notifications after validation ([#​3001](valkey-io/valkey#3001)) - Make zero a valid TTL for hash fields during import mode and data loading ([#​3006](valkey-io/valkey#3006)) - Trigger prepareCommand on argc change in module command filters ([#​2945](valkey-io/valkey#2945)) - Restrict TTL from being negative and avoid crash in import-mode ([#​2944](valkey-io/valkey#2944)) - Fix chained replica crash when doing dual channel replication ([#​2983](valkey-io/valkey#2983)) - Skip slot cache optimization for AOF client to prevent key duplication and data corruption ([#​3004](valkey-io/valkey#3004)) - Fix used\_memory\_dataset underflow due to miscalculated used\_memory\_overhead ([#​3005](valkey-io/valkey#3005)) - Avoid duplicate calculations of network-bytes-out in slot stats with copy-avoidance ([#​3046](valkey-io/valkey#3046)) - Fix XREAD returning error on empty stream with + ID ([#​2742](valkey-io/valkey#2742)) #### Performance/Efficiency Improvements - Track reply bytes in I/O threads if commandlog-reply-larger-than is -1 ([#​3086](valkey-io/valkey#3086), [#​3126](valkey-io/valkey#3126)). This makes it possible to mitigate a performance regression in 9.0.1 caused by the bug fix [#​2652](valkey-io/valkey#2652). **Full Changelog**: <valkey-io/valkey@9.0.1...9.0.2> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "before 6am" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjkuNCIsInVwZGF0ZWRJblZlciI6IjQzLjE2OS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->
if the client executing
ACL LOADis a user that is removed from ACL file, it frees itself while still executing the command. Same happens for user while removing it's channel permissions.This causes
c->connpointer to becomenulland laterserverAssert(c->conn)fails for that client on write inprepareClientToWrite().Solution is to flag current client to be closed after command completes and reply is written, later this client is freed async.
Bug is present in 8.0, 8.1, 9.0.
Resolves #3181