http1: Missing workspace release

Working on the workspace sanitizer (ancestor of the workspace emulator)
final rollbacks were needed to unwind allocations. There was however a
branch where error handling was missing a workspace release, and it was
fine before the introduction of the final rollbacks.

To avoid turning the workspace emulator into a DoS vector the rollbacks
are now only enforced for emulator builds. The specific "insufficient
workspace" log is amended to ensure future changes to the session
workspace footprint don't accidentally remove test coverage for that
branch. The same could be done for other "insufficient workspace" logs
in the PROXY protocol parsing.

Refs 0632b846 (req: Prevent early rollback)
Refs ce71896a (sess: Plug conceptual leak)
Refs 246b1eb1 (busyobj: Plug conceptual leak)
Refs 5b4f0f1a (htc: Defer workspace rollbacks for request tasks)
Refs #3644

Spotted by Alf's single process fuzzing setup that we should eventually
revisit.

Refs #3152

bin/varnishd/cache/cache_busyobj.c

@@ -181,7 +181,9 @@ VBO_ReleaseBusyObj(struct worker *wrk, struct busyobj **pbo)
 	}
 
 	VCL_Rel(&bo->vcl);
+#ifdef ENABLE_WORKSPACE_EMULATOR
 	WS_Rollback(bo->ws, 0);
+#endif
 
 	memset(&bo->retries, 0,
 	    sizeof *bo - offsetof(struct busyobj, retries));

bin/varnishd/cache/cache_req.c

@@ -172,7 +172,9 @@ Req_Release(struct req *req)
 	AZ(req->vcl);
 	if (req->vsl->wid)
 		VSL_End(req->vsl);
+#ifdef ENABLE_WORKSPACE_EMULATOR
 	WS_Rollback(req->ws, 0);
+#endif
 	TAKE_OBJ_NOTNULL(sp, &req->sp, SESS_MAGIC);
 	pp = sp->pool;
 	CHECK_OBJ_NOTNULL(pp, POOL_MAGIC);

bin/varnishd/cache/cache_session.c

@@ -646,7 +646,9 @@ SES_Rel(struct sess *sp)
 	if (i)
 		return;
 	Lck_Delete(&sp->mtx);
+#ifdef ENABLE_WORKSPACE_EMULATOR
 	WS_Rollback(sp->ws, 0);
+#endif
 	MPL_Free(sp->pool->mpl_sess, sp);
 }
 

bin/varnishd/http1/cache_http1_fsm.c

@@ -119,7 +119,9 @@ http1_new_session(struct worker *wrk, void *arg)
 		/* Out of session workspace. Free the req, close the sess,
 		 * and do not set a new task func, which will exit the
 		 * worker thread. */
-		VSL(SLT_Error, req->sp->vxid, "insufficient workspace");
+		VSL(SLT_Error, req->sp->vxid,
+		    "insufficient workspace (proto_priv)");
+		WS_Release(req->ws, 0);
 		Req_Release(req);
 		SES_Delete(sp, SC_RX_JUNK, NAN);
 		return;

bin/varnishtest/tests/o00006.vtc

+varnishtest "SES_Reserve_proto_priv() overflow"
+
+feature ipv4
+
+server s1 {
+	rxreq
+	txresp
+} -start
+
+varnish v1 -arg "-p pool_sess=0,0,0" -proto "PROXY" -vcl+backend {} -start
+
+logexpect l1 -v v1 -g raw {
+	expect 0 1000	Begin		"sess 0 PROXY"
+	expect 0 =	SessOpen
+	expect 0 =	Proxy		"2 217.70.181.33 60822 95.142.168.34 443"
+	expect 0 =	Error		{\Qinsufficient workspace (proto_priv)\E}
+	expect 0 =	SessClose	"RX_JUNK"
+} -start
+
+varnish v1 -cliok "param.set workspace_session 480"
+
+client c1 {
+	# PROXY2 with CRC32C TLV
+	sendhex {
+		0d 0a 0d 0a 00 0d 0a 51 55 49 54 0a
+		21 11 00 65
+		d9 46 b5 21
+		5f 8e a8 22
+		ed 96
+		01 bb
+		03 00 04  95 03 ee 75
+		01 00 02  68 32
+		02 00 0a  68 6f 63 64 65 74 2e 6e 65 74
+		20 00 3d
+		01 00 00 00 00
+		21 00 07  54 4c 53 76 31 2e 33
+		25 00 05  45 43 32 35 36
+		24 00 0a  52 53 41 2d 53 48 41 32 35 36
+		23 00 16  41 45 41 44 2d 41 45 53 31 32 38
+			  2d 47 43 4d 2d 53 48 41 32 35 36
+	}
+	txreq
+	expect_close
+} -run
+
+logexpect l1 -wait