From 0b13e9407173c340d0b8d63c73ff07fdde5e889c Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Tue, 25 Oct 2022 11:38:21 +0200 Subject: [PATCH] BUG/MINOR: quic: fix race condition on datagram purging Each datagram is received by a random thread and dispatch to its destination thread linked to the connection. Then, the datagram is handled by the connection thread. Once this is done, datagram buffer pointer is atomically set to NULL to mark it as consumed. Consumed datagrams are purged before recvfrom() invocation on random receiver threads. The check for NULL buffer must thus be done atomically. This was not the case before this patch, which may have triggered race conditions. This bug has been introduced by commit 91b2305ad79bb7086840797b6e98bd791992444f MINOR: quic: implement datagram cleanup for quic_receiver_buf This should be backported up to 2.6 after previously mentionned commit. --- src/quic_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/quic_sock.c b/src/quic_sock.c index 03cb96377..52632fee0 100644 --- a/src/quic_sock.c +++ b/src/quic_sock.c @@ -223,7 +223,7 @@ static struct quic_dgram *quic_rxbuf_purge_dgrams(struct quic_receiver_buf *buf) cur = LIST_ELEM(buf->dgram_list.n, struct quic_dgram *, recv_list); /* Loop until a not yet consumed datagram is found. */ - if (cur->buf) + if (HA_ATOMIC_LOAD(&cur->buf)) break; /* Clear buffer of current unused datagram. */