1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: quic: fix race-condition on trace for CID retrieval

Browse Source 
quic_rx_pkt_retrieve_conn() is used when parsing a received datagram
from the listener socket. It returned the quic_conn instance
corresponding to the first packet DCID, unless it is mapped to another
thread.

As expected, global CID tree access is protected by a lock in the
function. However, there is a race condition due to the final trace
where qc instance is dereferenced outside of the lock. Fix this by
adding a new trace under lock protection and remove qc deferencement at
function end.

This may fix first crash of github issue #2607.

This must be backported up to 2.8.
This commit is contained in:
Amaury Denoyelle 2024-06-27 18:52:23 +02:00
parent 05f59a51ac
commit bbb9f8248e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/quic_cid.c
View File

@ -257,10 +257,11 @@ struct quic_conn *retrieve_qc_conn_from_cid(struct quic_rx_packet *pkt,
goto end; goto end;
} }
qc = conn_id->qc; qc = conn_id->qc;
TRACE_DEVEL("found connection", QUIC_EV_CONN_RXPKT, qc);
end: end:
HA_RWLOCK_RDUNLOCK(QC_CID_LOCK, &tree->lock); HA_RWLOCK_RDUNLOCK(QC_CID_LOCK, &tree->lock);
TRACE_LEAVE(QUIC_EV_CONN_RXPKT, qc); TRACE_LEAVE(QUIC_EV_CONN_RXPKT);
return qc; return qc;
} }