BUG/MINOR: quic: fix race-condition on trace for CID retrieval
quic_rx_pkt_retrieve_conn() is used when parsing a received datagram
from the listener socket. It returned the quic_conn instance
corresponding to the first packet DCID, unless it is mapped to another
thread.
As expected, global CID tree access is protected by a lock in the
function. However, there is a race condition due to the final trace
where qc instance is dereferenced outside of the lock. Fix this by
adding a new trace under lock protection and remove qc deferencement at
function end.
This may fix first crash of github issue #2607.
This must be backported up to 2.8.
(cherry picked from commit bbb9f8248e29e89c288ad55a0fb7c71280a335a0)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 9e913167aee92d33272b3d1d25210447f50233b5)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 5fdc0f24af59844d9ba87165f9c971755d1dc3d2)
[cf: applied in quic_conn.c]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/quic_conn.c b/src/quic_conn.c
index 5c748a4..6e74683 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -6889,10 +6889,11 @@
goto end;
}
qc = conn_id->qc;
+ TRACE_DEVEL("found connection", QUIC_EV_CONN_RXPKT, qc);
end:
HA_RWLOCK_RDUNLOCK(QC_CID_LOCK, &tree->lock);
- TRACE_LEAVE(QUIC_EV_CONN_RXPKT, qc);
+ TRACE_LEAVE(QUIC_EV_CONN_RXPKT);
return qc;
}