From 09ec3e09bd6bf6ab83199ef3ddc7e20b69d99f02 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 27 Jul 2022 11:39:01 +0200 Subject: [PATCH] BUG/MINOR: mux-quic: do not free conn if attached streams Ensure via qcc_is_dead() that a connection is not released instance until all of qcs streams are detached by the upper layer, even if an error has been reported or the timeout has fired. On the other side, as qc_detach() always check the connection status, this should ensure that we do not keep a connection if not necessary. Without this patch, a qcc instance may be freed with some of its qcs streams not detached. This is an incorrect behavior and will lead to a BUG_ON fault. Note however that no occurence of this bug has been produced currently. This patch is mainly a safety against future occurences. This should be backported up to 2.6. --- src/mux_quic.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index 65d62a4aa8..3ab5333989 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -1001,7 +1001,12 @@ static void qcs_destroy(struct qcs *qcs) static inline int qcc_is_dead(const struct qcc *qcc) { - if ((qcc->conn->flags & CO_FL_ERROR) || !qcc->task) + /* Mux connection is considered dead if : + * - all stream-desc are detached AND + * = connection is on error OR + * = mux timeout has already fired or is unset + */ + if (!qcc->nb_sc && ((qcc->conn->flags & CO_FL_ERROR) || !qcc->task)) return 1; return 0;