From 7d807c93f4a1f366be7cb701b7f509c1e1665c5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Mon, 6 Dec 2021 08:56:38 +0100 Subject: [PATCH] MINOR: quic: QUIC encryption level RX packets race issue The tree containing RX packets must be protected from concurrent accesses. --- include/haproxy/xprt_quic.h | 12 ++++++++++++ src/xprt_quic.c | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/include/haproxy/xprt_quic.h b/include/haproxy/xprt_quic.h index 2a361ec7e..4b619a658 100644 --- a/include/haproxy/xprt_quic.h +++ b/include/haproxy/xprt_quic.h @@ -1038,6 +1038,18 @@ static inline int qc_pkt_long(const struct quic_rx_packet *pkt) return pkt->type != QUIC_PACKET_TYPE_SHORT; } +/* Return 1 if there is RX packets for QUIC encryption level, 0 if not */ +static inline int qc_el_rx_pkts(struct quic_enc_level *qel) +{ + int ret; + + HA_RWLOCK_RDLOCK(QUIC_LOCK, &qel->rx.pkts_rwlock); + ret = !eb_is_empty(&qel->rx.pkts); + HA_RWLOCK_RDUNLOCK(QUIC_LOCK, &qel->rx.pkts_rwlock); + + return ret; +} + /* Release the memory for the RX packets which are no more referenced * and consume their payloads which have been copied to the RX buffer * for the connection. diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 20e3e4efe..d50df308b 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -3133,7 +3133,7 @@ struct task *quic_conn_io_cb(struct task *t, void *context, unsigned int state) */ if (next_qel && next_qel != qel && (next_qel->tls_ctx.rx.flags & QUIC_FL_TLS_SECRETS_SET) && - (!MT_LIST_ISEMPTY(&next_qel->rx.pqpkts) || !eb_is_empty(&next_qel->rx.pkts))) { + (!MT_LIST_ISEMPTY(&next_qel->rx.pqpkts) || qc_el_rx_pkts(next_qel))) { qel = next_qel; next_qel = NULL; goto next_level;