From 1868ca9a951c699951cf2ccfd8aa7c61922ae338 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 1 Sep 2025 13:32:24 +0200
Subject: [PATCH] MINOR: conn/muxes/ssl: add ASSUME_NONNULL() prior to
 _srv_add_idle

When manipulating idle backend connections for input/output processing,
special care is taken to ensure the connection cannot be accessed by
another thread, for example via a takeover. When processing is over,
connection is reinserted in its original list.

A connection can either be attached to a session (private ones) or a
server idle tree. In the latter case, <srv> is guaranteed to be non null
prior to _srv_add_idle() thanks to CO_FL_LIST_MASK comparison with conn
flags. This patch adds an ASSUME_NONNULL() to better reflect this.

This should fix coverity reports from github issue #3095.
---
 src/connection.c | 1 +
 src/mux_fcgi.c   | 1 +
 src/mux_h1.c     | 1 +
 src/mux_h2.c     | 1 +
 src/mux_spop.c   | 1 +
 src/ssl_sock.c   | 1 +
 6 files changed, 6 insertions(+)

diff --git a/src/connection.c b/src/connection.c
index 4f0b5c342..e3e5040ba 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -234,6 +234,7 @@ int conn_notify_mux(struct connection *conn, int old_flags, int forced_wake)
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);
 				HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c
index 83a2a1446..caac5450d 100644
--- a/src/mux_fcgi.c
+++ b/src/mux_fcgi.c
@@ -3106,6 +3106,7 @@ struct task *fcgi_io_cb(struct task *t, void *ctx, unsigned int state)
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);
 				HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
diff --git a/src/mux_h1.c b/src/mux_h1.c
index 457ae45f8..86de1149c 100644
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4351,6 +4351,7 @@ struct task *h1_io_cb(struct task *t, void *ctx, unsigned int state)
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);
 				HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
diff --git a/src/mux_h2.c b/src/mux_h2.c
index 876b19964..fe68a4cdf 100644
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -5010,6 +5010,7 @@ struct task *h2_io_cb(struct task *t, void *ctx, unsigned int state)
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);
 				HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
diff --git a/src/mux_spop.c b/src/mux_spop.c
index 8fc2faeb2..b1cb2676c 100644
--- a/src/mux_spop.c
+++ b/src/mux_spop.c
@@ -2602,6 +2602,7 @@ static struct task *spop_io_cb(struct task *t, void *ctx, unsigned int state)
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);
 				HA_SPIN_UNLOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index c1dd67c53..5e7865e52 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6505,6 +6505,7 @@ leave:
 				}
 			}
 			else {
+				ASSUME_NONNULL(srv); /* srv is guaranteed by CO_FL_LIST_MASK */
 				TRACE_DEVEL("adding conn back to idle list", SSL_EV_CONN_IO_CB, conn);
 				HA_SPIN_LOCK(IDLE_CONNS_LOCK, &idle_conns[tid].idle_conns_lock);
 				_srv_add_idle(srv, conn, conn_in_list == CO_FL_SAFE_LIST);