From b80b20c6ff50bb8eec9b0fc9394f3fa4a22a7da0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Wed, 12 Jan 2022 17:46:56 +0100 Subject: [PATCH] MINOR: quic: Do not wakeup the I/O handler before the mux is started If we wakeup the I/O handler before the mux is started, it is possible it has enough time to parse the ClientHello TLS message and update the mux transport parameters, leading to a crash. So, we initialize ->qcc quic_conn struct member at the very last time, when the mux if fully initialized. The condition to wakeup the I/O handler from lstnr_rcv_pkt() is: xprt context and mux both initialized. Note that if the xprt context is initialized, it implies its tasklet is initialized. So, we do not check anymore this latter condition. --- src/mux_quic.c | 2 +- src/xprt_quic.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index 9326dc819..2156730cf 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -395,7 +395,6 @@ static int qc_init(struct connection *conn, struct proxy *prx, qcc->conn = conn; conn->ctx = qcc; - conn->qc->qcc = qcc; qcc->app_ops = NULL; @@ -441,6 +440,7 @@ static int qc_init(struct connection *conn, struct proxy *prx, qcc->wait_event.tasklet->process = qc_io_cb; qcc->wait_event.tasklet->context = qcc; + HA_ATOMIC_STORE(&conn->qc->qcc, qcc); /* init read cycle */ tasklet_wakeup(qcc->wait_event.tasklet); diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 4d0f75246..094bb64c9 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -4456,7 +4456,7 @@ static ssize_t qc_lstnr_pkt_rcv(unsigned char *buf, const unsigned char *end, * initialized. */ conn_ctx = HA_ATOMIC_LOAD(&qc->xprt_ctx); - if (conn_ctx && conn_ctx->wait_event.tasklet) + if (conn_ctx && HA_ATOMIC_LOAD(&qc->qcc)) tasklet_wakeup(conn_ctx->wait_event.tasklet); TRACE_LEAVE(QUIC_EV_CONN_LPKT, qc ? qc : NULL, pkt);