Coverity reports a data race where rconn_get_max_backoff() accesses
max_backoff without holding rc->mutex, while rconn_set_max_backoff()
writes to max_backoff with the mutex held (as is done 1 out of 1 times
when writing).
The race occurs when the getter reads max_backoff without synchronization.
If another thread concurrently modifies max_backoff through
rconn_set_max_backoff(), the getter could read a torn or stale value.
Fixes: d8c0e581f94f ("rconn: Make thread-safe.")
Signed-off-by: Eelco Chaudron <[email protected]>
---
lib/rconn.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lib/rconn.c b/lib/rconn.c
index 3815cfed5..60fb8a664 100644
--- a/lib/rconn.c
+++ b/lib/rconn.c
@@ -304,7 +304,13 @@ rconn_get_max_backoff(const struct rconn *rc)
{
/* rc->max_backoff is 1000 times some 'int', so dividing by 1000 will yield
* a value in the range of 'int', therefore this is safe. */
- return rc->max_backoff / 1000;
+ int max_backoff;
+
+ ovs_mutex_lock(&rc->mutex);
+ max_backoff = rc->max_backoff / 1000;
+ ovs_mutex_unlock(&rc->mutex);
+
+ return max_backoff;
}
void
--
2.52.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
