CloudWeGo-SA-2022-1

Netpoll Panic

Overview

Fixed Panic when “peer Close & local user Close” occurs simultaneously

Severity Level

Middle

Description

Fixed concurrency issues in extreme scenarios.

Scenario: “peer Close & local user Close” occurs at the same time, and C.onClose executes lock(user), and Poller also executes p.detaches (all three conditions are met)

When two goroutines execute op.Control(PollDetach) at the same time, op.unused will be executed twice.

When the program is idle, it is possible that c.onclose has completed the close callback, freeop has been reused, and the state becomes inuse again. That’s when the op.unused in p.detaches is executed; This will incorrectly set the operator of a new connection to 0, causing all subsequent op.do to fail in an infinite loop.

Solution

Poller no longer executes detach asynchronously to ensure that it does not run concurrently with C.onclose and the changes are performance-neutral.

Affected Components

netpoll-v0.2.2

kitex-v0.3.0

CVE

None

References


Last modified July 30, 2023 : fix type error (#735) (50c91bf)