diff options
| author | Brad Fitzpatrick <bradfitz@tailscale.com> | 2026-04-13 20:31:35 +0000 |
|---|---|---|
| committer | Brad Fitzpatrick <brad@danga.com> | 2026-04-13 15:24:35 -0700 |
| commit | 50b8cfbde2fc548a6c5b33b3c7021997ca14a0d9 (patch) | |
| tree | 97c3fd3dbef9f1a96c60fc56de3a0ff0728eed2a /control/controlhttp/controlhttpserver/controlhttpserver.go | |
| parent | 6500d3c3f82b706c9164fb053ab1b22e913f7f13 (diff) | |
| download | tailscale-50b8cfbde2fc548a6c5b33b3c7021997ca14a0d9.tar.xz tailscale-50b8cfbde2fc548a6c5b33b3c7021997ca14a0d9.zip | |
wgengine/netstack: fix data race on in-flight connection test globals
The maxInFlightConnectionAttemptsForTest and
maxInFlightConnectionAttemptsPerClientForTest globals were plain ints
read by background gVisor TCP handler goroutines (via
wrapTCPProtocolHandler) and written by tstest.Replace cleanup in
TestTCPForwardLimits_PerClient. When a gVisor goroutine outlived the
test cleanup window, the race detector caught the unsynchronized
access.
The race-prone code was introduced in c5abbcd4b4d8 (2024-02-26,
"wgengine/netstack: add a per-client limit for in-flight TCP
forwards") which added both the plain int globals and the
TestTCPForwardLimits_PerClient test that writes them via
tstest.Replace. It is not obvious why this has only recently started
being detected as a data race; likely some combination of gVisor
version bumps, Go toolchain scheduler changes, and additional
TCP-injecting subtests (e.g. 03461ea7f, 2026-01-30) increased
goroutine churn enough to hit the window.
Change both globals to atomic.Int32 and replace tstest.Replace (which
does non-atomic *target = old on cleanup) with explicit Store/Cleanup
pairs.
Fixes #19118
Change-Id: Id26ba6fbfb2e4ade319976db80af8e16c7c8778e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Diffstat (limited to 'control/controlhttp/controlhttpserver/controlhttpserver.go')
0 files changed, 0 insertions, 0 deletions
