From: Willy Tarreau <w@1wt.eu>
Date: Tue, 15 Jun 2021 14:39:22 +0000 (+0200)
Subject: BUG/MINOR: ssl: use atomic ops to update global shctx stats
X-Git-Tag: v2.5-dev1~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4c19e996218f6c205c1716a0b4718f9bced7f893;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: use atomic ops to update global shctx stats

The global shctx lookups and misses was updated without using atomic
ops, so the stats available in "show info" are very likely off by a few
units over time. This should be backported as far as 1.8. Versions
without _HA_ATOMIC_INC() can use HA_ATOMIC_ADD(,1).
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fcb089b92d..68391326d7 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4061,7 +4061,7 @@ SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *k
 	SSL_SESSION *sess;
 	struct shared_block *first;
 
-	global.shctx_lookups++;
+	_HA_ATOMIC_INC(&global.shctx_lookups);
 
 	/* allow the session to be freed automatically by openssl */
 	*do_copy = 0;
@@ -4081,7 +4081,7 @@ SSL_SESSION *sh_ssl_sess_get_cb(SSL *ssl, __OPENSSL_110_CONST__ unsigned char *k
 	if (!sh_ssl_sess) {
 		/* no session found: unlock cache and exit */
 		shctx_unlock(ssl_shctx);
-		global.shctx_misses++;
+		_HA_ATOMIC_INC(&global.shctx_misses);
 		return NULL;
 	}