From: Willy Tarreau <w@1wt.eu>
Date: Mon, 22 Nov 2021 16:46:13 +0000 (+0100)
Subject: BUG/MINOR: ssl: make SSL counters atomic
X-Git-Tag: v2.5.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5e7cf9e696cbc7fbe3f01a6109bd6588a6feabd;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: make SSL counters atomic

SSL counters were added with commit d0447a7c3 ("MINOR: ssl: add counters
for ssl sessions") in 2.4, but their updates were not atomic, so it's
likely that under significant loads they are not correct.

This needs to be backported to 2.4.
---

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2df48e0343..e3e3abf627 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -5844,13 +5844,13 @@ reneg_ok:
 		}
 
 		if (counters) {
-			++counters->sess;
-			++counters_px->sess;
+			HA_ATOMIC_INC(&counters->sess);
+			HA_ATOMIC_INC(&counters_px->sess);
 		}
 	}
 	else if (counters) {
-		++counters->reused_sess;
-		++counters_px->reused_sess;
+		HA_ATOMIC_INC(&counters->reused_sess);
+		HA_ATOMIC_INC(&counters_px->reused_sess);
 	}
 
 	/* The connection is now established at both layers, it's time to leave */
@@ -5876,8 +5876,8 @@ reneg_ok:
 	}
 
 	if (counters) {
-		++counters->failed_handshake;
-		++counters_px->failed_handshake;
+		HA_ATOMIC_INC(&counters->failed_handshake);
+		HA_ATOMIC_INC(&counters_px->failed_handshake);
 	}
 
 	/* Fail on all other handshake errors */